Blog Entries

23. 01. 2025 Alessandro Mizzaro DevOps

Streamlining SSH Access: Leveraging CAs and Principals (Part 1)

Managing an SSH server is easy when you only have one or two servers, but what happens when you have thousands of servers? “Authorized keys” and “known hosts” files are hard to manage across large teams with permissions and roles. Known Hosts and HTTPS Can you tell me the difference between these two images? Nothing….

Read More
22. 01. 2025 Alessandro Mizzaro Development, DevOps

Sign Like a Pro: A Simple Guide to GPG and Web of Trust for Commits

Some time ago, one of my colleagues wrote about git commits and why we should sign them (you should read this). But how can we actually do that? The Web of Trust of GPG comes to our aid. Let’s see how. OpenPGP is the open-source variant of PGP (Pretty Good Privacy), a protocol and software…

Read More
20. 01. 2025 Tobias Goller NetEye

Icinga Director Self Service API Not Working After Keycloak Activation

After updating to NetEye version 4.38 and activating authentication via Keycloak, the Icinga Director Self Service API no longer works. For instance if you install the Icinga agents using a Powershell script that automatically creates the host objects in the Icinga Director when it’s called, then this process will no longer work. That means you…

Read More
17. 01. 2025 Emil Fazzi Automation, Development, Documentation, Log-SIEM

Elasticsearch Magic: Achieving Zero Downtime during User Guide Updates

In a previous blog post by one of my colleagues, we shared how we developed a powerful semantic search engine for our NetEye User Guide. This solution uses Elasticsearch in combination with machine learning models like ELSER to index and query our documentation. While the proof of concept (POC) worked great, there was a challenge…

Read More
16. 01. 2025 Simone Ragonesi Offensive Security, Red Team

Inside the Red Team Toolbox: Linux Info-Gathering

In the realm of red teaming, rapid and efficient information gathering is very important. To streamline this process, we’ve developed Vermilion, a lightweight post-exploitation tool for the rapid collection and optional exfiltration of sensitive data from Linux systems. A significant percentage of computational workflows worldwide run on GNU/Linux. Primarily used in servers and increasingly in…

Read More
13. 01. 2025 William Calliari Development, Icinga Web 2, PHP

Plugin Systems and Capabilities

At the 36th Chaos Communication Congresses back before COVID forced a three year break, I attended a talk from the German tech-blogger Fefe. There he talked about the “nützlich-unbedenklich Spektrum” or in English, the useful – harmless spectrum. He argued that all software lies on that spectrum to some degree. Of course one could argue…

Read More
10. 01. 2025 Damiano Chini Bug Fixes, NetEye

Bug Fixes for NetEye 4.39

We have resolved an issue that prevented Elastic Agents from successfully connecting to the Fleet Server when their requests were excessively large. Additionally, we addressed a bug in the neteye update and neteye upgrade processes, which was incorrectly initiating a rolling restart of Elasticsearch also in cases where this was not necessary. We updated the…

Read More
10. 01. 2025 Simone Ragonesi AI, Cloud, Offensive Security, Red Team

Stay ahead of Cyber Threats: Redefining Security for a Rapidly Changing Digital World

As the digital arena evolves at lightning speed, so do the tactics of those seeking to breach it. Traditional security measures are no longer enough for today’s increasingly sophisticated cyber threats. The perimeter of technological infrastructure is no longer carved in stone – it shifts continuously, reflecting systems that are more distributed and challenging to…

Read More
07. 01. 2025 Massimo Giaimo Threat Intelligence

Gravy Analytics breached (to be confirmed)

WARNING: This post is constantly updated based on new evidence related to the data breach. The famous company Gravy Analytics seems to have suffered an attack. In fact, inside the XSS forum, a post was published, on Sunday night by the user nightly, reporting some evidence of what appears to be a really important exfiltration….

Read More
07. 01. 2025 Davide Sbetti Bug Fixes, NetEye

Bug Fixes for NetEye 4.39

We fixed a bug which was causing Elastic Agents to disconnect themselves at regular intervals from Fleet. We updated the following packages:

Read More
31. 12. 2024 Alessandro Taufer Development, DevOps

Tips for Writing Efficient Python Code

Writing high-performance code is key when tackling complex problems. While it might be tempting to focus on optimizing the programming language itself, the best strategy is often to implement the right algorithm. Let’s take a look at three lesser-known Python libraries that can boost your code’s efficiency without diving into complicated implementations. 1. Deque: The…

Read More
31. 12. 2024 Luca Zeni Blue Team, SEC4U, Uncategorized

That Time I Brought a Velociraptor and a Chainsaw into the SOC

Yes, you read that title right. Today I’m going to tell you about the time I went on a hunt to bring a velociraptor and a chainsaw into the Würth Phoenix Security Operations Center. I know that it might sound strange to many and few will believe it, but I’m sure that once you get…

Read More
31. 12. 2024 Damiano Chini Automation, Development, DevOps

Maintaining Forks of Upstream Projects without git

When adopting an open-source software project that you don’t own, you may find it necessary to modify it partially to meet your specific requirements. However, as you implement those changes, it’s important to recognize that the upstream project will eventually update itself, leading to potential conflicts in the files that both you and the upstream…

Read More
31. 12. 2024 Alessandro Valentini DevOps

GitOps: Pull-based vs Push-based Approaches

When approaching a GitOps workflow you’ll soon have to choose between push- and pull-based approaches. In this blog post I’ll explain the high-level differences of each approach with pros and cons. What is GitOps? GitOps stands for Git Operation: in this workflow all the infrastructure configurations are stored in a Git repository, which represents the…

Read More
31. 12. 2024 Rocco Pezzani Business Service Monitoring, ITOA, NetEye, SLM, Unified Monitoring

Display a Service’s Availability with ITOA

This is that Time of the Year when you begin preparing all your SLA Reports to help you understand how your important services behaved during the year itself. It’s like the end of a horse race, when the bets are settled and you realize whether the bets you placed were right or not. And since…

Read More

Archive