Devops on Shadow Engineering

SOC Automation with Inspector Gadget

Sat, 28 May 2022 11:30:03 +0000

Inspector Gadget is a tool to help SOCs scale and automate augmention of alerts. Whether that’s through an analyst leveraging Inspector Gadget directly, or through a Security Orchestration, Automation and Response (SOAR) platform.

It’s a proxy API endpoint, that can communicate to other API endpoints. This means that given a particular Indicator of Attack (IOA), it can connect to multiple API endpoints for third party services to provide more information and context around it, and help make a better assessment to the validity or malicious nature of it.

It’s built upon FastAPI and httpx, meaning it’s designed with parallelism in mind, then thanks to Celery/Redis it can scale to meet your demands while still maintaining that quick response. Even the core library that maps indicator types to third party API endpoints (ioclib) is built with asynchronous actions for speed.

Cloud Run Website with GCP

Sat, 23 Apr 2022 11:30:03 +0000

As I outlined in Iterations of this Site, a time had come when I wanted to repurpose this domain, and use it to share some of the knowledge I had gained from experimentation and projects I had worked on.

A common approach that a lot of people recommend is using a static site generator like Jekyll or Hugo, pushing that to a GitHub Pages repository and then using Cloudflare Workers to mask that behind a domain name of your choosing.

I really liked the approach, and it made some vast improvements over my previous methodology. But it would mean that a lot of the little easter eggs I had developed over the years would be lost.

Iterations of this Site

Sat, 23 Apr 2022 11:30:03 +0000

In 2018 I applied for a position at Google, to start the day long series of interviews I got asked one simple question:

How would you create a secure web page?

I responded at first about securing the host, implementing SELinux, putting SSH on a high port with a certificate, sticking it behind a WAF. I had started to go into detail about the CI/CD pipeline when I was interrupted by the interviewer asking if I had heard of things such as HSTS and HKPI. I confessed that I hadn’t, and knew there must have been a whole world of things that I simply hadn’t had exposure to, so I took a mental note to go away, build myself a website and to try and experiment.

Project Chaos

Sun, 04 Apr 2021 11:30:03 +0000

Meet Scarlett Reynolds, a new starting ICT Sales Representative, for a small technology start up named Eigar Technologies, that’s based in Sydney, Australia.

She studied at Arthur Phillip High School in Parramatta, before graduating in a double degree in IT and Business from UTS in 2013. She’s a virgo and her first car was a ‘96 Corolla, and she doesn’t exist.

Neither does Eigar Technologies. In fact, the name Eigar Technologies is a portmanteau of Eiger, a mountain in the Swiss Alps, and EICAR, the test file associated with Antivirus program validation.

Python Debugging with Decorators

Fri, 06 Nov 2020 11:30:03 +0000

Decorators
#

Often times while writing python code you may encounter a logical error, one that won’t be caught in compilation or execution, but rather during run time. Perhaps something didn’t execute or return as expected, or maybe a function executed and returned the anticipated result, but took an astounding long time to do it.

Test driven development will catch these kind of issues as we work, but traditionally a lot of people will just throw a whole lot of print statements throughout their code. This could create more issues that we’re fixing.