Devops

CI/CD pipelines exist in just about every company that does some kind of development. Some companies have more mature pipelines than others, but the rule still holds. Most companies with in house development have a Jenkins instance or some similar build orchestration software, code repositories, path to deployment, etc. Depending on your background you may be familiar with these environments to varying degrees. I started out doing somethin between running application servers and devops, maintaining deployment pipelines and helping developers troubleshoot issues. I even wrote my own share of code and deployed my own changes to a minor application that eventually went into production. This was done as an opportuntiy to get me more familiar with that side of things and I found the experience very valuable. Those experiences became invaluable when I went into red teaming and security research as I already had a baseline familiarity with these environments and how they worked, and more importantly, insight in how these environments could be exploited by an attacker.

The last year I’ve been busy working quite a bit with AWS. I’ve gone so far as to get my certification as the Associate Level as an AWS Architect. I accomplished this earlier in the year as well as renewing my Puppet Certification just recently for 2017. I may also be getting Docker certified.

Also related to AWS, I’ve recently discovered some infosec related resources on AWS from the offensive perspective. The first is Daniel Grzelak who has a blog on some of the possible way someone can back door an AWS account using AWS services. Another is a tookit called CS Suite which I haven’t had a chance to use extensively yet, but can help with auditing AWS security. AWS also provides some tools to do the same.

Atom.io was getting too bloated. So after much trial and error, and learning curve, I went hard into vim, and started using spacevim. In fact, I’m typing this up in spacevim right now with a live Markdown preview showing in a side browser window.

The biggest challenge besides getting it working and all the dependencies, was to get the terminal colors and unicode characters to display properly. At work, I settled on a Terminator terminal over X11+SSH session to get the colors just right, even though setting xterm-256color (or color256 maybe) as your terminal type and also installing the powerline fonts. The Deja Vu Mono from powerline works best I’ve found. Weirdly, it works better over an X11 session using a X Server on Windows (MobaXTerm) with vim running on a private cloud provisioned Ubuntu 16.04 server then it does on my Ubuntu workstation/laptop at home. The difference really is that just a few characters show up as random unicode blocks, even after changing the font on my home machine, not sure the difference (edit: I since fixed this by installing nerd fonts: https://github.com/SpaceVim/SpaceVim/issues/619 ).

Now I’m sitting on a plane, heading back to my family.

I just got through with the RedHat Summit 2017 in Boston and I also visited some of my family while there. It was an intense 3-4 days.

I generally love Boston, and also Cambridge across the river. While I was there, I took a visit over to the MIT Press Bookstore, and bought a few books, including Grokking algorithms which was a book that I already had on my wishlist, but wasn’t one I could find in the store anywhere else. It was going to be my next Amazon purchase, but I was lucky enough to find it there. I also bought Tokyo Boogie-Woogie, and one other book. I also explored Chinatown and had my first hot pot, which was an awesome experience.

I recently started with a new company doing more of the role I was in at my previous job focused on J2EE applications, etc. However, I additionally ended up taking over management of Eucalyptus which is an AWS compatible cloud solution.

It’s been an exciting change of pace over configuring, troubleshooting, and restarting JVM’s. I’ve worked heavily with it and its underlying open source components that it utilizes like KVM, qemu, S3 (which this site is hosted on an S3 bucket), creating new images (using packer and some fancy script-fu I’ve got it fully automated), and customizing them. So far doing and upgrade and setting up a new availability zone have been tasks I’ve been carrying out in the short time since I’ve started working with it. If I ever run my own lab besides the ESXi based one being setup at my local hackerspace, I may use Eucalyptus.

I’ve completely messed up my Docker install on the server I was using it on so take my post with a grain of salt. I’ve been messing with Docker for over a year and found it advantageous for a lot of situations. The main thing a Docker container or LXC containers provide me in general, is a sandbox within which to experiment that doesn’t require running a full virtual machine, an extra server, or modifying the native OS settings to try out various applications, packages, or have a self contained environment for using certain software so I can keep it isolated from my base or default environment. One obvious application is doing development.