GitHub Static Page: https://stanleysteveandrews.github.io/
GitHub: https://github.com/stanleysteveandrews
Vanity Domain (S3 Static): stanleysteveandrews.net
LinkedIn Profile: www.linkedin.com/in/stanleysteveandrews
I am an outgoing and energetic professional, seeking a career that fits my professional skills, and personality. This page highlights recent activities, thoughts, and notes.
7.5 hours.
Business technology conference
17 hours.
You will learn about the different phases of penetration testing, how to gather data for your penetration test and popular penetration testing tools. Furthermore, you will learn the phases of an incident response, important documentation to collect, and the components of an incident response policy and team. Finally, you will learn key steps in the forensic process and important data to collect. This course also gives you a first look at scripting and the importance to a system analyst.
Certificate of Completion14 hours.
This course gives you the background needed to understand basic network security. You will learn the about Local Area Networks, TCP/IP, the OSI Framework and routing basics. You will learn how networking affects security systems within an organization. You will learn the network components that guard an organization from cybersecurity attacks.
Certificate of Completion16 hours.
This course gives you the background needed to understand the key cybersecurity compliance and industry standards. This knowledge will be important for you to learn no matter what cybersecurity role you would like to acquire or have within an organization.
Certificate of Completion1.0 hours.
Section 1: Amazon S3 Fundamentals, Section 2: Data Management and Security
Certificate of Completion1 hours.
This webinar will introduce several considerations for professionals when introducing emerging technology within a library environment. You'll be able to understand and communicate risks and utilize evidence-based approaches to addressing these risks and ask questions about specific technologies and ethical concerns that you have encountered.
Niche Academy Link1.5 hours.
Find out how the latest generation of Google Analytics can take your measurement strategy to the next level. Learn how to set up an Analytics account and gain the insights you need to meet your business objectives.
Course Link0.75 hours.
Find out how the latest generation of Google Analytics can take your measurement strategy to the next level, and learn how to set up a Google Analytics 4 property for your business.
Course Link15 hours.
This course gives you the background needed to understand basic Cybersecurity around people. process and technology. You will learn:
● Understand the key cybersecurity roles within an Organization.
● List key cybersecurity processes and an example of each process.
● Describe the architecture, file systems, and basic commands for multiple operating systems including Windows, Mac/OS, Linux and Mobile.
● Understand the concept of Virtualization as it relates to cybersecurity
0.25 hours, Dear MSPs: Here is Your Most Common Insurance Mistake
0.25 hours, What is Cyber Liability Insurance? You're Asking the WRONG Question!
0.25 hours, What's in a cyber policy?
Youtube Channel19 hours.
This course gives you the background needed to understand basic Cybersecurity. You will learn the history of Cybersecurity, types and motives of cyber attacks to further your knowledge of current threats to organizations and individuals. Key terminology, basic system concepts and tools will be examined as an introduction to the Cybersecurity field.
Certificate of Completion5 hours.
A Manager's Guide to Knowing What the Numbers Really Mean. Karen Berman (Author).
Amazon Link8.5 hours.
Chapter 1: What is MongoDB?
Chapter 2: Importing, Exporting, and Querying Data
Chapter 3: Creating and Manipulating Documents
Chapter 4: Advanced CRUD Operations
Chapter 5: Indexing and Aggregation Pipeline
Chapter 6: Next Steps
7.5 hours.
A one-day business technology conference laser-focused on what’s out there, what’s coming, what to do, and what NOT to do.
6 hours.
Municipal Services | Office of Accounts and Reports. Kansas Department of Administration
0.5 hours.
Certificate of Completion0.5 hours.
Certificate of Completion0.5 hours.
Certificate of Completion0.5 hours.
Certificate of Completion Verification Link2 hours.
Fundamentals of the Process Injection technique and its sub-techniques. Provided by Picus / Purple Academy.
1 hour.
Certificate of CompletionLog Management process, primary log sources, prioritization, log management challenges and best practices within the Security Operations Center (SOC). Provided by Picus / Purple Academy.
