Log4j Scanning and Detection

Lately, everyone has been talking about Log4Shell (CVE-2021-44228) and likely, if you’re reading this, you’re looking for info for what to do. Most people attempted to utilize Huntress’s Log4Shell tool (https://log4shell.huntress.com/) to show connections to a LDAP server they were hosting. Some people had issues with this as it was overburdened with requests (rightfully so) or didn’t want to, or aren’t allowed to send outbound traffic to a server they didn’t own. Continue reading

ADFS & CVE-2020-17049

Microsoft recently performed a patch for Kerberos and the KDC service on domain controllers. This would patch a heavy vulnerability in the Kerberos signing structure. However, this presented a problem with our domain joined Qumulo storage appliance, and disallowed any users from authenticating to SMB shares. In order to alleviate ourselves of the issue, we followed the instructions to disable the following registry key within HKLM\SYSTEM\CurrentControlSet\Services\Kdc\ by adding PerformTicketSignature set to DWORD 0. Continue reading

Building Images for GCP

In my last post, I opened with the fact that my company has decided to dive into the world of GCP to get ahead of most of the market in our space. With a few of us being tasked for this initive, I decided to take it upon myself to look into Packer. The goal would be to roll our homebrewed software/OS image into an automated build process to make images in GCP (or AWS, vSphere, etc. Continue reading

Vault Journey

Being a good SysAdmin requires some sense of laziness. In the spirit of that approach, I’ve spent some time looking into Hashicorp’s Terraform and Red Hat’s Ansible tools in my organization’s route to Google Cloud Platform. I wanted a method to create reproducable Copute Engine VMs that would allow us to easily create multiple hosts with minor changes quickly and easily. I decided that with the use of Terraform, Vault (also from Hashicorp) would allow me to templatize the configs, as well as, create secrets/passwords that would be randomized, able to be called at will, and even automatically rolled with a configured frequency. Continue reading

Initial Commit!

Finally getting to use this site! Been looking forward to creating some posts here to document travels of random sets of information. Hopefully to provide some steering for those who during their travels ended up in the same situation and went looking for info.