“How I passed the CISSP in 7 days!"

Is it possible to do this? Sure. Is it realistic? No. Anyone who does it will either be the G.O.A.T. at test taking OR will already have plenty of necessary experience in cyber security. This is not going to be about the contents of the test itself, but what may help YOU pass.

Personally, I took a much slower approach.. The six-month approach. The kind of approach where I started with 2 kids and ended with 3 kids.

Yes, I had a kid along the journey. Yes, I’m insane.

I studied for six months, typically about 2-6 hours per week. Some weeks I didn’t even study. I said I had a third kid, remember?

What helped was the consistent exposure over a long period of time. This helped immensely with knowledge retention! There is one more secret to my success, years of experience in several domains of the CISSP. Here are the SIX resources I used, all less than $100 each.

Syracuse University’s O2O Program

Since I’m a veteran, I was eligible to go through Syracuse University’s Onward to Opportunity (O2O) program. I understand not everyone will qualify.

They no longer offer CISSP, which sucks.. but what it really gave me was structure.

Their program forced me to watch videos and take practice exams. If you sign up for Mike Chapple, Jason Dion, or any other highly rated course that comes with practice exams, you’ll be fine. You need a QUALITY online course that gives you structure and practice exams to dive into at the end.

Mike Chapple’s LinkedIn Learning Course

Mike Chapple is one of the go-to instructors for CISSP. His content is high quality.

His LinkedIn Learning course was great and provided a walk-through of all eight domains. I used it as a refresher and to help to provide a mix-up from the O2O material. The eight domains cover a WIDE range of knowledge.

You are almost never going to be in a job that hits all of them regularly.

Pocket Prep

Live with Pocket Prep. Breathe with Pocket Prep. Sleep with Pocket Prep.. Okay.. maybe not all that. This was easily my most used resource.

In the bathroom? Pocket Prep. Insomnia? Pocket Prep. Waiting in line? Pocket Prep.

The ways to use it are endless. It explains every question and where it is in the ISC2 material.

It helped me reinforce the material in the online videos I was watching, without allowing me to fully memorize practice test answers. As I watched a video about a CISSP domain, I would do some questions in that domain. Pocket Prep allows that.

Kelly Handerhan’s CISSP Mindset

Her video is the most important video you can watch. Period. I found it very late in the game.

Watch her video at the beginning of your journey. Watch it AGAIN 1-2 weeks before your test. Then watch it ONE MORE TIME on test day. Yes. Watch it many times. Worship it.

Be one with the video. You’ll get it once you take the test.

CISSP Exam Cram

This video is a strange one.. I’m not sure if it helped. I think it helped in the sense of giving me structure to my last week. Pete Zerger’s cram video covers all of the domains in 8 hours.

That is a LOT of content in a short time frame.

The last ~7-8 days you can basically watch ONE domain per day and then do practice questions on that domain. This is a method of reinforcement learning..

So I think it helped.

The OFFICIAL ISC2 Study App

You may wonder why I mention the OFFICIAL app last. Honestly.. I only found out about it literally one week before my test day.

I found ISC2’s official app to accurately reflect the STYLE of questions on the test. Who would have thought that ISC2 made their study app be an accurate reflection of the test?

Why do I mention it last? I suggest you DO NOT touch this app until 2 weeks away from test day. Use it at the end so you do not memorize the test and answers it has.

Why? You are using it to confirm readiness rather than to learn new content.

As I answered the ISC2 questions, I felt I knew the material. The answers made sense. I was thinking the way a cyber security leader does. It was coming together. No answer memorizing happened.

Use the app to do a knowledge check during your last week.

My summarized strategy

My overall study strategy simplified:

1. Study casually over a long period

2. Use Pocket Prep and a Udemy or LinkedIn learning course to LEARN

3. Review wrong questions in Pocket Prep over and over

4. Go through practice tests

5. 1-2 weeks from exam day start CRAM week

What does CRAM week look like?

• Start ~8 days in advance

• Watch content on ONE domain per day

• Do ISC2 official app questions in that domain after watching

• Ensure you are answering the official app questions at least 80% right

• If you are not answering the questions well, move your exam day out

Final Advice

This is a test of your mindset. Not a test about remembering ports, protocols, or how to capture network packets.

Think like a leader.

Watch Kelly Handerhan’s video. You WILL pass the test with the right attitude.

Farther down the page I include the exact steps and commands to add a USB-C Jaden printer to Bazzite OS or other similar Fedora based Linux Distros. Feel free to skip ahead.

