Surround yourself with friends who will encourage you, motivate you, hype you up, celebrate your wins, and commiserate your losses. And, most importantly, who will be honest with you when you’re out of line.
To make a USB Host Device optional on startup within KVM, edit the XML and add startupPolicy="optional" to the source node. This will ensure your usb stick, yubikey, or whatever, it won’t stop your VM from booting if it isn’t present.
Example:
<hostdev mode="subsystem" type="usb" managed="yes"> <source startupPolicy="optional"> <vendor id="0x1050"/> <product id="0x0402"/> </source> <address type="usb" bus="0" port="4"/> </hostdev>
Received a BSOD with error code 0xc0000225 on a Windows 10 (and 11) VM when enabling the Hyper-V role to do some testing with Microsoft Defender Application Guard. This VM runs on a Rocky Linux host and I typically use Virt-Manager to handle my VMs.
Two changes were necessary to get nested Hyper-V working with virt-manager:
virt-xml <VM-NAME> --edit --cpu host-passthrough
sudo modprobe kvm\_intel nested=1
Note: kvm\_amd for AMD processors
I was cleaning up a new directory and found the krbtgt account password hadn’t been reset for over two decades. When I tried resetting it, I could not due to complexity requirements.
Each DC in an AD domain runs a Kerberos Distribution Center (KDC) service that handles all Kerberos ticket requests. AD uses the krbtgt account for Kerberos tickets. This account is an important one and can be used in attacks, such as Golden Ticket attacks: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/how-microsoft-advanced-threat-analytics-detects-golden-ticket/ba-p/250341
The NSA and CISA have released hardening guidance for Kubernetes. The guidance describes the security challenges associated with setting up and securing a Kubernetes cluster. It includes hardening strategies to avoid common misconfigurations and guide system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. This guidance details the following mitigations:
Scan containers and Pods for vulnerabilities or misconfigurations. Run containers and Pods with the least privileges possible. Use network separation to control the amount of damage a compromise can cause. Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality. Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface. Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity. Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.
The Biden administration is making a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components in devices, a requirement amid efforts to improve cybersecurity across the federal government and private sector.
https://www.medtechdive.com/news/biden-orders-software-bill-of-materials-to-boost-cybersecurity-advamed-wan/600594/
Reflecting on my 2020 goals. I’m proud of what I accomplished. I would’ve liked to accomplish more. Onward to 2021. Weight training goal. Not my gig. I discovered rucking and fell in love with hiking again. I’ll call that a win. Thanks for the perpetual headlock, David Walzer." CISSP completed in January with some motivation from Brian East." OSCE ended up retired. COVID changed all my plans. Went after the AWS SAA instead. When I most needed it, landed a gig with Amazon Web Services (AWS) " One CSRF bug reported for $200. Not sure I’m cut out for the bug bounty life. At least I got one.
Security by obscurity is not enough by itself. You should always enforce the best practices. However, if you can reduce the risk with zero cost, you should do that. Obscurity is a good layer of security.
https://utkusen.com/blog/security-by-obscurity-is-underrated
I’m wrecked. My dear uncle passed Saturday. He shook my hand when I graduated boot camp and said, “Semper Fi, Marine.” I didn’t know he was a Vietnam vet or Marine.
Labor Day 2005, I returned from basic training and MOS school. I knew exactly where I wanted to be @ Lake Chelan, WA with fam @ his place. As usual, he bought 12+ tickets to a Kingston Trio concert to hand out to anybody. He insisted I go. I’m glad I did.
Knocked out the new Amazon Web Services Solution Architect Associate (SAA-C02) exam this morning. 2nd CoronaCert done this month. Up next: AWS SA Professional"
For folks taking the new test, a little practice, reading some FAQs and whitepapers, and running through these resources is enough:
Course: Ultimate AWS Certified Solutions Architect Associate 2020 Practice Exams: AWS Certified Solutions Architect Associate Practice Exams