LDAPS with self-signed certificate

Alex Mags

Azure badger “Create a picture in the style of a pixar movie of a friendly badger, working in an office IT department, using encryption to secure Microsoft Active Directory” - bing chat

This post describes how to keep user passwords transmitted in LDAP authentication requests safe. Lightweight Directory Access Protocol (LDAP) is an open standard for directories. It underpins Microsoft Active Directory Domain Services (ADDS). Applications need to check in with a central directory to authenticate user sign-ins. Other authentication protocols oAuth,SAML,Kerberos, even NTLM are prefered but still, even today, you’ll need to accomodate self-hosted business applicaitons that only support LDAP for authenticaiton. In my experience these are often JAVA developed apps or apps hosted on Linux. This post has some PowerShell generate encryption certificates (private and public keys) to enable SSL encrypted LDAPS communication with domain controllers.

Cooking for engineers - Aioli garlic mayo

Alex Mags


Here’s the technical specification for a Aioli also known as garlic mayo. Goes well with seafood or chicken. You make a garlic paste by drawing the back of a knife over chopped cloves. The raw garlic is punchy!.

Cooking for engineers - Soda bread recipe

Alex Mags

soda bread!

Here’s the technical specification for a tasty loaf of bread. A restaurant near me serves and sells this bread. It’s very quick to make and so tasty! The kefir/buttermilk is slightly acidic; this reacts with the bicarbonate of soda to release carbon dioxide which expands in the mixture to make the bread rise.

Firewall policy as code with Hashicorp Terraform

Alex Mags

Azure badger “in the style of a pixar movie poster, draw a friendly badger configuring a firewall with code” - bing chat

Hashicorp Terraform is a tool for managing infrastructure as code. You describe the desired state in versioned text files and the Terraform tool will drag your infrastructure into that state. Sometimes it feels like creating the code takes longer than just using the admin GUI to get something done. Sometimes it’s MUCH faster… This post describes adding 300 address ranges to a network security rule in just one line. How to create a terraform list from a text file.

How to Disable NetBIOS and LLMNR

Alex Mags

NetBIOS Meme

Hey defenders! Hackers and pentesters hate it when you disable the old NetBIOS network service. They love to respond to NetBIOS requests from PCs on your company LAN so they can impersonate your servers and steal some credentials. Here’s how to disable the old NetBIOS service so as not to give hackers and pentesters an easy ride.

Checking SaaS security configuration (SSPM)

Alex Mags

Was your SaaS software configured securely when it was deployed? Is it still configured securely now?
This article discusses the risk to your data of misconfigured/unhardened SaaS software and the emerging products to automate security checking of SaaS.