In the beginning

Over the last year I have been growing tired of Windows as my daily driver OS. What sent me over the edge was a recent Windows 11 update that changed the load order of my Framework 16’s WiFi driver and would Blue Screen Of Death (BSOD) randomly. I went down the path of many fixes, and some seemed like they fixed the issue until they didn’t. I went down the path of driver updates, driver resets, fresh installing Windows updates, etc.

None of those fixes worked. How could I give up the conveniences of Windows though? I dealt with random BSODs for about 3 or 4 months.. hoping. Waiting… More waiting.. I was hoping some fix would come. It didn’t. Then Microsoft announced Windows would become an agentic operating system. I’m not sure I can go a single day without AI or agentic being mentioned at least once now. Enter Linux.

I’m not a psychopath

Listen.. PewDiePie even switched to Linux this year. Our savior of memes. He, however, is clearly a masochist and chose Arch Linux. I’m not ready for that level of struggle. I need something that works reliably and requires little troubleshooting. I had only a two requirements.

• Gaming friendly (Foss article on gaming distros)

• Framework 16 compatibility (Framework supported distros)

You may say I should just use Arch Linux, especially as a Framework user.. and I would agree. I have a Framework 16. It is, honestly, probably the reason Windows 11 was not working well for me. I am clearly willing to suffer endlessly for no reason just for the sake of tinkering. I will pretend like that is not the case here, though.

If you looked at the links for my two requirements you’ll see two distros cross both articles. Ubuntu and Bazzite. I use Ubuntu as my base distro for every homelab project. It comes with very high compatibility and support. I have enjoyed it. I was willing to try something new. Something fresh. I am an elite gamer. I need games like Megabonk or Escape from Duckov to work.

What is Bazzite

What led me to choose Bazzite is that it seemed like a well supported distro. I liked a few things about it, especially the gaming-oriented focus. It comes with Steam. It is clearly meant for gamers. Its Fedora based… Which, prior to Bazzite, I’ve never used a Fedora distro, but it sounds nice. Reddit says Fedora is “bleeding edge”, but stable. Stable, you say? So the opposite of Arch Linux? Now I’m a bit interested. Here is a list of several reasons to choose Bazzite.

• Immutable (system files are read-only)

• Gaming oriented

• Declarative

• Fedora based (bleeding edge)

• Stable (Flatpaks and containerized app management)

• Strong hardware support

• Community support

A road bump with Linux

Looking back.. My first major challenge could have been a deal breaker. I chose an immutable operating system. I’m not supposed to change things. I should not be looking to modify it. I should be using everything out of the box. No modifications. Easy, peasy. Nope.. Wrong.

I sell some 3D prints on Etsy and I periodically need to print shipping labels. I happen to use a bluetooth Jadens BY-C10 label printer that I need to work with my laptop. This printer makes my life so much easier. It saves a LOT of time with shipping labels. Welp, bluetooth doesn’t work. Nothing detected. What about USB-C? It detects it, but nothing.

How do you change an immutable OS? I head off to Jaden’s driver website here. Linux support! Perfect! I download the zip and I find some deb and rpm files.. Well.. That sucks. I don’t have an option to open these file types on Bazzite. ChatGPT… help me.

Adding the Jaden print drivers

The below steps were the steps I used to get the printer working. ChatGPT helped.. but it sure made it more difficult. The amount of extra commands and junk it fed is indescribable.

First you need to use rpm-ostree to add the RPM layer to your local machine. Then reboot the machine.

sudo rpm-ostree install jadens-printer-driver_3.1.5.491_amd64.rpm
sudo systemctl reboot

If you are doing this a lot, an immutable OS is probably not for you.

Confirm you now see the driver.

rpm -qa | grep -i jadens

Next, you can plug in your device and confirm you see it as a usb device. In this instance, I am interested in CUPS (*NIX printing system) detecting it.

lpinfo -v

I still ran into some issues where it was having issues being detected and did a few more troubleshooting steps. I did not see my device on the output above. The next steps were all done together in series and the printer was then detected and in CUPS.

sudo systemctl enable --now cups cups-browsed
sudo systemctl restart cups

I then wanted the printer to be detectable in my browser, Brave. So then I needed to restart Brave.

pkill -TERM brave

After I forced Brave to restart I navigated to http://localhost:631/admin. Log into that using your local machine credentials and go through the respective Add Printer steps. I then restarted Brave once again, because why not.

Immutable to mutable

I’m not sure yet if I’ll stick with Bazzite. I like the simplicity, it is refreshing. I’m not quite used to how Fedora based distros work, but I will at least use it for a few months to give it a try. After the printer driver fiasco, I know that if I have to keep doing that then I will look at another distro. What I love about it is the support for Flatpaks and AppImages. All of the apps run in a localized container and that can help keep my local machine secure.

