reorg

content/Projects/Creating a Global Attack Map.md → content/1 Projects/Creating a Global Attack Map.md

@@ -1,2 +1,7 @@
+---
+tags:
+  - azure
+date:
+---
 This project creates an attack map of all failed RDP requests made on a honeypot virtual machine.
 

content/AWS/Image transformation using S3 Events and Lambda.md → content/1 Projects/Transforming images using S3 Events and Lambda.md

@@ -1,85 +1,85 @@
-This project will use S3 events that will trigger a lambda. Every time an image is uploaded, it will trigger the Lambda and pixelize the image. 
+This project will use S3 events that will trigger a lambda. Every time an image is uploaded, it will trigger the Lambda and pixelizes the image. 
 
 This lab was taken from Adrian Cantrill's course: https://github.com/acantril/learn-cantrill-io-labs/tree/master/00-aws-simple-demos/aws-lambda-s3-events
 #### Create the S3 Buckets
 In the S3 portal, click on 'Create bucket' we will need to create 2 buckets:
 
-![[Pasted image 20240702113438.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702113438.png]]
 
 Give it a unique name, I named one 'imagepixelationsource' and 'imagepixelationprocessed':
 
-![[Pasted image 20240702115102.png]]
-![[Pasted image 20240702115818.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702115102.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702115818.png]]
 
 ##### Create the Lambda role
 
 Navigate to IAM and select 'Roles', click on 'Create role':
 
-![[Pasted image 20240702120014.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702120014.png]]
 
 Select 'AWS service' and choose Lambda:
 
-![[Pasted image 20240702120116.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702120116.png]]
 
 Give it a name and select 'Create role', we will not be adding any policies yet:
 
-![[Pasted image 20240702120226.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702120226.png]]
 
 Select the role and select 'Add permissions' and 'Create inline policy':
-![[Pasted image 20240702120902.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702120902.png]]
 
 Select JSON and paste the JSON copied from https://raw.githubusercontent.com/acantril/learn-cantrill-io-labs/master/00-aws-simple-demos/aws-lambda-s3-events/01_LABSETUP/policy/s3pixelator.json to here. Edit in the bucket names and account ID:
 
-![[Pasted image 20240702121437.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702121437.png]]
 
 Give the policy a name and click 'Create policy':
 
-![[Pasted image 20240702121628.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702121628.png]]
 
 #### Create the Lambda Function
 
 Navigate to the Lambda page and click on 'Create a function':
 
-![[Pasted image 20240702122338.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702122338.png]]
 
 Author from scratch and fill out the required information:
 	Function name
 	Python 3.9
 	x86_64
 	Use an existing role (Select the role created in the step above)
 
-![[Pasted image 20240702122509.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702122509.png]]
 
 Select the 'Upload from' and choose the .zip file. Upload the .zip file from https://github.com/acantril/learn-cantrill-io-labs/blob/master/00-aws-simple-demos/aws-lambda-s3-events/01_LABSETUP/my-deployment-package.zip :
 
-![[Pasted image 20240702122729.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702122729.png]]
 
 Click on the 'Configuration' tab and under 'Environment Variables', select 'Edit':
 
-![[Pasted image 20240702122953.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702122953.png]]
 
 Add the processed bucket key and value and hit 'Save':
 
-![[Pasted image 20240702123115.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702123115.png]]
 
 Under 'General configuration', change the timeout to 1 minute:
 
-![[Pasted image 20240702123329.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702123329.png]]
 
 Under the 'Triggers' section, add a trigger:
 
-![[Pasted image 20240702123416.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702123416.png]]
 
 Make sure to select the source bucket or it may cause an exponential look and increase your costs!:
 
-![[Pasted image 20240702123606.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702123606.png]]
 
 #### Assembling everything together
 
 Upload an image into the source bucket and see how the processed bucket will output 5 images with varying degrees of pixelation:
 
-![[Pasted image 20240702125012.png]]![[Pasted image 20240702125030.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702125012.png]]![[content/3 AWS Services/Images/Pasted image 20240702125030.png]]
 
-![[Pasted image 20240702125139.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702125139.png]]
 
-![[Pasted image 20240702125252.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702125252.png]]

content/Azure/Azure Custom Domain for EntraID.md → content/2 Azure Services/Azure Custom Domain for EntraID.md

