Frode Hus

Entra ID role definitions - an introduction

Microsoft's Entra ID has a ever-growing list of built-in role definitions and you can even create your own. But how do they actually work? When building my Entra Role Reaper application, I needed to understand more about how they are configured and how it all fits together. What

Entra ID Conditional Access: Sign-in Frequency gotcha

The general idea of Sign-in Frequency condition in the Entra ID Conditional Access seems very appealing: When you have a scenario where a user wants to activate their PIM role, you want them to authenticate again to ensure this is not a replay attack or similar. So, you set the

Hacking Featured

Hacking a security camera

Inspired by a colleague, I set out to hack a security camera as a summer project. Probing for UART, accessing boot loader, dumping firmware, troubles and head aches until root access. This is my story.

ASP.NET Core

Integration testing JWT authenticated APIs

How to avoid bypassing authentication in integration tests or depend on external services by issuing valid tokens using a test token provider.

Container

Container security

A compilation of container security tips

Authentication

ASP.Net Web API + Keycloak: A love story

Configuring ASP.Net to use Keycloak for authentication

Authentication

Using MSAL in a React SPA with Keycloak

How to set up MSAL with Keycloak using a Next.js React SPA

Authentication

Setting up Keycloak with MS SQL Server 2019 container

How to set up Keycloak with MS SQL Server 2019

Azure

Azure + Dynamic DNS

Do you have a dynamic IP and a Azure subscription? Let's set up dynamic DNS updates!

Authentication

Creating protected API using Azure Functions .NET Worker

How to secure your Azure Functions .NET Worker (w/.NET 5.0) using Azure Active Directory which works with self-hosting!

Azure Logic App + Azure AD protected Web API

I want to call my Web API using a Azure Logic App with assigned app roles and I don't want the hassle of dealing with secrets and certificates. How?

ASP.NET Core

Using PKCE with ASP.NET Core WebApp and Azure AD

How to drop the not-entirely-secure implicit flow and enable authorization code flow w/PKCE

WSL

Debugging web requests using mitmproxy, WSL and VSCode

If there is one thing I find absolutely essential when doing any kind of development or troubleshooting is to have a good tool for intercepting web requests and inspect the payloads. It takes out a lot of guess work from the process and you can play around with the requests

WSL

Fixing a WSL2 Linux distro that wont start

Or - how I tried to be smart and failed. Sometimes, I forget that the WSL2 doesn't run exactly like normal Linux - systemd doesn't run, for example. So, when I add some NFS mounts to /etc/fstab my whole distro stops responding the next time

Security

Suricata + RPi = Robin to USG's Batman

The Unifi Security Gateway has a nifty threat management module which uses Suricata for IDS/IPS - however, when enabling this you will drop down to 85Mbps on your WAN throughput as it needs to use a lot of resources to inspect the traffic and it cannot off-load to hardware

Security

What you don't know may hurt you

With the rise in breaches and increased focus on cyber security by companies, it is easy to forget that your home is just another IP in the sea and automated attacks don't know (or care) if you are HugeCorp Inc or Billy-Maria Smith. With the current pandemic, many

Security

Sending logs from home network to Azure Log Analytics

I had this thought of using the power of the cloud to secure my home network - basically centralizing interesting logs from various devices on my home network in a Azure Log Analytics Workspace. This would then let me work with this data across sources and play with fun KQL

Security

Automatically block malicious IPs on Unifi Security Gateway

Keeping your firewall rules updated can be a tedious chore when doing it manually - especially when there is so much malicious traffic going on from multiple sources. Here's how I do it on my home network.

WSL

Hack on the go

Straight to it: Windows 10, WSL 2 and Kali. To me: Best of both worlds, but I do realize it is a subject of preference and passion. But, instead of getting into that bit - let's have a look at what that combination gives you! WSL - or

OSCP - My take

As is customary, I thought I would do a review of my OSCP journey (as I can't divulge too many details about the actual exam and such). I got all five boxes and did it on my first try - I was still nervous, though, as the report

Linux

Resize disk for Ubuntu Hyper-V Quick Create image

After installing Ubuntu 18.04 LTS through Hyper-V Quick Create gallery, I quickly ran into an issue of the out-of-disk-space nature. This is because the default root partition size of that image is 11Gb regardless if you expand the VM disk in Hyper-V. Why install Ubuntu 18.04 LTS through

Development

Remote development with VSCode

The @code team shimmied down my chimney really early this year with a awesome present! Finally, I can use my WSL and containerized environments for development in VSCode (also SSH, but thus far hasn't been my need). Introducing Remote Development for @code 🚀💻🛰️ A new set of extensions that

Application Insights

Instrumenting Ghost with Application Insights

Track Ghost requests, performance, exceptions, dependency calls,etc with Application Insights using a custom Docker image.

Personal

Understand limitations, then break them

Don't let the Minecraft theme fool you - read through and see why we all need to challenge limitations. In a fun way ;)

Docker

Docker multi-stage build + Azure Artifacts = true

Problem: When running tasks like dotnet restore inside a Docker multi-stage build, it will fail if nuget.config refers to a Azure Artifacts feed due to 401 - Unauthorized. If using the built-in Azure DevOps tasks for restoring packages, this is taken care for you - once you do this