Installing and Configuring Identity and Access Services

RADIUS (Remote Authentication and Dial-in User Service)- Authentication (MFA) - Authorization (length of time allowed, ACLs, etc.) - Accounting (Start/stop time) UDP Connectionless (Ports 1645/1646, 1812/1813) Designed for subscriber AAA TACACS/+ (Terminal Access Controller Access-Control System) Dev in 1984 for MILNET. Replaced by XTACACS (Extended TACACS)…

Comparing & Contrasting Attack Types

Social EngineeringPhishingSpear PhishingWhalingVishingTailgaitingImpersonationDumpster DivingShoulder SurfingHoaxesWatering Hole AttackPrinciplesAuthority and IntimidationConsensus and Social ProofFamiliarity and LikingTrustScarcity and UrgencyApplication / Service AttacksDDoSReplay AttacksMan in the Middle AttackBuffer Overflow AttackSQL Injection AttackLDAP Injection AttackXML Injection AttackCross Site Scription (XSS) and Cross Site Request Forgery (XSRF)Privilege EscalationARP PoisoningSmurf Attack (Amplification)DNS PoisoningZero DayPass the HashClickjackingSession…

Analyzing Indicators of Compromise & Determining Malware Types

Three main areas of malware:Ads / Spyware / MarketingRemote Access / KeyloggersRemote Attacks / DDoSIndicator of CompromiseArtifacts observed that indicate a computer intrusion (e.g. unusual outbound network traffic, DNS anomalies, anomalies in privileged user account activity, etc.) VirusMalware that requires user interaction to install and replicate. Ex: Stuxnet Crypto-malware / RansomwareMalware that scare/…

Duplicate key violates unique constraint

A few days ago I got this weird error with one of my PostgreSQL databases: duplicate key violates unique constraint.Turns out the DB (or Rails) was trying to write the ids at least 2000 numbers lower than the highest number there, so Rails couldn’t save to it. While…

The word impossible

One of my least favorite words is “impossible”: it simply has no real value and just goes against everything I believe in, those same things that keep me alive and push me out of bed in the morning: discovery of extra-terrestrial life, vacations in space, and the like. Yes, I…

Get Rails 3.1beta1 on Heroku

It’s pretty simple, you only have a couple of things to change. First, in config / environments / production.rb change config.serve_static_assets = false to config.serve_static_assets = trueSecond, in your Gemfile, add gem 'therubyracer-heroku', '0.8.1.pre3' gem 'pg'Now you can do bundle install, commit to…

How to find ideas

Did you ever get hit with what was to become THE idea of the century, or so you thought? How do you weed out the “good” ones from the bad ones? Sometime last month I had such an idea and thought “Why isn’t it out there yet? The founder…

Coding projects

It’s been a while since I posted about my projects, even though I promised to have at least one project per month! However, I’ve been stumped with school work and finding freelance work so my last project doesn’t even count as an “incomplete” since I barely started…