My DevOps series will cover self-hosting services that will help you learn some DevOps principles. My first post was on why you should version control your homelab, available here. I won’t be teaching introductory level topics because there is already a ton of great content out there. So I won’t cover the basics of docker, linux, networking, etc.

In this post I’m covering using Gitea, Gitea Actions, and a few best practice concepts for automating CI/CD in your lab. This will help you think through solutions in your own lab and whatever you may do for work. This lightweight CI/CD can be used to deploy setup configs, security indicators, network configs, and more! It can be integrated with ansible as well, which I may cover in a later post.

Why Gitea?

There is are a few big players in the code repository space and they are all capable of what I cover. I chose Gitea mainly because it is lightweight and can be self-hosted. In my homelab, Gitea actually syncs with a private Git repository. This is done because I want a backup of my homelab setup outside my homelab. I am treating that as an offsite backup, which your production environment should have a similar design. Back to Gitea, you can deploy it on basically any hardware. I am running it on a Raspberry Pi 4B that boots from a 1TB SATA SSD. Here are some more details on Gitea.

Key Benefits

• Lightweight & fast: Gitea is built in Go and the project has a goal of being lean and uses few resources

• Self-hosted: You can maintain full control of the code and infrastructure

• Built-In CI/CD: Gitea Actions allows automating builds, tests, and deployments and just requires an additional docker container

• Documentation: Gitea has decent documentation and a plethora of writeups on what to do

Gitea Flow

My instructions require you have docker and docker compose available on a host in your homelab. One of the most common ways to deploy Gitea is using Docker Compose. The services are then all accessed using Nginx Proxy Manager. I can do a writeup later on that. If you want to set this up without Nginx then you will need to use a port mapping like - 3000:3000 in your compose files. Here is my code and action flow.

Gitea

I have it use services_default network that all my services run on so they can communicate without exposing ports. I also have it mapping all of the data to /data/gitea so I can easily make backups to protect against hardware failure.

version: '3.8'
services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    volumes:
      - /data/gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - services_default
    restart: unless-stopped
networks:
  services_default:
    external: true

Gitea Runner

This uses the same network as earlier. There are two additional notes with the Runner though. You need to pass environment variables to it so it can connect to your Gitea instance and you will want to map volumes of services you want your Gitea Actions to be able to update easily. This allows me to pull code changes to the mapped volumes for MkDocs and Homepage and then add in necessary API keys for these services after the updates are retrieved.

version: '3.8'
services:
  runner:
    image: gitea/act_runner:nightly
    environment:
      GITEA_INSTANCE_URL: '${INSTANCE_URL}'
      GITEA_RUNNER_REGISTRATION_TOKEN: '${REGISTRATION_TOKEN}'
      GITEA_RUNNER_NAME: '${RUNNER_NAME}'
      GITEA_RUNNER_LABELS: '${RUNNER_LABELS}'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data/mkdocs:/docs
      - /data/homepage:/homepage
    networks:
      - services_default
networks:
  services_default:
    external: true

CI/CD Flow

The Gitea Actions are defined in a foldier .gitea/workflows that is also part of the code repository. You will need to build an action and point it to a flow for this to work. This flow is a basic workflow that will pull updates to mapped volumes and then replace API keys and passwords. It uses stored secrets to access the code repository. Then it runs a shell script that does a string replace with the keys and passwords and their respective environment variable that has been setup. Here is the action workflow.

name: Deploy Docs

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: self-hosted
    steps:
      - name: Install git
        run: |
          apk update
          apk add --no-cache git
      - name: Clone Repository
        run: |
          if [ ! -d "/tmp/labgeek" ]; then
            git clone https://${{ secrets.REPO_USER }}:${{ secrets.REPO_TOKEN }}@gitea.labgeek.io/ed/labgeek.git /tmp/labgeek
          fi
          cd /tmp/labgeek
          git fetch origin
          git reset --hard origin/main
      - name: Copy docs to docs
        run: |
          cp -r /tmp/labgeek/* /docs/
      - name: Copy homepage to homepage
        run: |
          cp -r /tmp/labgeek/docs/include/homepage/* /homepage/
      - name: Replace API keys
        run: |
          # Navigate to homepage directory
          cd /homepage

          # Load environment and replace variables
          chmod +x ./replace_api_keys.sh
          
          # Replace keys
          ./replace_api_keys.sh

Next Steps

I did not cover every component but some of the core ones. I hope this inspires you to explore how you could test out CI/CD in your homelab. If you want to take this to the next level, here are some other components you can integrate.

