Aws

reCaptcha With Lambda Part 2

In the previous article I covered all the steps and code that was required so that I can add a contact form with a reCaptcha on this very blog. These are the actual implementation steps I took to include them. Don’t worry the hard part has been done in part 1! Create contact form Using the client side HTML code I created the /content/contact.html file ensuring that I included the correct API Gateway URL’s for the post requests and the reCaptcha site key.

Continue reading

reCaptcha With Lambda Part 1

“You need to add reCaptcha to your webforms” - Its advice I’ve given out to security teams each time I see a malicious link or some spam pusher in the resulting email. Its the poor user who cops the brunt of them, increasing the chance of a click, increasing that chance of compromise. Reading through formspam is just a waste of time for everyone. I recall an instance where an internal securiy team miscofigured a tool they were using, set it to run overnight and that mailbox ended up with 35k+ emails in it.

Continue reading

Last Month in Aws

Last month in AWS saw me rack up a bill of US$0.86 and with the terrible US/AUD exchange rate I’m out of pocket a whole AUD$1.30. As im playing around with new technology and integrating various services that AWS provides, I touched a few services this month, and discovered I should probably decommission services I’m not actually using anymore. No surpise to me that I excceded the free tier limits for S3.

Continue reading

Serverless Screenshots

This is a project that I have wanted to get working for some time now, but everytime I tried it, it failed on me. There was always some dependency error or some random obscure error. I’ve used url2png.com in the past to capture screenshots of malicious and unknown websites, and while I have scripts that replicate this functionality via PowerShell, I’m not comfortable running that script on a production machine at work.

Continue reading

Too Much Time Has Passed

OK - so way too much time has passed since ive updated this blog. Way too much time. I guess its easy to become so bogged down with home life, study and work and ive had a bit on my plate of recent. In all this time that has passed sadly I feel like I don’t have much to show for it. On the work front, I’m nearly 6 months into a job i’m really loving, working with great people, awesome tech and a heaps to learn.

Continue reading

Last Month in AWS

Last month in AWS saw me rack up a bill of US$3.52 and while I expected this to be lower compared to last month, it turns out I got a little trigger happy with EC2 and S3. This was primarily due to the Detection Lab infrastructure that I was playing with. EBS stored volumes caused by AMI’s will cause your bill to shoot up quite quickly. I was also still performing some other lab based stuff and introduced SES into my permanent list of services ill be using.

Continue reading

Building Detection Lab in Aws Part II

With the local lab built these are the instructions for getting the Detection Lab into the AWS. How to stand up DetectionLab in AWS - Part II Pre-requisites Part I - Local Install Terraform installation Export VM’s as OVA’s Shutdown each VM and open up the VirtualBox GUI. Select each VM and select “File, Export Appliance”. Select the VM to export Select the output file Enter in any additional product information.

Continue reading

Building Detection Lab in AWS

Recently I was made aware of a GitHub project by Chris Long named “Detection Lab” which allows blue teams to see what a particular piece of malware does in an environment and conversely allows the red team to see what breadcrumbs their software may leave behind. Its a 4 lab server consisting of: Microsoft Windows AD Server Splunk Logging A Windows Event Forwarding Server Client Win10 machine Based off the back of last weeks CyberGym training and the fact that there are TerraForm templates for this setup, I decided to give this a shot.

Continue reading

Setting Up Email via SES and Gmail

Email for the blog? well that was the next thing I was wanting to tick off the list. Not only for the blog (I’m 99.99% certain I wont ever get an email), but I’ve always wanted to just pass out throw away email addresses for when I attend conferences - just to see who’s giving my email address around. Luckily AWS have a solution called Simple Email Service (SES) which is designed for just this use case.

Continue reading

Last Month in AWS

Last month in AWS saw me rack up a bill of $3.40 and I expect this to be much lower next month now that I have abandoned Lightsail. The cost breakdown was as follows: As you can see, I did hit a wide range of services for the month and most of the stuff I played with had a free tier limit applied. Its great for spinning up a lab or three and the cost really was minimal.

Continue reading

Acloudguru Serverless for Beginners

So the “Serverless for Beginners” is another lab based course brought to you by the folks at A Cloud Guru. Its course details how to build a video transcribing service with a web front end using multiple cloud technologies using node.js. It’s quite a cool little application, I’m not sure I have a real world use for such an application, but any “lab” that gets me to build with multiple technologies isn’t a bad thing when I’m studying for the exams.

Continue reading

edX AWS Developer: Building on AWS

So in my AWS studies I came across a course from edX titled “AWS Developer: Building on AWS”. This is an awesome course that gives you hands on experience with multiple services in AWS. Its structured in such a way where each week will only take a few hours to complete and there are 6 weeks of courses. If I recall as long as you are not “overly testing” your solution (which would have to be significant) you are unlikely to go over the free tier on AWS.

Continue reading