Hackwekend Series
Info
This session is about me and you who sit and learn new things security in the weekend. Try best and have fun !!!
Timeline: 2022 - Current
2022-2023
- Hackwekend Session 0 - QRCode Vulnerabilities (Malicious QRCode gain access to reverse shell level) - About the vulnerable with QRCode, How we can gain access to victim machine and bypass QRCode
- Hackwekend - Session 1 (Pentester web - Security Lab) - About the vulnerable machine is take a look and gain access to collecting flag (CTF)
- Hackwekend Session 2 - Information Security, Team and Phishing Attack - The session talk about what and why we have InfoSec and work like a team. Additional, Talk about Phishing Attack, Questions and how to reproduce
- Hackwekend - Session 3 Attack and Exploit GraphQL ? - Session is about GraphQL, Dangerous with technologies and some challenge to find flag with CTF style
2024
- Hackwekend Session 4 - Cloud Security (AWS EKS) - Session is about AWS EKS Security, Vulnerable in K8s Cluster and Play CTF to figuring out what should need protected (EKS Cluster Game prod by Wiz.io)
- Hackwekend Session 5 - Cloud Security (AWS IAM Policy) - Session is about AWS IAM, How to authentication or bypass methodology to read and list contents inside the S3 bucket, learn more about
sns,sqs,cognitoservices of AWS Cloud (Big IAM prod by Wiz.io) - Hackwekend Session 6 - Cloud Security (Network and Red Team) - Session is about more than cloud security, but more approach to networking and red team methodology to recon, attack the target with unique way like
lateral movement,nfs,tcpdump,dnscanandistio,kyvernoonkubernetes( K8slan prod by Wiz.io)
Kubewekend Series
Info
Brand new series about
kubernetes, and it will release at least one time a week on the weekend. On this session, I will share aboutkubernetes,networking,devsecopsand moreover, It will give you idea, and practice environment to understand many new technologies. Try best and have fun with me πππ
Timeline: July 2024 - Current
2024
- Kubewekend Session 1: Build up your host with Vagrant - This lab is take the topic around play and practice with
vagrant- the software can help you provide the virtual machine in your host. First step way to setupkubernetescluster inside your machine, and play with on next session - Kubewekend Session 2: Setup Kind cluster with Ansible - This lab is practice with
ansiblethe configuration for setupkindcluster inside machine on the previous session - Kubewekend Session 3: Basically about Kubernetes architecture - This session talk about basically architecture and learn more fundamental components inside
kubernetes, and what the structure of them inside clusters. - Kubewekend Session 4: Learn about ebpf with hubble and cilium - This session will talk and learn about
eBPFand the especially representation ofeBPFareciliumandhubbleto become main CNI of Kubewekend and talk about Observability of them - Kubewekend Session 5: Build HA Cluster - This session is really pleasant when we talk about how can create HA cluster with
kubewekend, learn more the components insidekubernetesand try figure out aboutnetwork,security,configuration,container runtimeandsystemvia this session - Kubewekend Session 6: CSI and Ceph with Kubewekend - This session is covered about topic storage inside
Kubernetescluster, how can they work withCSIArchitecture and why we need toCSI Driverfor handle this stuff. Furthermore, I try to practice withCeph- one of popular storage opensource forKubewekendcluster
DevOps - Tutorials from zero to hero
Info
This session which talk about my growth up from zero to hero in DevOps career path when I took a position from intern to official in company. About tutorial and some technologies which need to learn and control to become DevOps
Timeline: 2023
2023
- DevOps Training Session 1: The flag view with DevOps
- DevOps Training Session 2: Networking
- DevOps Training Session 3: OS - Scripting with powershell & bash
- DevOps Training Session 4: Docker
- DevOps Training Session 5: NGINX
- DevOps Training Session 6: Cloud - Azure
- DevOps Training Session 7: Terraform
- DevOps Training Session 8: Cloud - IAM
- DevOps Training Session 9 + 10: Cloud - Networking - AutoScaling VM
- DevOps Training Session 11: Cloud - Pipeline (Azure-Pipeline)
- DevOps Training Session 12: Cloud - Packer
- DevOps Training Session 13: Cloud - K8s Overview
- DevOps Training Session 14+15: Cloud - K8s Networking, Configuration, Security && Storage
- Devops Training Session 16: Setup Grafana and Prometheus (ONM Tools)