1. Use a secrets manager service, not environment variables

2. Improve automation with ansible

3. Integrate ssh for services not on the same host (instead of mapping volumes)

There are also some things to consider when automating these components. Managing ssh keys, file permissions, and network permissions were some additional components I had to work through for this to work.

Final Thoughts

This setup will lay the groundwork for understanding a CI/CD pipeline, and you won’t risk blowing up production at work! This entire flow can be setup with a couple Raspberry Pi’s to help simulate network segmentation, ssh keys, and remote file permission issues. The most critical skill you can gain is the desire to learn and troubleshoot. Everyone’s environment will be a bit different and will require research on how to fix it.

Thank you for reading and feel free to reach out for questions or help troubleshooting! I would love to hear from you all.

Threat Intelligence is often discussed as separate from data analytics, but this distinction needs to change. Fundamentally, threat intelligence is data analytics with a focus on threats or adversaries. It often involves custom tools and solutions that aren't necessary. Many of these solutions are tailored to address Extract, Transform, and Load (ETL) problems that exist when working with specialized data. This specialized data can be logs from a private system, combat equipment, or publicly available in a web format.

In cyberspace, threat intelligence closely mirrors traditional data analytics and engineering. The problems with system integrations are very similar, if not identical in many cases. This became clear when learning about Kafka's use in many security stacks to handle ETL processes for system log data. Kafka is also a key tool to queue massive amounts of data in many big data pipelines. It tends to be the backbone of event driven architectures as well.

So What?

If your Threat Intel team does NOT have standard operating practices and lacks a communication channel with leadership then you may find my Cyber Threat Intelligence (CTI) series worth a read. You may also find it interesting if your team does NOT have processes that enable integration with your security operations center, developers, or incident responders.

I'm highlighting Threat Intelligence because it is so similar to traditional data analytics and I see an industry push treating it differently. Threat Intelligence data should influence critical business decisions by key leaders at the strategic level. It should also be used by analysts and operators at the tactical level. Personally, I call this the CTI sandwich.

Strategery

Building on that, CTI is instrumental in supporting decision-making at both the strategic and tactical levels. It's crucial to understand that CTI doesn't make the decisions itself; rather, it equips others to make the right decisions. A common problem is that many organizations fail to integrate CTI into their decision-making processes, but quickly include other traditional data analytics products. Let's break down the two types of decisions that come from threat intel.

• Strategic Level involves long-term, high-level planning that can shape the direction of an organization. Strategic intelligence will build threat actor profiles, industry trends, and can include geopolitical assessments. The people making these decisions will typically be senior leaders and C-Suite members or their representatives.

• Tactical Level focuses on short-term actions aimed at achieving a specific objective or mission. Tactical intelligence guides incident response and threat mitigation in a network. Several pieces of intelligence at this level are Indicators of Compromise (IOCs), exploitable vulnerabilities within a network, or tactics that may be used to compromise a network.

A study on VPNFilter can show the importance of a good threat intelligence strategy, and how it plays a part at multiple levels. In 2018, the Talos Intelligence Group released data about the VPNFilter malware and potentially targeted systems. This immediately highlights both levels of threat intelligence, strategic and tactical. They released the impacted devices and a fix to reduce risk to this malware. Additionally, they included the end target being SCADA systems. This helped leaders at the strategic level make changes to priorities of work and focus for their organization.

Strategic Level

Leaders at the strategic level are planning long-term operations and making decisions at a higher level than what is needed by analysts and operators at the tactical level. At the end of the day, leadership decisions made need to flow down to security analysts and operators that may implement changes that align with the leadership's decisions. Those decisions need a translation to something actionable.

It is important that outputs from CTI help improve the decisions made at this level. What does this mean? Don't send leaders a list of IPs or a list of tactics to integrate into your Security Information and Event Management (SIEM) solution. They need to know answers around the following:

• Recommendations and answers to information requirements

• Recommendations and notification of key decision points

• Industry specific risks and adversary updates that are important

• Assessed actions adversaries may use impact the organization

This list is not comprehensive. Outputting products that support the above decisions made by leadership is just one component of what a CTI team may do. It is important to avoid tactical level information, unless it is truly critical to the decision leaders are making.

Tactical Level

Everyone at the tactical level find themselves in the trenches at one point or another. Day to day operations can get hectic and CTI can be one of the tools to help create order out of the chaos. Products from CTI can drive hunt operations, SIEM rules, or aid in incident response. Having an in-house CTI team can help the products be focused and specialized towards your organization.

Since CTI sits between senior leadership and the security analysts and incident responders the products need to cater to both. The same products that help answer information requirements or industry risk need to also drive the analysts' actions. There are two critical warnings for the CTI products at this level.

