Header Image -

Category Archives

20 Articles

Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

by Jamey 0 Comments
Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

With the new wave of ransomware attacks we have seen at the beginning of this week, especially targeted toward Spain, we can see that mostly Windows attack vectors are mostly being utilized, in what appears to be a variant of the Bitpaymer family, related to the Dridex group of malware.

But what does the future hold for attacks such as these? When will we see the attack vector change drastically to target something that your company is most-likely unprepared for? We are seeing bad actors targeting low-hanging fruit on Windows, while the world of end-users are going mobile. If iOS development is part of your enterprise, then whether you like it or not, MacOS literally has to be an integral part of your infrastructure…because XCode. Is it possible that this is something that has gone unnoticed in the threat detection landscape, or is the perception of the threat level just perceived to be so low that we haven’t yet come up with a good way to protect against it?

21 views

This Cruel Design by Emily Suvada

by Jamey 1 Comment
This Cruel Design by Emily Suvada

I promised a follow-up review to This Mortal Coil for the sequel, This Cruel Design by Emily Suvada. I also promised to follow up on the technological themes posed by this series, and how in the very near future, we could easily see this work of fiction merge more into an account of fictional events based on non-fiction technology. Personally, I think this series to be slightly ahead of its time [in a good way], as to show readers what kind of scenarios could play out in our future. For readers who are not tech-savvy, this would probably be a 3-star read. For me, knowing about the underlying technology and just how realistic this book is, boosts that up to a 5-star read. Emily Suvada knocked it out of the park with this one, which was equally as good (if not better) than This Mortal Coil.

6 views

HSTS – The Missing Summary

by Jamey 0 Comments
HSTS – The Missing Summary

HSTS (HTTP Strict Transport Security) is a feature supported by all major browsers, and it’s a method for websites to declare that they should ONLY be accessed securely over HTTPS and never over an unencrypted HTTP connection. If a site has an HSTS policy, browsers will refuse all insecure connections to that site AND prevent users from accepting insecure SSL certificates. This, however, can come with certain risks to availability if not implemented correctly, as you will read later…

16 views

HTTP/2 – The Missing Summary

by Jamey 0 Comments
HTTP/2 – The Missing Summary

We know our browsers support it, and we know AWS, Akamai, and other big players support it within their infrastructure already…but do your applications and/or on-prem infrastructure have what it takes to leverage the awesomeness that is HTTP/2?

Think about it. We went from HTTP/0.9, to HTTP/1.0, to HTTP/1.1…to a full version upgrade of HTTP/2. That alone should tell you that there are some very interesting features lurking underneath the hood. This is the missing in-depth summary that you have been missing while being overloaded with too much information reading official specs and getting lost in sensory-overload-causing diagrams. Welcome to HTTP/2 – the missing summary.

9 views

How Does DNS Resolution Exactly Work?

by Jamey 0 Comments
How Does DNS Resolution Exactly Work?

This may sound stupid, but at a low level, it’s often something that remains unknown to many in the IT industry — even seasoned professionals.

At the highest level, DNS is the basic protocol that maps hostnames to IP addresses. But there’s a whole lot more going on behind the scenes…

11 views

This Mortal Coil by Emily Suvada

by Jamey 1 Comment
This Mortal Coil by Emily Suvada

There are not many books that really “get” me. I tend to get bored easily by fiction of any type, especially if it is not very realistic. Also, the virus trope got old in the early 2000s. That being said, this book really resonated with me in a strong way, and I officially got “got.”

This Mortal Coil is a book about DNA, the brain, hacking DNA, hacking the brain, and everything in between. Being a Certified Ethical Hacker and Information Security professional, this was right down my alley. It helped that the viruses in this book were both physical and virtual, which allowed me to ignore the played-out trope and focus on how realistic the scenarios in the book actually were, and could possibly foreshadow a very real potential future.

6 views

Nginx HTTP-to-HTTPS AND domain.com-to-WWW Redirect Using AWS ELB for SSL Termination

by Jamey 0 Comments
Nginx HTTP-to-HTTPS AND domain.com-to-WWW Redirect Using AWS ELB for SSL Termination

You are running Nginx as a webserver or reverse proxy, and you are terminating SSL on an Amazon Elastic Loadbalancer.

The loadbalancer is passing HTTP traffic from port 80 to HTTP port 80 on your EC2 instance(s).

The loadbalancer is decrypting HTTPS traffic from port 443 and also passing it on to HTTP port 80 on your EC2 instance(s).

You are looking for the following functionality:

http://domain.com => https://www.domain.com
https://domain.com => https://www.domain.com
http://www.domain.com => https://www.domain.com
https://www.domain.com => https://www.domain.com

4 views

Highly-Available, Scalable WordPress using ECS/Docker & RDS/MariaDB

by Jamey 0 Comments
Highly-Available, Scalable WordPress using ECS/Docker & RDS/MariaDB

The recent Amazon S3 outage showed us just how delicate the state of the web is, especially when you don’t utilize Amazon’s built-in redundancy features. My goal was to create a highly-available and scalable WordPress installation in AWS using Docker. I would have auto-scale Docker clusters in multiple Availability Zones running Nginx, PHP-FPM, and a Redis client. The Docker config and WordPress install would be on EFS volumes that would be
mounted in the Docker containers. I would use an RDS MariaDB for the database backend and Redis-based ElastiCache for serving up the site blazing fast from memory.

14 views

Test Case: Deploying a Hugo App to Heroku

by Jamey 0 Comments
Test Case: Deploying a Hugo App to Heroku

I have recently been hearing about Hugo and how easy it is to manage for blogs and such (it uses/renders Markdown), and ever since I heard about Heroku’s free tier, I’ve been wanting to give it a shot. This article will be documenting how I went about doing both.

5 views