1 hour.
Certificate of CompletionA neat beginner's level overview of MITRE ATT&CK concepts and terminology provided by Picus / Purple Academy.
1 hour.
Certificate of Completion0.5 hours.
Certificate of Completion0.5 hours.
Certificate of Completion0.5 hours.
Certificate of Completion0.5 hours.
Certificate of Completion6 hours.
Certificate of Completion1 hour.
2 hours.
3 hours.
For kicks I decided to fashion a 137MHz dipole antenna and break out the RTL-SDR dongle to pick up some NOAA satellite images. Pretty much everything that you need to know about this procedure can be found on the rtl-sdr.com website.
The first run didn't come out to well. I discovered that the satellite frequencies for the NOAA satellites were incorrect in WXtoIMG and I started off at the wrong spot. Once I got that sorted out I took another run and got a decent output, especially for a quick antenna build. The images shown below came from NOAA 18, 2020-09-20 03:43 UTC.
Varonis Coffee Series: Post-Exploitation Basics with Black Hills (1 CPE) video
https://www.varonis.com/webinars
A really good presentation by Black Hills Security on hacking Active Directory along with free tools to help mitigate certain issues. See: https://github.com/CredDefense/CredDefense
It's been a while since I did anything with Python, so I'm going through a class I purchased on Udemy called "Learn to Code in Python 3: Programming Beginner to Advanced". I've got some personal projects coming up that will involve Python, so back to basics. I just haven't used Python all that much professionally or personally, but I'd like to change that.
Another little snag is trying to keep a git repo on Github of the files I'm creating during this course. I'm working on multiple computers and different Github accounts, so I need to sync the repo files. Thankfully, a kind soul wrote detailed instructions on how to setup Windows PCs for multiple Github accounts:
https://www.fofxacademy.com/how-to-setup-git-on-your-pc-for-multiple-github-accounts/
I finally got some time to finish up the AWS Cloud Practioner Essentials training modules. I had started this back in October of last year, and hadn't had a chance to finish the modules ubtil this week. The whole course is listed as 6 hours (a bit over 5 hours of actual video) and the modules are all high level overviews, no hands-on labs. They really are a great introduction to AWS.
Certificate of Completion
This morning I finished the Project Management Institute's online beginners course, aptly named Project Management for Beginners. The course itself consists of 14 modules and counts as 4.5 PMP/PgMP PDUs. I liked both the content and delivery. This is a more in depth introduction compared to MSI's PMEC course that I completed last month. It took me about a week and a half to get through, although there were several evenings that I didn't have time to do any of the modules. I spent about 30 minutes per module, and towards the end they went quicker.
Certificate of Completion.
(The sessions I'm attending or watching later)
