Category: Security

  • CISSP endorsement CURL / Postman request

    Instead of logging in to the (ISC)2 endorsement portal or trying to navigate through the horrible website menus, you can just load up a Postman/Curl request curl -d ‘{“FirstName”:”YOUR-FIRST-NAME”,”LastName”:”YOUR-LAST-NAME”,”MemberNumber”:”YOUR-MEMBER-NUMBER”}’ -H “Content-Type: application/json” -X POSThttps://www.isc2.org/api/MemberVerification/MemberVerification If you’re using postman or similar you can populate with the following: Method POST URL https://www.isc2.org/api/MemberVerification/MemberVerification HTTP Headers: Content-Type: application/json Body/Data: {“FirstName”:”YOUR-FIRST-NAME”,”LastName”:”YOUR-LAST-NAME”,”MemberNumber”:”YOUR-MEMBER-NUMBER”}

  • Passing the (ISC)2 CISSP Exam

    Preparation: I don’t study well. I prefer to measure my current understanding then fill in the gaps; which I wasn’t able to really do until the past week or so; I got a good grasp when attending a training course that I understood most of the content fairly well, especially in the technical sections. Booked…

  • #LinkedInMusings: Infrastructure as code

    If you’re building “secure” cloud solutions, you MUST be deploying infrastructure as code (Azure ARM / AWS CloudFormation / Terraform). If you’re not, why not? What are your organisation’s barriers to making it happen? # This was a LinkedIn musing I thought was worth capturing.

  • IIS, PHP, and LDAPS with Active Directory.

    Why you’d ever want to do this is probably a discussion best left to the political arena. But for the purpose of that thing I call my “day job”, I was required to do just this. External website, authenticates against Active Directory using LDAPS. Website is coded in PHP, and runs on IIS on Windows…

  • WPAD & Proxy Timeout Issue

    If you’ve been following, I’ve recently been playing with Forefront Threat Management Gateway 2010, the “new” ISA Server. Now, for all intensive purposes, everything is configured correctly. There’s a virtual IP for the proxy array (let’s say, 192.168.0.10), and the WPAD file is published, and contains the IP addresses of both proxies (let’s say, 192.168.0.11…

  • My iptables “base” ruleset

    I’m not 100% sure if this is correct in a security sense, but thought I’d post this. For my web/database servers, it’s a pretty basic setup really. Drop all inbound packets not specifically allowed, and allow all outbound unless specifically denied. Open for comment / feedback. It’s for all intensive purposes, pretty secure in my…

  • Makeshift Anonymous (aka always encrypted) Browsing

    In light of all the “omg, people can hack into my Facebook/Twitter account now” rubbish that’s been headlining around the world in the last week, I faced a similar situation, in constantly being prompted to allow access through a firewall, which seemed to think my access to brain dump material was actually an attempt to…

  • iPhone Lock Screen Security Flaw

    wired.com posted an article moments ago with a funny little flaw, allowing you to bypass the “lock code” configured on an iPhone. The discovery by some Brazilian dude (read the article here – http://www.wired.com/threatlevel/2010/10/iphone-snoop/), notes the following procedure: 1. Press the emergency call buton 2. Dial ### 3. Push the call button, and immediately hit…

  • Better TCPViewer

    I needed to show all the connections on a virus infected machine a while ago, and being a Microsoft tech, I normally used the Sysinternals TCPViewer tool to do this… However, TCPViewer is a bit limited. I mean, I’m trying to track all the connections on a given port, say, SMTP port 25, but I…

  • Forefront TMG Stuff

    http://www.isascripts.org/ – a bunch of handy scripts by a security consultant named Jason Fossen Microsoft tools for TMG 2010 – http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8809cfda-2ee1-4e67-b993-6f9a20e08607&displaylang=en Technet Doco for TMG 2010 – http://technet.microsoft.com/en-us/library/ff355324.aspx Jim Harrison’s list of tools for TMG2010 – http://www.isatools.org/tools.asp?Context=TMG2010 Microsoft ISA Blog – http://blogs.technet.com/b/isablog/