Sunday, December 31, 2017

Let's Encrypt Certificate Renewal

To renew the certificate that was generated by Let's Encrypt:

1# Go to site
2# Use the same Let's Encrypt Key generated by the site when certificate was originated
3# Get the CSR
4# That's it

Wednesday, November 22, 2017

Proxy PAC Tester v.2.0

New version of Proxy PAC Tester that supports client IP address to be passed to some of the JS function that checks against client IP address.


Wednesday, October 25, 2017

Active Directory GUID

Active Directory GUID is stored as Byte array (Byte[]).

To convert from Byte[] to string:

string guid = new Guid(Byte[] Object).ToString()

To convert from string to Byte[]:

string guid = <string guid here>

Guid g = Guid.Parse(guid);
Byte[] gba = g.ToByteArray();

string result = "";
foreach(Byte b in gba){ result += @"\" + b.ToString("x2"); }

Friday, September 08, 2017

GUID String to Octect String

If you need to perform LDAP query against Active Directory with objectGUID as the filter, you need to convert the string representation of that GUID to octetstring.

For example, if the objectGUID string value is: ffe17244-4c77-48e7-9db7-69578be7e232
You need to convert it to: \44\72\e1\ff\77\4c\e7\48\9d\b7\69\57\8b\e7\e2\32

so then you can provide the LDAP filter with:

To do this by C#, use the following function:

        private string convertStringGuidToOctectString(string guid)
            Guid g = Guid.Parse(guid);
            Byte[] gba = g.ToByteArray();

            string result = "";
            foreach (Byte b in gba)
                result = result + @"\" + b.ToString("x2");

            return result;

Good luck!

Wednesday, August 16, 2017

Let's Encrypt and Sophos XG Firewall

I am publishing my web server behind the Sophos XG firewall. I need SSL certificate that is free and trusted by most of internet browsers. The answer is Let's Encrypt.

I use this site to help integrate with Let's Encrypt :

#1 Generate CSR from the XG firewall and download the CSR and the private key
#2 Navigate to and paste the CSR content
#3 Follow the instruction to validate your domain - I did DNS option by inserting TXT value
#4 Once validation is successful, the signed public key is ready to be downloaded
#5 Upload the signed key to XG firewall along with the private key that was downloaded on step #1
#6 (optional) if XG firewall does not trust Let's Encrypt CA, add this to the Trusted CA


Saturday, July 22, 2017

Another .NET app I wrote to help the project to compare the performance between different web proxies

This app helps me to see the respond time that each proxy responds to a request to a particular URL address. You can specify the header, how many request do you want to perform, so that you can create the "worm" graph. It is quite fun to see this running infinitely.

The picture above shows 2 proxies being compared to hit with IE header and 10 iteration to produce the performance graph.

Thursday, June 15, 2017

Officially SABSA Chartered Security Architect - Foundation (SCF)

Finally got my exam result today and pass both F1 and F2 modules of SABSA Foundation exam, happy day!

Tuesday, May 16, 2017

Proxy PAC Tester

I wrote this .NET program to parse the PAC file and test its exception. This provides the GUI, rather than using google unsupported CLI code.

It supports direct fetch from the URL or static PAC file.

Sunday, April 30, 2017

Ubuntu CIFS Mount to Windows

To support SMB2 mount from Ubuntu to Windows, edit the fstab file and include this:

//windows.domain.local/share/folder /mount/point cifs credentials=/root/.credentials,vers=2.0,iocharset=utf8,sec=ntlm,dir_mode=0770,uid=33,gid=33 0 0

Monday, March 06, 2017

VCP6-NV Today

Yay!! Passed 2V0-641 exam day. Officially VCP6-NV Today. NSX NSX NSX :)

Thursday, February 02, 2017

Bitbucket Installation

I have a need to create code repository locally. I don't want to use code repo in the cloud. Bitbucket is the winner!

#1 - Install Ubuntu 16.10
Download from, get the latest ISO file, boot and install.
During the installation wizard, make sure PostgreSQL is selected and installed.

#2 - Configure PostgreSQL
Login to ubuntu as the standard user

> sudo -u postgres psql postgres

\password mynewpassword


#3 - Create PostgreSQL Database and Role

> sudo -u postgres
CREATE ROLE bitbucketuser WITH LOGIN PASSWORD 'mypassword' VALID UNTIL 'infinity';




#4 - Install Bitbucket
Download the bitbucket installer from
Change the file permission to execute +x
Run it

#5 - Configure Bitbucket
During the configuration wizard, when asked for database, specify localhost, bitbucket as the database, bitbuckeruser and the user and 'mypassword' as the password

Sunday, January 01, 2017

Office 365 & Squid

I had an issue today. My Outlook does not want to connect to office 365 when I setup IE to use SQUID for the proxy. Apparently some of the O365 URLs are resolving up to 25 IP Addresses and depending on the location, some of the connection might get rejected.

By default SQUID only tries the first 10 connections. To change this, edit the squid.conf and add:

forward_max_tries 25

save, restart SQUID instance. Enjoy