Skip to content

Blog

PAN-OS Decryption Port Mirror - Part 1 - Why and How

Okay, so. Decrypting traffic. Something unpopular. Purposely breaking decryption and secrecy. When would we ever want to do that?

Well...for an enterprise, the answer is nearly always. At some point after encryption gained true popularity and adoption for legitimate activity, attackers took note and started using encrypted channels to deliver payloads and communicate with C2 frameworks. To noones surprise, the tools we use everyday to defend data, systems, and networks, are the same ones our adversaries are using to attack us.

Signing Git Commits with 1Password SSH Agent

This is a quick post because I left it out of my last post on using the 1Password SSH agent in general. Simple oversight, but something I wanted to touch on real quick.

1Password allows you to configure your SSH keys for Git signing. This means that you can cryptographically validate the source of commits. This is obviously desirable for a number of reasons.

Forwarding iDRAC Logs to Splunk with syslog-ng

I'm a firm believer in centralized logging of everything. If it supports sending some sort of log stream to a remote location, it should be getting sent there. In my case, my lab utilizes Splunk through the developer license.

As of today, all of my logs for Windows, Linux, Firewalls, Duo, and a few other random things are in Splunk.

I actually realized I wasn't forwarding the logs when I went to update my iDRAC controller and BIOS firmware. It's been a while since I did that, so while I was in there I was validating all my other settings were as expected and realized syslog was not configured.

Using the 1Password SSH Agent

I've been an avid user of password managers since the early days of KeePass. While I'll leave it another thoughts post to cover why I use 1Password in specific, one of my favorite features has to be 1Passwords SSH agent.

Using the SSH agent takes the fear of unsecured SSH keys left on my desktop out of mind and walls them off behind the 1Password agent, requiring my master password for use. It allows for importing of specific keys, using them for Git signing, and is fairly simple to setup.

Duo SSO for Proxmox

I recently migrated away from VMWare, and over to Proxmox. As part of this migration, I wanted to setup auth similar to what I had with vCenter.

Thankfully, Proxmox supported Open-ID Connect (OIDC). This is a simple guide to follow, without much fluff.

Creating Custom App-IDs - Proxmox

If you've ever administered a firewall with advanced inspection features, you're probably all too familiar with specific applications being decoded as basic ones like SSL or Web browsing. This highlights the complex relationship we as administrators have with nearly all internet-traffic being encrypted. While we're happy we've adopted encryption, it also thwarts some of our inspection capabilities.

Thankfully, we're an enterprise, and we've gone ahead and setup SSL decryption. Now 80% of our traffic is decoded properly and inspected with appropriate security filters. What about the other 20%?

The world is less than perfect, which means that companies like Palo Alto, Fortinet, Cisco, and others can't create app-decoders for every application out there. Some are sparingly used, custom, or just don't have anything unique to identify them with. Fear not though, for we have the power. The power to create custom App-IDs.

Lab Update - Off with VMware

The Broadcom takeover of VMware saga continues. This time, changes to licensing for VMware User Group (VMUG) Advantage members.

For years, I've been using VMUG Advantage to handle my lab licensing. It's a yearly membership that granted you access to "EvalExperience" licenses for the full suite of VMware products that were good for 365 days.

VMUG also provides some additional benefits like discounts on exams, free training, user conferences, and more. For me though, the licensing was the main driver of my membership.

Despite constant reassurance from the VMUG and VMware leadership that nothing would change for us, our license experience has completely changed.