https://shadow.engineering/tags/infrastructure/ Recent content in Infrastructure on Shadow Engineering Hugo -- gohugo.io en © 2026 Sat, 23 Apr 2022 11:30:03 +0000 https://shadow.engineering/posts/iterations_of_this_site/ Sat, 23 Apr 2022 11:30:03 +0000 https://shadow.engineering/posts/iterations_of_this_site/ <p>In 2018 I applied for a position at Google, to start the day long series of interviews I got asked one simple question:</p> <blockquote><p>How would you create a secure web page?</p> </blockquote><p>I responded at first about securing the host, implementing SELinux, putting SSH on a high port with a certificate, sticking it behind a WAF. I had started to go into detail about the CI/CD pipeline when I was interrupted by the interviewer asking if I had heard of things such as HSTS and HKPI. I confessed that I hadn&rsquo;t, and knew there must have been a whole world of things that I simply hadn&rsquo;t had exposure to, so I took a mental note to go away, build myself a website and to try and experiment.</p> https://shadow.engineering/posts/diagnosing_difficult_network_issues/ Mon, 07 Mar 2022 11:30:03 +0000 https://shadow.engineering/posts/diagnosing_difficult_network_issues/ <h2 class="relative group">Background <div id="background" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#background" aria-label="Anchor">#</a> </span> </h2> <p>This is the story of a case I worked a long time ago. At the time I was working in an infrastructure development team. We had a VMWare vCenter 5.5 cluster that started as a prototype, but soon became mission critical (as is the way for those systems sometime). Other than overutilising the hardware with random VMs it had been functioning seemlessly with no issues for a long time, and then developed an interesting fault. The vCenter cluster would disconnect from the storage multiple times an hour.</p> https://shadow.engineering/posts/easter_eggs/ Tue, 23 Nov 2021 17:00:00 +1000 https://shadow.engineering/posts/easter_eggs/ <p>As I outlined in <a href="https://shadow.engineering/posts/iterations_of_this_site/" title="iterations of this site">Iterations of this Site</a>, this website has been a project for me to learn and experiment. As a part of that I&rsquo;ve included 10 easter eggs littered around the site in various places, they&rsquo;re not overly complex, but they provide a chance for others to learn about some of the different elements of the site like I have in building it.</p> <p>If you&rsquo;ve uncovered all 10 of them, I&rsquo;d love for you to let me know, send me a message to my <a href="https://twitter.com/0x706972686f" target="_blank" rel="noreferrer">twitter</a></p> <p>For those keen on a bigger challenge, I provide the below. Some bafoon has attempted to encrypt a super sensitive file, but it appears they&rsquo;ve done it in the worst way possible!</p> https://shadow.engineering/posts/project_chaos/ Sun, 04 Apr 2021 11:30:03 +0000 https://shadow.engineering/posts/project_chaos/ <p>Meet Scarlett Reynolds, a new starting ICT Sales Representative, for a small technology start up named Eigar Technologies, that&rsquo;s based in Sydney, Australia. <figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="auto" alt="Scarlett" width="768" height="768" src="https://shadow.engineering/posts/project_chaos/scarlett.jpg" srcset="https://shadow.engineering/posts/project_chaos/scarlett.jpg 800w, https://shadow.engineering/posts/project_chaos/scarlett.jpg 1280w" sizes="(min-width: 768px) 50vw, 65vw" data-zoom-src="https://shadow.engineering/posts/project_chaos/scarlett.jpg"></figure> </p> <p>She studied at Arthur Phillip High School in Parramatta, before graduating in a double degree in IT and Business from UTS in 2013. She&rsquo;s a virgo and her first car was a &lsquo;96 Corolla, and she doesn&rsquo;t exist.</p> <p>Neither does Eigar Technologies. In fact, the name Eigar Technologies is a portmanteau of <a href="https://en.wikipedia.org/wiki/Eiger" target="_blank" rel="noreferrer">Eiger</a>, a mountain in the Swiss Alps, and <a href="https://en.wikipedia.org/wiki/EICAR_test_file" target="_blank" rel="noreferrer">EICAR</a>, the test file associated with Antivirus program validation. <figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="auto" alt="Logo and Signature" width="600" height="150" src="https://shadow.engineering/posts/project_chaos/sig.gif" srcset="https://shadow.engineering/posts/project_chaos/sig.gif 800w, https://shadow.engineering/posts/project_chaos/sig.gif 1280w" sizes="(min-width: 768px) 50vw, 65vw" data-zoom-src="https://shadow.engineering/posts/project_chaos/sig.gif"></figure> </p> https://shadow.engineering/posts/teach_a_man_to_phish/ Tue, 01 Oct 2019 00:00:00 +1000 https://shadow.engineering/posts/teach_a_man_to_phish/ <h2 class="relative group">Background <div id="background" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#background" aria-label="Anchor">#</a> </span> </h2> <p><figure><img class="my-0 rounded-md" loading="lazy" decoding="async" fetchpriority="auto" alt="Phish Site" width="968" height="530" src="https://shadow.engineering/posts/teach_a_man_to_phish/image1_hu_1bfab189d9c752e4.png" srcset="https://shadow.engineering/posts/teach_a_man_to_phish/image1_hu_1bfab189d9c752e4.png 800w, https://shadow.engineering/posts/teach_a_man_to_phish/image1.png 1280w" sizes="(min-width: 768px) 50vw, 65vw" data-zoom-src="https://shadow.engineering/posts/teach_a_man_to_phish/image1.png"></figure> </p> <p>I know it may be hard to believe, but this poor looking website above is not the legitimate NAB website, it’s a poor mockery of a NABs internet banking portal based off a phishing kit we’ve seen. How do I know this? Because I made it.</p> <p>It stemmed from a weird need, we often need to showcase our phishing capability to seniors in the bank and as a good educational piece to students and employees. Depending on who we’re showcasing to we’re either demonstrating how we respond and manage the risk to customers, or educating users for simple things they can identify to determine the legitimacy. It also helps to showcase the other side of the phishers themselves; a lot of people don’t seem to realise what’s being gathered.</p> https://shadow.engineering/posts/electric_blue/ Sun, 07 Apr 2019 17:00:00 +1000 https://shadow.engineering/posts/electric_blue/ <div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;"> <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/S-MZRZg-pGo?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe> </div> <p>At the end of 2018, NAB built out it&rsquo;s extensive cloud environment. As a security analyst who had not had a lot of exposure to cloud environments, it provided new challenges and lessons and I wanted to share that with the world. Thanks to Crikeycon and NAB for letting me share those lessons.</p> <p><strong>Slides:</strong> <a href="https://shadow.engineering/posts/electric_blue/electricblue.pdf" >PDF</a> | <a href="https://shadow.engineering/posts/electric_blue/electricblue.pptx" >PPXT</a></p>