9:30am – 9:35am Keynote: Cloud Native Projects: Powering Your Life in Ways You didn’t Realize Katelin Ramer, Business Development Manager, Cloud Native Computing Foundation Presented by our sponsor Cloud Native Computing FoundationKeynote Theater Speakers: Katelin Ramer 9:35am – 9:55am Keynote: Open Source in Safety Critical Applications: The End Game Kate Stewart, Senior Director of Strategic Programs, The Linux FoundationKeynote Theater Speakers: Kate Stewart 11:00am – 11:05am Opening Remarks - James Morris, Kernel Developer, MicrosoftLinux Security Summit Theater Speakers: James Morris 11:15am – 12:05pm All the Databases! Let’s Discuss them All! Amanda Moran, Independent AdvocateOS Databases Theater Speakers: Amanda Moran 12:15pm – 12:40pm Connect and Grow your Community through Meetups Carol Chen, Red HatCommunity Leadership Theater Speakers: Carol Chen 1:50pm – 2:40pm From Server to Serverless The Open Source Way - Ned Jamieson, A Cloud Guru101 Essentials Theater Speakers: Ned Jamieson 4:05pm – 4:55pm Embedded Linux Conference Annual Closing GameELC Theater A Speakers: Tim Bird
(The sessions I'm attending or watching later)
9:30am – 9:50am Keynote: Building a Business Around Viable Open-Source Projects Kohsuke Kawaguchi, Creator of Jenkins and Co-CEO & Co-Founder, LaunchableKeynote Theater 10:15am – 10:20am Keynote: Chris Wright, Senior Vice President & Chief Technology Officer, Red Hat Presented by our sponsor Red HatKeynote Theater Speakers: Chris Wright 10:25am – 10:30am Keynote: Citizenship During COVID Megan Byrd-Sanicki, Manager, Research & Operations, Google Open Source Program Office Presented by our sponsor GoogleKeynote Theater Speakers: Megan Byrd-Sanicki 11:25am – 12:55pm Tutorial: Introduction to I2C and SPI: Both In-kernel and In-userspace Michael Welling, QWERTY Embedded Design, LLC101 Essentials Theater Speakers: Michael Welling 11:25am – 12:55pm Tutorial: How to Ansible, a Tutorial John Hawley, VMware101 Essentials Theater Speakers: John Hawley 11:25am – 11:50am FreeBSD: 27 Years of Code, Community, and Collaboration Deb Goodkin, FreeBSD FoundationWildcard Theater Speakers: Deb Goodkin 11:50am – 12:15pm Learning Python Through Open Source Tyler Mestery, East Ridge High SchoolWildcard Theater Speakers: Tyler Mestery 12:15pm – 12:40pm Software in Space - What Can Everyday Developers and Managers Learn from Space Missions? Joseph Winchester, IBMWildcard Theater Speakers: Joe Winchester 12:25pm – 1:15pm Deep Learnings at the Edge Gavin Adams, Amazon Web ServicesAI/ML/DL Theater Speakers: Gavin Adams 2:00pm – 2:50pm Firewalls with NFtables John Hawley, VMware101 Essentials Theater Speakers: John Hawley 2:00pm – 2:50pm Finding Sources of Latency on your Linux System Steven Rostedt, VMwareELC Theater A Speakers: Steven Rostedt 2:00pm – 2:50pm 5 Years of Providing Root Shells to Strangers on the Internet Stephane Graber, Canonical LtdLinux Systems Theater Speakers: Stéphane Graber 3:15pm – 3:40pm 10 Things I Wish I Knew Before Experiencing Burnout Jason Hibbets, Red HatCommunity Leadership Theater Speakers: Jason 3:15pm – 5:15pm Tutorial: Kubernetes: The Final Frontier Amanda Moran, Independent Advocate101 Essentials Theater Speakers: Amanda Moran
A few more notes from other sessions and Slack chats:
Here are the (3) talks you will need to attend to earn the “A Word from our Sponsors” Badge: 1.) Deep Learnings at the Edge - Gavin Adams, Amazon Web Services 2.) Keynote: Chris Wright, Senior Vice President & Chief Technology Officer, Red Hat Presented by our sponsor Red Hat 3.) AI Model Efficiency Toolkit - Abhijit Khobare, Qualcomm https://linuxcontainers.org/lxd/try-it/ https://asciinema.org/~StanAndrews eating your own dogfood - using the code you wrote https://docs.google.com/presentation/d/16mH9mfz1mXaTLFYl9GVEc_G9lw97ynIj7JO5YY5Znls/edit#slide=id.p https://robrich.org/presentation/2020/06/29/definitive-deep-dive-into-the-git-folder.aspx https://www.okdo.com/project/get-started-with-webthings-gateway-kit/ https://coffitivity.com/
(The sessions I'm attending or watching later)
