Author: admin@labtinker.net

Authentication
27 February 2021

Smashing in SAML

My aim in this post is to get administrator access to a Palo Alto firewall using SAML authentication. The theory of this proccess is well-documented. Here is a explanation of it from Palo themselves: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVvCAK In summary, SAML allows federated authentication: basically we have a service provider (SP) and an identity provider (IdP) who trust each other. So when a user tries to authenticate to […]

Firewalls
13 December 2020

Checkpoint VPN

I encountered a Checkpoint firewall the other day in the course of my job and realised it had been a few years since I’d worked on one. I think Palo Alto and Fortigate have been stealing Checkpoint’s lunch in the past few years (based on no more than personal experience). At one place I worked which was migrating from Checkpoints to Palo Altos; the former’s […]

DNS
15 November 2020

Barefaced Cheek

I was messing around with various things when I had cause to check the address of this website and found I was getting a different ip address for www.labtinker.net and labtinker.net.  This should not happen because www.labtinker.net has a DNS CNAME record which points to labtinker.net And this in turn points to the ip address of the website: So both these URLs should ultimately point […]

Books
31 October 2020

Wireshark Workbook

With Winter evenings drawing in (in the Northern hemisphere), another lockdown on the cards (everywhere but New Zeland and China), Netflix running out and the liver needing a rest why not augment your familiarity with every networker’s tool of choice: Wireshark? This is a tool I’m sure everyone who’s worked in IT has used at some time in their career to a greater or lesser […]

Authentication
18 October 2020

The Five Trials of Kerberos

I said in my previous post I would discuss how I’d got the Kerberos lab working. The thing is my notes were scrappy and instead of tidying them up it came to me that I’d created a common real-world scenario: a poorly-documented system. Often such systems are encountered by operations staff when said systems are no longer working so let’s break things and see what […]

Authentication
3 October 2020

Who let the dog(s) out?

Kerberos is a venerable and widely used authentication mechanism developed by MIT that underpins Active Directory. A lot of people have posted detailed explanations on how it works like this one: https://www.tarlogic.com/en/blog/how-kerberos-works/ But the labtinker philosophy is to lift this off the page and into a lab so let’s set the stage. There are three actors treading the LAN today: WIN10 is the client, a […]

Personal
20 September 2020

Gather round…

Most commercially available stories we read, hear or view are of exceptional or fantastical events but few of us experience these regularly. In contrast to this, I have been reading ‘The Wrench’ by Primo Levi which celebrates the day-to-day work experiences of a rigger: a man who assembles cranes and bridges. My everyday work is in IT and this is an area that does not […]

Networking
23 August 2020

It’s raining LSAs.

I generally work with security devices and my knowledge on routing protocols gets rusty as I don’t do much with them. However, we’re all supposed to be full-spectrum engineers these days which was brought home to me when I went to an interview a couple of years ago and was asked some questions in this arena…and ummed and arred. Anyways, long story short, to refresh […]

Personal
15 August 2020

Worst Exam Experience Ever

I was taking the SCS-C01 – AWS Certified Security exam today using Pearson Vue’s Online Proctoring . Beforehand, I used their tool to check my machine was to their liking and everything was looking hunky-dory. Following the process outlined in the program I’d downloaded from their website I did the following: cleared the room of any materials that may have unfarily assisted me in my […]

Networking
30 July 2020

Fragmentation

I think the joy of tinkering is that you don’t have to do anything earth-shattering but just messing around can bring home elements you grasp theoretically or only get chance to see or work on occasionally in the wild. This post is a little ropey as it was never intended for publication, but it’s been a thin few weeks as I’m so-say studying for a […]