CTF (Capture the Flag) and write up
Info
Like you know about my profile, I start with in CTF player and Web Pentester. So CTF is field, games and contest which I gain my experience and figure out myself in Security. In this session, Itβs about the challenge which make me give a time to research and find the flag, cool stuff and not waste your time
Timeline: 2022 - Current
2022-2023
- Flag Hoarding mapleCTF (2022) - (misc/forensic)
- Dode ascisCTF (2022) (Misc/Forensics)
- Hack The Boo (Hackthebox-Forensic-2022)
- ICTF August 2022
- Image Editing - CTFLearn (Crypto/Hard)
- Write up about IDOR
- Write up about SSTI
Vulnerable Research
Info
In this session, I will share and talk about web security and vulnerable which you need to interacted and figuring out how we can find it in real website
Timeline: 2023 - Current
2023
- Pentest Top 10 OWASP with Juice-Shop-OWASP
- SQL Injection - Part 1 (Practical PortSwigger)
- SQL Injection - Part 2 (Practical on PortSwigger)
- SQL Injection - Part 3 (Practical PortSwigger)
- Cross-site scripting (Practice on PortSwigger)
- Research about Top 10 OWASP
- Snyk vs Sonarqube - Securing your code
- Insecure Direct Object Reference (IDOR)
- Server Site Template Injection (SSTI)
- Authentication Bypass
- Content Discovery
- Subdomain Enumeration
- Walking An Application
- Top 10 OWASP
- Web fundamentals
- Cross Site Scripting ( XSS )
- SQL Injections
- GraphQL
- Command injection
- CVE-2023-34092 - Path Equivalence in Vite
Tech Research (What is)
Info
In this session, About the shared research for community which i make and find out how to play with it, setup and make usage or tutorial for doing something
Timeline: 2023 - Current
2023
- NGINX vs Apache ? How does it work? Why is NGINX compared to Apache β> How is it stronger and weaker?
- Different btw CMD vs Entrypoint vs RUN in Docker
2024
- Backup and Restore methodology for PostgreSQL
- What is Wrapper Pattern ?
- What is Helm?
- What is Milvus?
DIY + 41st Time (Do it yourself)
Info
The session which bring the experience when I try to self hosted or making a cool things by myself. It can be deliver for people which need to figure out something πππ
And I talk about the experience when I work and approach new technics or technologies for first time. Learn from the scratch, and do interesting things. βββ
Timeline: 2023 - Current
2023
- Selfhosted NAS with Raspberry Pi 4
- Setup the virtual machine Linux and Windows for Agents and Azure-Pipelines
- Integration Performance Query for MySQL or PostgreSQL
- Setup MySQL with Wordpress in k8s - Easy migrate or not !!
- Ansible, Terraform and your first infrastructure
- Robust Scanner - Vulnerable Scanning
- Deploy your alert with Grafana by Terraform and some common error with K8s
- 0-downtime with Blue-Green Deployment
- Monitoring with Portainer
- Setup PostgreSQL with Ansible
- NTMA for anomalies detection and autoscaling
- Create Free SSL with Letβs Encrypt and Certbot
- NGINX and everything about it
2024
- Profiling applications with Pyroscope
- Do self-hosted analytics platforms for you website with automatically SSL domain
- How can protect React secrets?
- Setup Environment for build android
- Build mobile with fastlane (Part 1)
- Build mobile with fastlane (Part 2)
- Fastway to deploy your application
- Play with Makefile for 1st time
- Compile gRPC for 1st time
- Build your wiki for 1st time
- Atlantis with ECS for automatic provisioning
- Create SSL Cert with ACM and Route53 for AWS Services
- Build mobile with Expo (Part 1)
- Build mobile with Expo (Part 2)
- AWS SSO from Self Gitlab Terraform Module Registry
- Switch Role between AWS Accounts
- Protect sensitive data and secret files with sops
CI/CD + OS Profile Gallery
Info
More talk about CI/CD with multiple purpose, try to approach and gain the experience on multiple platform. Still update when have new things LOL π. And additional information about OS profile that tell about what things I have inside my host
Timeline: 2024 - Current
2024
Helpful Collections + Snippets
Info
More about my collection which talk about multiple topics, and technologies in multiple field like AI, ML, DevOps, Security and moreover, with a little bit snippet which most of useful tool that I have tried πππ
Timeline: 2024 - Current
2024
Collections
- Operation System both of Linux and Windows
- Docker and Kubernetes
- Developer
- Database and Storage
- Cyber & Info Security
- Artificial intelligence, Machine Learning and Data Science
- DevOps, Systems and Technologies
- Softwares and Tools Helpful Pages