9:30am – 10:15am Keynote: Opening Remarks and Project Updates Jim Zemlin, Executive Director, The Linux Foundation with Guests: Gabriele Columbro, ED of FINOS; Priyanka Sharma, GM of CNCF; Steven Tan, VP & CTO Cloud Solution, Storage at Futurewei; and J.R. Storment, PreKeynote Theater Speakers: Steven Tan, Gabriele Columbro, Jim Zemlin, Priyanka Sharma, J.R. Storment 10:15am – 10:45am Keynote: Linus Torvalds, Creator of Linux & Git, in conversation with Dirk Hohndel, Vice President & Chief Open Source Officer, VMwareKeynote Theater Speakers: Dirk Hohndel, Linus Torvalds 11:00am – 1:00pm Sponsor ShowcaseSponsor Showcase 11:30am – 1:00pm Tutorial: Introduction to the Embedded Boot Loader U-boot Behan Webster, Converse in Code101 Essentials Theater Speakers: Behan Webster 11:30am – 1:00pm Tutorial: Bashful to Bold - A Bash Primer Alex Juarez, Rackspace101 Essentials Theater Speakers: Alex Juarez https://github.com/mralexjuarez/oss-bash-primer 12:30pm – 1:20pm DIY Smart Home Demonstration and How-to Using FOSS Kathy Giori, MicroBlocksInternet of Things Theater Speakers: Kathy Giori 2:05pm – 2:55pm Monitoring: A New Approach Tom King, The Linux Foundation101 Essentials Theater Speakers: Tom King 2:05pm – 2:55pm Why Is There No Free Software Vulnerability Database? Philippe Ombredanne, AboutCode.org and nexB Inc. & Michael Herzog, nexB Inc.OS Dependability Theater Speakers: Michael Herzog, Philippe Ombredanne 3:20pm – 4:50pm Tutorial: Systemd: The Adventure Continues Lee Elston, The Linux Foundation101 Essentials Theater Speakers: Lee Elston 3:45pm – 4:10pm Hack the Project Onboarding Process: Learning by Writing Tutorials as a New Contributor Emily Shaffer, GoogleOS Project Updates Theater Speakers: Emily Shaffer 4:20pm – 5:10pm The Definitive Deep Dive into the .git Folder Rob Richardson, IndependentWildcard Theater Speakers: Rob Richardson
Today starts the Open Source Summit & Embedded Linux Conference North America. The keynote session with Linus Torvalds & Dirk Hohndel was great! Some of my notes:
Dirk Hohndel Vice President & Chief Open Source Officer VMware Linus Torvalds Fellow Linux Foundation kernel 8.4RC increase in number of developers working on linux kernel over time kernel veterans, 3 decades of experience new blood needed to eventually take over diversity in group Linus new AMD Threadripper desktop prefers quite work environment, but willing to hear a bit more noise when compiling
ARM as 1st class citizen in architecture Apple moving to ARM (from Intel) remembering Apple PowerPC AWS Graviton CPU (ARM) performance vs power consumption
I spent some time today looking into and learning about Amazon Honeycode, a new no-code solution that is in beta. It looks to be a simple solution for in-house app creation and sharing for teams. The 'app' created in Honeycode can run on mobile devices by way of the Honeycode Player (iOS & Android). I loaded up a test .csv export from a MySQL DB table that contains customer contact information into a Honeycode table and played around with the interface for a bit. I think it's pretty slick all around, but cannot currently think of a use case in my current environment. But, this is after all the Beta so new features may change that.
Amazon Honeycode IntroductionI sat in on an online tech talk regarding AWS Lightsail monitoring, 'Best Practices for Monitoring and Troubleshooting System Performance with Amazon Lightsail'. There was quit a bit of good information including examples of burstable cpu limits, horizontal vs vertical scaling, and comparison with AWS Cloudwatch.
