bug bounty

Posted on Fri 31 December 2021 in security

Motivation

Ich investiere gern einen Teil meiner Freizeit in die Suche und das Melden von Schwachstellen. Selbstverständlich erwarte ich hierfür keinerlei Gegenleistung.

Dennoch möchten sich die meisten Betreiber gern erkenntlich zeigen und meine Arbeit unterstützen.

Unterstützung

Wenn Sie meine Arbeit unterstützen möchten können Sie dies auf folgende Weise:

1) Eine Spende für

  • Servermiete / Laborumgebung (ca. 50€/Monat)
  • Software Lizenzen (z.B. Burp Suite: 350€/Jahr)
  • die geplante Schulung und Zertifizierung als Ethical Hacker (ca. 2500€)

PayPal
https://paypal.me/KarBerlin

2) Amazon-Wunschliste

Amazon
https://www.amazon.de/hz/wishlist/ls/16BKUO7S8QAYB

3) Eine Empfehlung

via LinkedIn

4) Karma

oder ganz klassisch mit einem "Danke sehr" oder einem originellen T-Shirt (in Größe L).


big vpn providers are owned by one company

Posted on Mon 29 November 2021 in security • Tagged with vpn, privacy, security

vpn providers

according to a well-investigated article these four vpn providers are now owned by one company alongside with vpn review sites.

make sure to read the original article before choosing a vpn service of trust:

  • ExpressVPN
  • CyberGhost
  • Private Internet Access
  • Zenmate

source

the referred article can be found here


zabbix http/s checks from yaml dict

Posted on Sun 11 April 2021 in devops • Tagged with ansible, zabbix, gitlab, monitoring

motivation

to maintain the principle of configuration-as-code this tools helps to bulk create and update http/s checks from your zabbix server

imagine you need to monitor many different http/s microservice endpoints
you can create them using the zabbix gui, or note them down in a simple yaml dict. this automation uses ansible to utilize the zabbix api to create zabbix http/s checks with graphs and alert trigger

health_checks:
    - check_url:              "https://www.example.com/blog/"
    - check_url:              "https://api.example.com/endpoint/search?query=token"
      check_searchstring:     "Results for: token"
    - check_url:              "https://api.example.com/long/running/api"
      check_timeout:          "10s"
    - check_url:              "https://api.example.com/special/returncode"
      check_returncode:       "200,206"
    - check_url:              "https://static.example.com/images/"

source

the sources, documentation and examples are located here


Run OWASP ZAP scan from Jenkins

Posted on Mon 22 March 2021 in security • Tagged with jenkins, docker, bash, owasp, security, zap, dast

why

scanning your websites periodically for vulnerabilities (like the script kiddies or hackers do) is an essential task in your security strategy this Jenkins pipeline will help you to do this.

source

the sources, documentation and examples are located here


AWS Shared ALB by EC2 instance tag

Posted on Mon 15 February 2021 in devops • Tagged with aws, lambda, python, alb, automation

motivation

in AWS setups, loadbalancers can be are quite cost-intensive.
If you are in a non-production environment, you probably do not need one LB for each (micro-)service.
This lambda function automatically adds ec2 instances to a targetgroup & adds a host-header-based rule to a single shared ALB

source

the sources, documentation and examples are located here