• Provide more than just IOC lists

• Outputs need to be actionable

How the analysis from CTI gets to the receivers at the tactical level will depend on your organization and if there are tools already available. If your team doesn't already have a platform then an open-source one like Filigran's OpenCTI may do the trick. A good Threat Intelligence Platform (TIP) will allow you to serve data up to the SIEM and to publish summarized reports, as well as help analyze all of the data being ingested. Some key outputs to focus on are:

• Concise summary of tactics, techniques, and procedures (TTPs) related to organization

• IOC feed integration with SIEM

• Enriching alerts and observations from SIEM

• Integrate solicited feedback

It is important to know these aren't the only outputs, but are some of the key ones. It is also important to know that some outputs can be a simple message on Slack or Teams. You don't need a multi-million dollar infrastructure or set of software licenses to get the job done. The CTI team needs to make sure the intelligence gets to the right people.

Conclusion

Successfully integrating threat intelligence into your organization's decisions and having it drive action is no different than taking the data from your business intelligence team to drive business decisions. The same principles carry over to threat intelligence. Threat intelligence has been around a while and has structure to it. Yet, the CTI team is often one of the last ones added to the organization.

A CTI team needs to be flexible, open to feedback, and quick to process all of the data they ingest. The team needs to be willing to look at things from a different perspective. I recommend skills in data engineering, data science/analytics, and of course cybersecurity. CTI can drive change and action in an organization.

Tab complete is a special feature that most cherish in a CLI application. It can improve user interaction, especially for us lazy typists. It can also reduce errors. Implementing tab complete is not difficult but what if you want it to be dynamic? What about having tab complete for commands and their subcommands? If you start thinking about this, it can quickly add to needing a lot of static methods in an application.

What I'm showing isn't a novel or new approach, but rather a high level understanding of how I implemented. I am using Python's dynamic method creation capability to generate completion methods at runtime and when certain classes get called. It rebuilds the potential tab complete options each time the class is called.

The Problem: A Complex CLI

Build a CLI application with the below capabilities:

• Dynamic commands: commands and subcommands are not fixed and can be added to a database or file and reloaded at anytime

• Nested subcommands: subcommands can be nested under multiple levels

• Tab complete: All levels of the command hierarchy need the ability to have tab completion and the necessary arguments passed to the appropriate subcommand

One might ask why I wanted to make such a complex CLI interface. The problem, at the core, is more about making the CLI interface appear simple, despite however complex the backend might be. I also wanted the codebase to not require any changes when someone adds commands to the application, since these are maintained by a file and/or database.

The Solution: Dynamic Methods

Dynamic method creation allows the generation of methods at runtime or when a class is called, depending on how it is implemented. It is using Python's ability to manipulate class attributes dynamically. What I am going to show will have some missing components. You can see the full code at in my application repo on github/3d6564/artifactor. In the menu.py file you can see how it is implemented. I point to that repository because there are varying levels of complexity and what I implemented is more complex than to do a basic dynamic method for tab complete.

Key libraries needed

I use two libraries to accomplish everything. One is the capabilities of CLI interaction and the second is to build the method map for the commands that get loaded from a file.

• cmd

• inspect

Key methods needed

This is a subset of methods and what their overall purpose is for the dynamic tab complete design.

• dynamic_complete: This is a generic function that handles the logic of tab complete for commands and subcommands. Essentially it fetches possible commands for what has been typed and returns the appropriate potential tab complete results.

• create_complete_methods: This function creates the completion methods dynamically and binds them to the respective class they are called through. If you notice, this will call a method made within itself and it will return those results passed to the dynamic_complete function.

• fetch_subclasses This is a basic function to retrieve the subclasses that meet a certain criteria for a class object

• fetch_nested_submethods: This function will retrieve the possible subcommands that have been made for a class and subclass called. The nested subcommands will need to be made prior to calling this function.

1. Dynamic Complete

In a perfect world, the final return statement is basically never reached.

def dynamic_complete(self, text, line, begidx, endidx, command_name, subcommand_fetchers):
     """dynamic method for tab completion of subcommands and nested subcommands."""
     try:
          remaining_text = line[len(command_name):].strip()
     except Exception:
          return []

     # fetch possible primary subcommands
     possible_matches = subcommand_fetchers.get(command_name)

     # if remaining_text is empty, suggest primary subcommands
     if not remaining_text:
          return [sc + ' ' for sc in possible_matches]

     # split remaining_text to handle subcommands and nested subcommands
     split_text = remaining_text.split(maxsplit=1)
     primary_subcommand = split_text[0]
     remaining_subtext = split_text[1] if len(split_text) > 1 else ''