I've been looking at the Eventbrite API for the last couple of days due to a request from my colleagues to have a readily available list of attendees for upcoming sessions. This is mostly a result of the need to confirm board meeting quorums. Looking at Eventbrite's API documentation, it's pretty easy to pull data in a number of ways so I went with a PHP implementation. I'm first retrieving a list of active upcoming events, then feeding the event ID via POST to a page with this code:
$ch = curl_init(); $e_id=$_REQUEST['event_id']; echo "Event ID: "; echo $e_id; curl_setopt($ch, CURLOPT_URL, "https://www.eventbriteapi.com/v3/events/".$e_id."/attendees/"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_HEADER, FALSE); curl_setopt($ch, CURLOPT_HTTPHEADER, array( "Authorization: Bearer YOUR_API_TOKEN_HERE" )); $response = curl_exec($ch); curl_close($ch);
Next up, I need to decode the returned JSON into an array and echo out the names:
$result = json_decode($response, true); // decode the JSON feed foreach($result['attendees'] as $elem) { echo $elem['profile']['name'];
It took me a bit to wrap my head around the JSON structure as it's a nested array, but once I got that sorted I was good to go.
I just finished the ICSI Certified Network Security Specialist online training that is being offered free of charge during the COVID19 pandemic. It took me a few days to do, just a bit of time here and there. If I had an intern or new hire with limited exposure to I.T. security, this would be a great mini-training for them to do.
Verified Certificate of Completion.
As for the company offering this, ICSI’s core programmes have earned accreditation from CREST and NCSC and their courses are accredited by the University of Central Lancashire. I wouldn't put much weight behind the 'certification' bit, but it's a good introduction / refresher for basic I.T. security.
I did a quick guided project on Coursera today on OWASP ZAP. It's pretty cool and useful tool for site vulnerability assessments. Verification Link
We had a notification script failing on several servers today. Turns out Windows PowerShell uses .NET Framework 4.5, which does not include TLS 1.2 as an available protocol (at least on our PS version running on Server 2012R2 & 2016). Two options to fix according to MS:
1. Modify the script in question to include the following:
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
2. Add a system-wide registry key (e.g. via group policy) to any machine that needs to make
TLS 1.2 connections from a .NET app. This will cause .NET to use the "System Default" TLS
versions which adds TLS 1.2 as an available protocol AND it will allow the scripts to use
future TLS Versions when the OS supports them. (e.g. TLS 1.3)
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64
reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:32
I had a bit of time today to look into a couple of online certification courses from the Management and Strategy Institute. Specifically, I took two free offerings on Project Management and Lean Six Sigma. These were both introduction type courses that only took about a half hour each, but I thought the layout was very good. I've been curious about Six Sigma and the information provided was helpful in gaining a better albeit general understanding. Both courses offered a certification exam (online, 15 questions) and an option to have the results registered in their database for verification. What is the value of these certifications? Probably not much. LinkedIn profile fluff for me, but not something I'd list on my resume. Still, they were fun and I learned something along the way.
Lean Six Sigma White Belt Certified (LSSWB)™Earlier this year I purchased a new 4K tv to replace an older TCL 55" that was acting up. I went with a Samsung QLED 65", specifically model QN65Q80RAFXZA. As I had hacked around with the TCL and it's Roku interface enough to figure out it's web interface and API, I figured I'd look into what the Samsung TV has to offer.
First up was a bit of Googling followed by an NMAP (Zenmap) scan of the device. This was first attempted while it was powered off with no success (unlike the TCL / Roku). After powering on and re-scanning, I got results:
Next, I tried accessing each port in a web browser. Not much luck with that, so back to Google where I found an api URL: http://192.168.88.76:8001/api/v2/. This yielded:
Next I found some info on using cURL to GET and POST to URLs like:
curl -X POST -i 'http://192.168.88.76:8001/api/v2/applications/MCmYXNxgcu.DisneyPlus' (opens)
curl -X DELETE -i 'http://192.168.88.76:8001/api/v2/applications/MCmYXNxgcu.DisneyPlus' (closes)
curl -X POST -i 'http://192.168.88.76:8001/api/v2/applications/3201512006785' (Amazon Prime)
curl -X POST -i 'http://192.168.88.76:8001/api/v2/applications/111012010001' (Vudu)
curl -X POST -i 'http://192.168.88.76:8001/api/v2/applications/11101200001' (Netflix)
A little more Google-Fu and I discovered discussions on using wscat to connect to via websockets and sending commands. I have Ubuntu WSL installed, so a quick sudo apt install node-ws and I'm ready to go.
