As mentioned in my previous blog New to AWS GuardDuty? I have been working on open sourcing the tool that I wrote for internal use. Now it is public available on my GitHub: AWS GuardDuty Manager Description AWS GuardDuty Manager (GDM) is a tool that allows you to perform some common GuardDuty tasks (start, stop and … Continue reading AWS GuardDuty Manager
If you are new to AWS GuardDuty, FAQ is the best place to start from. I am currently working on a GuardDuty relevant project, and here are some bullets that I quickly summarised. Hope it is useful to you. GuardDuty is AWS managed continuous thread detection service. It detects the threads by analysing the VPC Flow … Continue reading New to AWS GuardDuty?
Do you know how many Amazon issued certificates (ACM) or user uploaded certificates (IAM) in your AWS accounts? How many certificates have been deployed to production in your Akamai contracts? Not sure about you, but I don't know the answer. So I wrote a tool called CertStuff to get all those information (common name, SAN, … Continue reading CertStuff
I guess you have heard the name of Meltdown and Spectre already. If not, check out this site https://meltdownattack.com/. Definitely, it is not a good start of a New Year. All Cloud providers are busy with patching the kernel of their underlying systems. AWS Elastic cache (Redis) is one of them. Due to its single threaded nature, … Continue reading Redis CPU Usage Ramps Up after Kernel Patching
Domain Validation (DV): This is a lower level of validation. The CA validates that you have control of the domain. A DV certificate expires in 90 days. Organization Validation (OV): A higher level of validation. The CA validates whether or not the company is valid, if it is registered, and if the business contact legitimately … Continue reading Three types of CA Validation Certificate
A nice diagram that I found on Okta illustrates the workflow of both SP-initiated and IDP-initialed SSO. Reference: https://developer.okta.com/standards/SAML/index http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
If you see similar errors as below when using openssl to test a https site, it is most likely caused by the SNI that is configured in the reverse proxy or server, like Nginx. openssl s_client -connect bla.bla.com:443 CONNECTED(00000003) 51089:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618: To make it work, you need to specify the hostname in the command, … Continue reading Openssl error: SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol