64° Adventures

Personal blog with posts about technology, security, photography, and travel

Automated Phishing Analysis with Shuffle - Part I

The purpose of this post is to describe how to use Open Source tools to automatically analyse phishing emails that users (internal / external) has been sent to pre-defined mailbox. The emails are automatically scanned, and any URLs that are discovered are passed on to third-party providers for analysis.

Docker loves Splunk

This article may have been about running Splunk Enterprise in a Docker container, but it is actually about sending logs from Docker containers to Splunk Enterprise on-premises or Cloud deployments. By default, Docker logs JSON-formatted data to the filesystem. This is adequate for simpler systems, but log management (and viewing) becomes less practicable for more complex ones. Sending Docker log direct to the Splunk SIEM system is one technique to make things easier for the admins.

Traefik proxy with Web Application Firewall (WAF)

Traefik proxy is a versatile and very lightweight cloud-native application gateway / load balancer that integrates really well with Docker and Kubernetes, for example. While Traefik is great and brilliant, it lacks Web Application Firewall features and integrations. Traditionally, one need to put some kind of third-party WAF in front of the Traefik and route requests from there to Traefik. This increases the complexity of the system and complicates troubleshooting.