     # check matching subcommand and not only a space typed
     if ' ' not in remaining_text and primary_subcommand not in possible_matches:
          filtered_matches = [sc for sc in possible_matches if sc.startswith(remaining_text)]
          return [sc + ' ' for sc in filtered_matches]

     # get nested subcommands if subcommand fully typed
     if primary_subcommand in subcommand_fetchers:
          subcommands = subcommand_fetchers[primary_subcommand]
          return [sc for sc in subcommands if sc.startswith(remaining_subtext)]

     return []

2. Create Complete Methods

This binds the generated methods to the respective class when called.

def create_complete_methods(command_name, subcommand_fetchers):
     """Create a complete_<command_name> method dynamically with support for nested subcommands."""
     def complete_method(self, text, line, begidx, endidx):
          return dynamic_complete(self, text, line, begidx, endidx, command_name, subcommand_fetchers)
     return complete_method

3. Fetch Subclasses

This one is pretty straight forward.

def fetch_subclasses(cls):
    """Primary subcommands under 'configure'"""
    subcommands = [subclass.__name__.lower() for subclass in cls.__subclasses__()]
    return subcommands + ['help']

4. Fetch Nested Submethods

This one is very similar to fetch_subclasses but it does it for subcommands.

def fetch_nested_submethods(cls, sub_cls):
     """Nested subcommands under 'configure hosts'"""
     methods = list(set(dir(sub_cls)) - set(dir(cls)))
     if cls == Run:
          methods = [method for method in methods if method.startswith('do_')]
          methods = sorted([method[3:] if method.startswith('do_') else method for method in methods])
     return methods + ['help']

Implementation

The implementation, when I think about it, feels like a migraine. I still want to try to find a way to simplify it, but I just don't know if there is one. Everything gets called under a Cmd class object. The class object dynamically builds a command map when its initialized and that is what will build the basic command map.

It should also be noted that I override the tab completion capability to remove trailing spaces using the command map made during initialization. This all happens in Artifactor's MainCmd class. Also, because of the inherent dynamic nature of the nested subcommands, I have to generate a dynamic help.

A more simple implementation of the dynamic subcommands can be viewed in the Run class. This one is easier to see how the dynamic tab complete works, because it does not have nested subcommand menus like the main menu of the CLI tool.

Conclusion

I have probably done a terrible job of explaining this. I hope I've at least inspired some thoughts on how you could implement something similar, and maybe more simple as well. Feel free to reach out if you have questions or want to collaborate and provide a more simple approach to dynamic nested subcommands in Python!

Happy coding!

I’ll start by saying this.. This isn’t necessarily the right way to do things. This is a way I found that helped get around some environment restrictions I had run into. I was having a difficult time deploying a lambda layer in AWS to use a Markdown library in Python. I could make the layer in my personal account, but I couldn’t get it deployed in the environment I was working in.

This guide will teach you how to package a lambda function in a way that all used libraries are self-contained in the lambda. You may not be able to edit the lambda in the AWS user interface with this method.

Core

To dive right in we will need to have a few things setup. We need to have a folder to use as our self-contained lambda, a matching python version to our lambda runtime (Python 3.7, Python 3.10, etc.), and a virtual environment tool. A lambda can be set to a variety of runtimes and it is important to ensure your current environment is using the matching version of your runtime. Technically, it is possible for a mismatch and it to still work, as long as all associated libraries are compatible.

Your folder structure will look like this at the end:

lambda_funcion.zip
|-- lambda_function.py
|-- <package folders>

There is not an additional subfolder that houses the lambda_function.py and libraries. A subfolder like `python` is not needed for this method. This is different than if you use lambda layers.

Start by organizing your project and environment into a single folder. Once we've created everything, we will move the contents of `site-packages` to the below location, along with the actual lambda function.

<your project name>
|-- <subfolder for virtual env here>
|-- <subfolder for lambda function here>
	|-- lambda_function.py
	|-- <site-packages content here>

Virtual Environment

Confirm your python version matches the desired runtime:

python --version

Set up your virtual environment in the folder mentioned:

python -m venv <location of virtual env folder>

Switch to your virtual environment:

<subfolder for virtual environment>\Scripts\activate

You’ll know if you are in the virtual environment if your PowerShell or terminal looks similar to this:

(your virtual environment)$

Proceed to install all libraries:

(your virtual environment)$ pip install <library name>

Repeat as needed.

Deactivate your environment.