First out of the gate is converting the TV name (found when viewing http://
Next is getting an access token by issuing the command
wscat -n -c https://192.168.88.76:8002/api/v2/channels/samsung.remote.control?name=W1RWXSBTYW1zdW5nVFY=
From here on, connecting can be done with the token in the form of
wscat -n -c https://:8002/api/v2/channels/samsung.remote.control?token=<8 digit token>
Now with the web socket prompt, I can:
list installed apps and their IDs
{"method":"ms.channel.emit","params":{"event": "ed.installedApp.get", "to":"host"}}
{"method": "ms.channel.emit","params": {"event": "ed.apps.launch","to": "host","data": {"appId": "11101200001","action_type": "DEEP_LINK"}}}
{"method":"ms.channel.emit","params":{"event": "ed.apps.launch", "to":"host", "data":{"appId":"org.tizen.browser","action_type":"NATIVE_LAUNCH","metaTag":"http:\/\/hackaday.com"}}}
Taking things a step further, any of the commands that a remote would send can be sent using this methid as well. A list of key commands can be found here:
https://github.com/jaruba/ha-samsungtv-tizen/blob/a644f2db4ba74865ac9b8a12425825aa8a3c3efd/Key_codes.md
The commands would look like:
{"params": {"Cmd": "Click", "Option": "false", "TypeOfRemote": "SendRemoteKey", "DataOfCmd": "KEY_VOLUP"}, "method": "ms.remote.control"}
{"params": {"Cmd": "Click", "Option": "false", "TypeOfRemote": "SendRemoteKey", "DataOfCmd": "KEY_VOLDOWN"}, "method": "ms.remote.control"}
{"params": {"Cmd": "Click", "Option": "false", "TypeOfRemote": "SendRemoteKey", "DataOfCmd": "KEY_INFO"}, "method": "ms.remote.control"}
Amazon announced the addition of source IP filtering for LightSail instance firewalls on May 7th, but I hadn't had time to look for CLI / API documentation updates until today. It was really frustrating that all of the announcement and documentation pages referenced only the GUI controls. I ran across this site which tracks changes to AWS API: https://awsapichanges.info/. Pretty handy!
The inital setup with using S3 to host static files works fine, but it only serves HTTP. I thought I might use AWS ACM (Certificate Manager) to issue a certificate, then use AWS Cloudfront to implement it.
BE SURE TO CHANGE THE REGION TO 'US East (N. Virginia)us-east-1' BEFORE PROCEEDING !!! (ask me how I know)
Within ACM I requested a certificate for *.stanleysteveandrews.net and an additional name of stanleysteveandrews.net and selected DNS verification. In NameCheap, the trailing domain name needs to be stripped from the Host value (see https://stackoverflow.com/questions/51198472/cname-entry-not-working-on-namecheap-using-amazon-certificate-manager). It may take a bit to propogate, and if need be, there are good instructions on troubleshooting the verification here: https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/
Next up is the CloudFront setup:
And that's about it. Now we're serving up HTTPS via Amazon's CDN from an S3 bucket that automatically updates from my Github page which I edit with NotePad++ on Windows and push changes via GIT BASH CLI. Awesome.
Hooked up my personal GitHub.IO page (this page) with AWS S3 static using AWS Code Pipeline. I also needed to set up the GitHub IO page on my persoanl account, which required adding my personal GitHub credentials into Win10 to differentiate between work & personal accounts. I figured using a new domain name would be a good idea as well, so I purchased my vanity .net and .com domains through NameCheap and set redirection to the S3 bucket. I'd like to look into AWS Amplify next to see how it compares to what I have done with Code Pipeline.
Attended in the following sessions in addition to Werner Vogel's opening keynote address:
Studied for and passed 3CX certification exams for
Studied for and passed exam for 3CX Basic Certified Engineer v16