[ru] Мои "Flex" факторы работы с инфраструктурой, про 12 факторов Heroku и не только

В Августе 2021 года, когда я запускал OPEN BLD DNS и по сегодняшний день - слыхом не слыхивал про методологию THE TWELVE-FACTOR APP, но когда прочитал, понял - у меня все так и было +- на интуитивном уровне, сегодня хочу рассказать свою версию факторов подхода к разработке, деплою, использованию и отслеживанию работоспособности проектов.

Далее о 12 факторах, моей "Flex" методологии и о том, как это все можно применять на практике:

* Статья о 12 факторах Heroku и моего “Flex” взгляда

~~~

[en] My "Flex" factors working with infrastructure and about of 12-factors app from Heroku

Try to use Google Translator, but I created repo and site for my “Flex” concept:

* Repo: https://github.com/m0zgen/flex-doc
* Site: https://flex-doc.pages.dev

/ The many lives of BlackCat ransomware

Tergeted to Exchange servers. Analysis:

https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/

/ DFSCoerce

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method:

https://github.com/Wh04m1001/DFSCoerce

Simple Knot Resolver installation and configuration example article (ru)

* Install
* Logging
* DNS, DoT, DoH example config
* DNS Forwarding
* RPZ example section
* DNS Application Firewall
* Caching

- https://sys-adm.in/systadm/986-prostoj-primer-ustanovki-i-nastrojki-knot-resolver.html

Misconfig Cloudflare outage) It may be happens to everyone)

[ru] OFFZONE в поисках докладчиков, самое время выслать заявку на участие и тезисы доклада:

https://offzone.moscow/ru/2022-call-for-papers/

[en] OFFZONE Cybersecurity Conference in search of speakers, it's time to send an application for participation and theses of the reports

Open BLD DNS Updating News: New BLD release, New tools and more
 
I'm happy to present new Open BLD release which is already in production 🎉

🌴 Stabilities and Updates:
• Atomizing/Micro-servicing: Different server BLD infrastructure roles
• Alerting coverage: Local and remote BLD services
• Caching: Redis to KeyDB partially changes/migrations
• Caching: Sync caching between different BLD role servers
• Configurable: Minimum TLS version can be setup through config file
• Configurable: Multiple configations supporting
• Configurable: Custom HTTP User Agent for DoH upstreams
• Configurable: Updated conditional Bootstrap and Upstream functionality
• Stability: Auto-recovering and Self-checking mechanisms

🧩 Tools:
• IP Reflector. IP Reflection API Service.
• Monitor.sh. Script for checking systemd unit status
• Self-cert-gen. Simple self signed certificate generator
• monit2telegram. A simple noscript to send Monit alerts using Telegram bot.
• Flex App Additions Methodology. Flow for Engineers, this methodology can be used as additional helper for 12-Factor app or can be used separetely, as standalone practice.

🦚 Agentless BLD:
BLD works without agents or any additional tools and allow to use secure and clean Internet:
• In: Browsers (Chrome, Brave, Firefox, Edge and etc)
• On: Mobile devices (Android, iOS)
• In/On: Computers or networks (Primaty/Secondary DNS)

📟 More details on official BLD site:
• https://lab.sys-adm.in

#free #bld #dns

/ Checkov - static code analysis tool for infrastructure as code (IaC) and also a software composition analysis (SCA) tool for images and open source packages.

New release available here:
* https://github.com/bridgecrewio/checkov

/ ABCsoup: The Malicious Adware Extension with 350 Variants

https://blog.zimperium.com/abc-soup-the-malicious-adware-extension-with-350-variants/

/ USBGuard - can help to protect Linux from BadUSB and etc.

Open Source software framework helps to protect your computer against rogue USB devices (a.k.a. BadUSB) by implementing basic whitelisting and blacklisting capabilities based on device attributes:

https://usbguard.github.io

How to reset Linux user password with Ansible
* [en] - Read

Как сменить пароль Linux пользователя при помощи Ansible
* [ru] - Читать

OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow

In this blog we will provide a deep technical analysis of a new and fully undetected Linux threat we named OrBit..:

https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat

P.S. Thx @Anykey76 ✌️

/ MS Windows Autopatch has arrived

Autopatch helps streamline updating... Anounce:

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-has-arrived/ba-p/3570119

/ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

/ SAP Security Patch Day July 2022: Three Applications in Focus

https://onapsis.com/blog/sap-security-patch-day-july-2022-three-applications-focus

/ Lenovo Notebook BIOS Vulnerabilities

https://support.lenovo.com/kz/kk/product_security/ps500500-lenovo-notebook-bios-vulnerabilities

/ Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

MS uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. MS shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. A fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates released by Apple on May 16, 2022. Microsoft shares the vulnerability disclosure credit with another researcher, Arsenii Kostromin (0x3c3e), who discovered a similar technique independently.

* Article

/ From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA)..:

* Article

/ The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures

https://www.akamai.com/blog/security/paypal-phishing-scam-mimics-known-security-measures

/ NFS RCE

https://www.zerodayinitiative.com/blog/2022/7/13/cve-2022-30136-microsoft-windows-network-file-system-v4-remote-code-execution-vulnerability

/ Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines

https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html