(your virtual environment)$ deactivate

Move Site-Packages contents

Once finished, copy the contents of the site-packages folder from the virtual environment to the path mentioned earlier... This can be done using commands in PowerShell or Windows Explorer. The below command, cp, is just an alias for Copy-Item in PowerShell.

cp -Path .\<subfolder for virtual environment>\Lib\site-packages\ -Recurse -Destination .\<subfolder for lambda>\

Once all of your files and folders are ready and you can zip it up. Zip it from within the subfolder, otherwise it will zip everything inside a folder within the .zip, and we do not want that. Just a reminder that your .zip should now look like this:

lambda_funcion.zip
|-- lambda_function.py
|-- <package folders>

Conclusion

The zip can just be used to replace or make a new lambda. Configure your test case or start using it! Personally, I recommend only using the User Interface for development testing. When you are ready to productionize, make sure you are taking advantage of a code pipeline. All of what has been covered can be automated through automated pipelines like DevOps Pipelines, Gitea Actions, or Git Actions. Happy coding!

I recently realized I had no easy way to spin back up services in my home lab... and that could be a problem. I have over 30 services running at any given time. Version controlling my home lab was truly a game-changer. It has helped me start to get more organized, track changes, and know what worked without fear of things permanently breaking. My home lab work has directly led to success in my career.. and implementing practices like version control is a great example.

Core

So you may be wondering where to get started with version controlling your home lab. There are two main options: use your own version control service or use a service like GitHub. I'm doing both. You might ask what the benefits of using your own service, so here’s a breakdown of some pros and cons.

I am specifically highlighting three positives and two negatives for each option. The lists below are not exhaustive, because there can be arguments made either way. I actually chose to do a mix of both.

DIY version control

Pros

• Plenty of options (Gitea and Gitlab to name two)

• Increased security by keeping it local

• Learn extra tools that expand your skill set

Cons

• Risk of data loss if hardware fails

• Learning curve to implement from scratch

GitHub version control

Pros

• Less configuration to manage

• Still secure with proper configurations

• Public portfolio of skills for future employers

Cons

• Risk of exposing private/sensitive with misconfigurations

• Less control over data

After deciding on the version control method, I recommend using Portainer to manage any containerized services. Portainer simplifies the process and integrates well with Git repositories. You don't need to setup your own runners to deploy code, for example.

Organize your repo

It is important to use a decent structure. Below is a starter structure to organize your home lab. I recommend at least setting up each service group within its own directory. Inside each folder, include the .env needed, and add your .env to your .gitignore!!!!

git_repo
|-- <service name>
	|-- .env
	|-- docker-compose.yml
|-- <service name>
	|-- .env
	|-- docker-compose.yml

Setting up Portainer with Git

1. Setup Portainer CE (If not already configured).

   docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

2. Complete Portainer setup steps available at their docs here.

3. Link Your Git Repository

   1. Navigate to Stacks and select Add Stack

   2. Choose Repository as deployment method, and enter URL the Git repo is accessible from

   3. For authentication, set up a Personal Access Token instead of using your Git password. This is more secure.

4. Automatically Sync

   1. Set Portainer to automatically sync at the desired interval for your needs (10m, 1h, 8h, 12h, etc)

Conclusion

These basic steps should get you going with some ideas to improve your home lab's resiliency. The skills you learn with this can be beneficial in DevOps, system administration, and almost any developer role.

I finally got tired of having to SSH into one of my service virtual machines to start the Docker-Compose file after every reboot. This frustration led me down a rabbit hole of researching the best methods to automate this. Along the way, I discovered a lot controversy over the best method to launch and manage services at system initialization.. A lot of developers seem to have issue with `systemd` over other methods, and even if you should use a task scheduler like `cron` or not. While I don't have an answer to settle that debate for you, I can share what ended up working for me.

Background

I ventured down this path because I've been developing an open-source artifact gathering tool and I needed to automate more of my services to help testing. I've found a ton of uses for redcloud, modified Portainer instance for red teaming. It allows easily spinning up redteam tools in a container. I found this useful because I have been frequently restarting hosts in my homelab while testing my artifact tool.

Creating the Systemd Service File

To automate the startup of my Docker-Compose services, I created a systemd service file. Here’s how I did it:

1. Create the service file:

   sudo nano /etc/systemd/system/redcloud.service

2. Contents of the service file:

   [Unit]
   Description=Redcloud Docker Compose Service
   Requires=docker.service
   After=docker.service
   BindsTo=docker.service
   ReloadPropagatedFrom=docker.service
   
   [Service]
   Type=oneshot
   RemainAfterExit=yes
   ExecStart=/bin/bash -c "docker-compose -f /path/to/compose/redcloud/redteam-compose.yml up -d --build"
   ExecStop=/bin/bash -c "docker-compose -f /path/to/compose/redcloud/redteam-compose.yml down"
   
   [Install]
   WantedBy=multi-user.target
   RequiredBy=network.target
   Also=docker.service

   I won't claim this is the best way to do it, and I welcome any recommendations. However, this configuration worked for me quickly after a couple of other attempts.

