Friday 10 December 2021

My RE Journey

 I apologise dear reader, I'm so slow to update anything these days on this blog. I have so many responsibilities, from work to the home front and other personal tasks and businesses. It has been a lot. Upon reviewing my blog, (you know when you read what you've previously wrote and realised you forgot something?), I realised that I needed to update you about my Reverse Engineering dream.


What has happened to date:

1. I placed RE on hold after reviewing and realising that it will take a chunk of my time. I really do not have a lot of hours left from waking up, doing mum stuff, work stuff, home stuff and everything else in between to taking care of me

2. I am working on my CEH after 2 years of talking about it. Well, COVID happened and screwed up many things for a lot of people.

3. I realised how helpful this blog is for me, because when I have problems figuring out a task, I can come back here and see what I had done in the past.


Thank you for reading my thoughts. I hope my blog helps you in your career path. Good luck

Error: Cannot find module aws-sdk

 So I don't program daily and Visual Studio Code is still pretty new to me. I came across this issue when I was trying to code for lambda function but VS Code kept giving me this error and I couldn't figure out how to resolve it. I found something on a forum that seemed to work, but I had to read a lot to find it. 

So here is a snippet of my code:

Monday 22 July 2019

CEH vs OSCP

It's been eons since I've been on here to update you guys. Thanks for those who faithfully follow this blog, I'm grateful for your attention.

Well, like you all know, I'm still pretty new in this industry. From programming in 2009 - 2011 to IT security from 2012 (as a student) and now as a professional. I've bagged just about 4 years of industry experience altogether. Its been a journey!!

UPDATE
So at work lately, I've been working on a lot of vulnerability findings and analysis aka Pen testing on web applications. It hasn't been great because half the time, I'm confused if I did the right thing and if my findings are indeed accurate but well, I eventually figured it all out.

Based on this, I'm looking to get certified. Previously, I'd been looking into CEH or OSCP. Some swear by the OSCP and others say it's best to start with the CEH. Some others say the CEH isn't practical like the OSCP.

MY OPINION
From my findings, CEH has lots of practical components, and there's a practical exam to it too. OSCP is practical, true and a little advanced in my opinion for someone starting out in this career. If you have 5 years + in Pen testing, then you should go for OSCP.

WHAT's NEXT
As for me, I'm taking the CEH course online and also planning on the exam at some point. The course gives me enough help with practice and everything I need to know. It has also been updated. This is my opinion, I'd like to hear from you too. Thanks

P.S.
Did you all know that Kali Linux Revealed training is free on kali.training website?

Friday 2 February 2018

Creating my SIEM

In one of my previous post, I did mention how I'd successfully got my Salesforce logs into S3 bucket and how I got this process automated.
My next task/hurdle is getting it from S3 to my instance where I have ELK installed. I do not know what I am doing, but I'm working on it and hopefully it will go well :)

If you do know any resource or have an idea how I can get this done quickly or the best way it can be done, I am open to it. Please do share. Thank you!

Motivation for you

“If you constantly optimize your life for productivity, it doesn’t give you more time. It uses up more of your time.” - from LinkedIn

Wednesday 29 November 2017

SonarQube et Jenkins

SonarQube was fun while it lasted, while I used the embedded version. When it was time to get my production SonarQube on a separate server, it became a huge problem.

Firstly, Sonar had too many issues working on my AWS hosted Windows 2016 server. My DB, a SQL server, got it connected to SonarQube but Sonar expected it to be upgraded. It finally got upgraded and Sonar had issues with it because the Latin_General_CP1_CS_AS got changed after the update and it was no where to be found.

Resolving the DB:
I got another SQL server on AWS RDS and connected to that, I stopped the upgrade of that DB for the duration of setup.

SonarQube Version:
Sonar 6.3 Works!!! 6.5 - 6.7 had issues with SQL server.

Jenkins:
After all the drama with SonarQube, then came Jenkins. I thought it would be easier but it obviously wasn't. I got the necessary plugins installed, including Sonar Scanner. Now, the configuration is the issue.
With Jenkins, ensure you use JDK for ANT otherwise, Jenkins won't see it. Also, you need to reference Sonar Properties in the sonar scanner section of the Build configuration.
Important!! don't forget to get your Sonar Token from sonar Administration portal, you may choose version 5.2 in Jenkins configuration to enter username and password, but if you use anything higher, you require a token!

Tuesday 21 November 2017

Huddle for some weeks

I've been working on installing SonarQube to use for secure code analysis.
Boy! I never knew SonarQube could be this easy and yet complicated. I'm still working on it.

What I've done so far:

  1. Got windows server on AWS
  2. Setup an RDS for SQL server in AWS
  3. Installed, Java (JRE. JDK gave me serious trouble, so I stuck with just the JRE), Ant (needed for the plugin and I need in Sonar) and SonarQube.
  4. Downloaded sqljdbc_6.0


SonarQube issues:
Firstly, the database is very different for AWS when using RDS. Connecting to the database in the sonar.properties doesn't require localhost. You'll need the RDS connection string, which can be obtained from AWS or when you log into SQL server on the Amazon windows machine. (if you have questions regarding this, please comment and I'll respond as soon as I can).

Secondly, ensure your database was created properly! You can google SonarQube SQL server database and you'll find information of what's required in the "collation" properties. 

Ensure you include Java JRE location in the wrapper properties, it should be at the top of the page, do not edit the other parts of it, it's strictly prohibited if you expect Sonar to work.
***********************************

I tried all these with SonarQube 6.3. 6.5 and 6.6

I got kicked out a lot of times with issues regarding IP address, firewall and Java. Now, enable port 9000, 9001 (if needed) and 1433 through your firewall. Trust me, sometimes, this can resolve a bunch of issues, it worked for me.
SonarQube 6.6 worked after installation but it had issues with some upgrade to the database, which I found out is synonymous for "upgrade SonarQube".