Posts

Linux Permissions Explained

Image
  Reading File Permissions Linux file permissions are broken down by User, Group, and Others. Permissions for read, write, and execute can be associated with each entity and are displayed as rwxrwxrwx. As an example, take alternatives.log  -- the first entry shown in the screenshot above. The file is owned by the root user and the root group. It's permissions are set as -rw-r--r--.  The first "-" we're going to ignore for now, and we'll focus on the rw- r-- r-- section. The can be interpreted as root (the user) can read and write this file, but not execute. Root (the group) can only read this file. Finally, others, which means anyone not the user or group, can only read the file. Now that we can check the file permissions, what if we need to change them? First we'll change the user and group that owns the file, then we'll come back to the permissions. Changing File Ownership First, any given file or directory can have the owner user and group changed ...

Running Ethernet (CAT 6) for My Home Network

Image
  Running Ethernet (CAT 6) in my house is a project I had wanted to do since moving in. Several years later, I finally got it done. Why did I choose to do it in July in Florida? Wireless, even with multiple APs and Ubiquiti gear, wasn't getting near the gigabit speed I expected from our ISP and I had had enough of it. And there really isn't anything that compares to a hardwired connection. I hadn't planned on turning this endeavor into a blog post at the time, so I don't have pictures every step of the way. But ultimately, I wanted to share this in case anyone is thinking of doing something similar in their house. Supplies On the face of it, you wouldn't think there would be much needed to run some CAT 6 through a house. Maybe the cable and a ladder to get into the attic (or crawlspace if you have one). Breaking down each step of it though, the number of supplies start to add up: CAT 6 cabling (I got a 500ft pull box). Make sure to READ what you are buying. At the v...

Productive Habits in Tech

Image
I'm often trying to find ways to be more productive with my time or more efficient with what I am already doing. I've found several suggestions over the years -- some that have worked and some that have not -- and want to share them here. Most come from a mix of sources and I will do my best to give credit to the original source. Time Efficient Since having a child I often think about one of Troy Hunt's oldest blog posts -- "Want to be a better programmer? Have a baby!" . Everything in the post is true. One thing he doesn't talk about much there, but does discuss heavily in one of his other posts is optimizing his time. While this post is not about having kids, having one really shows you just how much free time you used to have and you didn't even know it. It's a great way of forcing you to become as efficient with your time as possible and not getting distracted. Or at least it's been for me. Here's what's worked for me to also help with...

Protecting Applications Using AWS WAF

Image
  Amazon's Web Application Firewall (WAF) allows for seamless integration with existing AWS resources and easy configuration. It may have its limitations, but it provides many common protections for web applications and can be spun up very quickly. Everything I've included below can be found in Amazon's documentation . However, I've highlighted parts that I found particularly important and left other details out. AWS WAF Classic vs AWS WAF If you're still on WAF Classic, you should try to migrate to AWS WAF. The "new" version has been out several years (though rules do not automatically convert and Amazon's conversion tool does not work in all scenarios). There are a number of new capabilities and features, notably managed rules. And if you have version control and infrastructure as code (IaC) implemented widely throughout your environment, rules are now JSON objects. I will leave it at that as I suspect most people are on the current AWS WAF. Resource...

Cybersecurity Fundamentals

Image
  While some hacks truly are sophisticated, nation-state attacks , many more are the result of simpler exploits or just social engineering. After the details of such a compromise are released, people comment about how organizations should be doing at least the "basics" or "fundamentals." So what are the fundamentals? And at what point do you cross over into intermediate or expert practices? I have my opinion, but let me first share a couple official lists: NIST - Cybersecurity Basics CISA - Cyber Essentials These are great lists but allow me to expand. Multi-factor Authentication First up is multi-factor authentication (MFA). Even in 2024, lack of MFA has resulted in account or organization compromise. Take the recent SEC X / Twitter hack  -- the US Securities and Exchange Commission had their X account taken over and was used to post false information. While "SIM swapping" also played a role in the hack, had MFA been enabled, the threat actor may have bee...

The Power of Procmon (Process Monitor)

Image
  Procmon (Process Monitor) is "an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity." This accurately describes what Procmon does, but it doesn't come close to describing the power that it provides to monitor, investigate, and troubleshoot on a Windows system.  Let explore it (download from Microsoft to follow along). Activity Options Procmon had a hard time adjusting to my display resolution, but you can see here and in the screenshot at the top the Activity display options. These will enable / disable various types of activities from being displayed. Deselecting one of these options doesn't erase any existing logs, but just narrows down the output to the types of events you want to see. These include registry, file system, network, and process/thread activity.  These are helpful for narrowing focus when troubleshooting an issue, but you can still be left with thousands of entries. This is where filters come...

Regular Expressions (Regex) for Beginners

Image
  Regular expressions (regex) are used to to extract information or patterns from text. They are used by programming languages, AV/EDR software, application whitelisting software, data loss prevention (DLP) software, personally identifiable information scanning software, and more. While simple in concept, regex can become quite complex depending on what strings of text need to be extracted. I'll be using regex101.com  to show my examples, but there are a ton of great resources and "testers" available for free on the Internet.  Tokens  are how regular expressions are defined. There are dozens available, and we'll get to them in a minute, but nothing is more basic in regex than just typing the exact string you're looking for.  Example 1 - string If you're searching for the string "fire" in a given sentence, you would make your regular expression  fire . We can see here that this regex pattern patches on lines "fire", "firetruck", ...