Enabling and Testing the Service

Here we enable the service and then just quickly test it worked.

1. Reload the systemd daemon:

   sudo systemctl daemon-reload

2. Start the service:

   sudo systemctl start redcloud

3. Check the service status:

   sudo systemctl status redcloud

4. Reboot host:

   sudo reboot

5. Confirm the service ran and container is running:

   sudo systemctl status redcloud
   sudo docker ps

Conclusion

That's it! Setting up the service was pretty straightforward. While there may be different or better ways to automate Docker-Compose startups, this method worked reliably for my needs. If you have any suggestions or improvements, I'd love to hear them!

Hardware

The hardware on this server is not ideal but this list will hopefully help you know what may be needed.

• CPU: Intel i7-3770 @ 3.4GHz

• RAM: 32GB (4x8GB) DDR3 1333Mhz

• GPU: GTX 1080 with Driver 535.183.01

As you can see, it isn’t much but it also used to be a pretty good gaming PC!

Setup

To get started, I am using Portainer to help orchestrate my docker-compose.yml. This allows me to easily manage multiple containers across a fleet of virtual machines. This particular server is only running Plex and now Ollama.

1. Update packages

   sudo apt update

2. Install NVIDIA drivers and NVIDIA

   sudo apt install nvidia-driver-535

3. Upgrade system and reboot

   sudo apt upgrade
   sudo reboot

4. Install NVIDIA toolkit

   sudo apt-get install -y nvidia-container-toolkit

5. Restart docker

   sudo systemctl restart docker

Your mileage may vary system to system and you may need to install nvidia-docker2 and you may need to use the nvidia-container-toolkit-base instead of what I have above. If you get the error below then you may need to reinstall the NVIDIA drivers.

Failed to initialize NVML: Driver/library version mismatch

Docker Compose

So I talked about how I orchestrate my compose files. I managed to get it to work in a single compose file. I have other things such as a reverse proxy configured that allow me to add SSL certificates on top of these containers. This is mostly pulled from Open WebUI’s github here.

---
version: "3.8"
services:
  ollama:
    volumes:
      - /opt/ollama:/root/.ollama
    container_name: ollama
    pull_policy: always
    tty: true
    restart: unless-stopped
    image: ollama/ollama:latest
    environment:
      - NVIDIA_VISIBLE_DEVICES=all
    deploy:
      resources:
        reservations:
          devices:
            - capabilities: ["gpu"]
  open-webui:
    build:
      context: .
      args:
        OLLAMA_BASE_URL: '/ollama'
      dockerfile: Dockerfile
    image: ghcr.io/open-webui/open-webui:main
    container_name: open-webui
    volumes:
      - /opt/ollama/webui:/app/backend/data
    depends_on:
      - ollama
    ports:
      - 8080:8080
    environment:
      - 'OLLAMA_BASE_URL=http://ollama:11434'
      - 'WEBUI_SECRET_KEY='
    extra_hosts:
      - host.docker.internal:host-gateway
    restart: unless-stopped

Conclusion

Thank you for surviving this long. With the above, I was able to get Llama 3.1 running on my GTX 1080 and it is actually quite fast. I’ve been a big user of OpenAI’s ChatGPT 4o and speed wise, this is a bit faster in its responses.

I did notice some differences. I had to prompt Llama 3.1 to give me code as outputs, otherwise it leaned towards text output. I will post some more in this space as I test it more.

Thanks all!

Cory

I am excited to use this platform to talk about major projects I’m working on. One of the things I have been thinking about the past few months is what can I do to leave a positive impact on the tech and cyber community. I have a passion for programming, data engineering, cloud architecture, 3d printing, and mentoring others.

I wear a few different hats and my experience comes from time working in Military Intelligence and Cybersecurity for the US Army, as well as being a Solution Architect at a software startup and now a Solution Architect at Caterpillar. I have a variety of experience ranging from database administration, programming in Python and Java, data science and machine learning, data engineering, and devops.

I have started an open source project on github (artifactor) and I am hoping to get to a place where it helps fill a gap I’ve seen after talking with many friends and partners. Hopefully I am not just making up the gap either… lol.

Artifactor is meant to help scan any number of hosts in parallel for incident response artifacts using basic SSH/WinRM connections.. There are plenty of tools out there, but I don’t think any are as lightweight and easy to use. The tool is flexible and adaptable.. and will continue to be so. It can gather any artifact retrievable from SSH or WinRM commands… so just about anything.

Thanks for stopping by and I look forward to sharing more.

Cory