@@ -7,9 +7,11 @@ Navigate to EntraID, select 'Add custom domain' and enter your custom domain in
 ![[Pasted image 20240709134632.png]]
 
 You will need to verify your TXT record in your custom domain registrar and use the information provided by Azure:
+
 ![[Pasted image 20240709134959.png]]
 
 Information entered in namecheap.com:
+
 ![[Pasted image 20240709135040.png]]
 
 In Azure, select 'Verify' and you will receive a notification of a successful verification (It may take 72 hours):

content/AWS/1.0 Amazon Web Services (AWS).md → content/3 AWS Services/1.0 Amazon Web Services (AWS).md

@@ -3,7 +3,7 @@ This is the Amazon Web Services home:
 ## Projects
 Here are some projects I have done with AWS services:
 
-[[Image transformation using S3 Events and Lambda]]
+[[Transforming images using S3 Events and Lambda]]
 
 
 ## Exercises

content/AWS/Connecting CloudWatch to EC2 Instances.md → content/3 AWS Services/Connecting CloudWatch to EC2 Instances.md

@@ -9,37 +9,37 @@ Create an instance and connect to it:
 
 run ```sudo dnf install amazon-cloudwatch-agent```:
 
-![[Pasted image 20240703113643.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703113643.png]]
 
 Type ```y``` and hit 'Enter':
 
-![[Pasted image 20240703113759.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703113759.png]]
 
 ## Create an IAM role
 Navigate to IAM and under Access Management, select Roles and click on the 'Create role' button:
 
-![[Pasted image 20240703114111.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114111.png]]
 
 Select AWS Service and EC2:
 
-![[Pasted image 20240703114211.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114211.png]]
 
 Search up 'CloudWatchAgentServerPolicy' and 'AmazonSSMFullAccess':
 
-![[Pasted image 20240703114349.png]]
-![[Pasted image 20240703114418.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114349.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114418.png]]
 
 Give the role a name and select the 'Create role' button:
 
-![[Pasted image 20240703114613.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114613.png]]
 
 Navigate back into the EC2 portal and right click the instance, go to Security and choose 'Modify IAM role':
 
-![[Pasted image 20240703114730.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114730.png]]
 
 Select the role created earlier in the drop down box and select 'Update IAM role':
 
-![[Pasted image 20240703114910.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703114910.png]]
 
 ### Installing the Agent
 Go back into the EC2 instance, run:
@@ -66,7 +66,7 @@ Use the default name.
 
 Once the configuration has been completed, navigate to the SSM in the portal: 
 
-![[Pasted image 20240703120510.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703120510.png]]
 
 This configuration can now be used in any EC2 deployment.
 
@@ -85,26 +85,26 @@ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-c
 ### Checking CloudWatch Logs
 Go to CloudWatch and under log groups you can see the logs that were generated:
 
-![[Pasted image 20240703121833.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703121833.png]]
 
 Select the access_log and choose a stream:
 
-![[Pasted image 20240703122101.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703122101.png]]
 
 You can see all the log events:
 
-![[Pasted image 20240703122208.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703122208.png]]
 
 ### Checking Metrics
 In the CloudWatch page, navigate to 'All metrics' and select 'CWAgent'
-![[Pasted image 20240703122330.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703122330.png]]
 
 Due to installing the CloudWatch agent on the instance, you can now see all the operating system level metrics:
 
-![[Pasted image 20240703122610.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703122610.png]]
 
 A4L instance CPU metrics:
-![[Pasted image 20240703123301.png]]
+![[content/3 AWS Services/Images/Pasted image 20240703123301.png]]
 
 This project covered installing the CloudWatch Agent on an EC2 instance.
 

content/AWS/Creating and Inviting Accounts in AWS Organizations.md → content/3 AWS Services/Creating and Inviting Accounts in AWS Organizations.md

@@ -12,38 +12,38 @@ To invite an existing account to the org, you need the target account ID or emai
 #### Send Invite
 In the AWS Organizations portal:
 Select 'Add and AWS Account':
-![[Pasted image 20240701100211.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701100211.png]]
 Select 'Send Invitation':
-![[Pasted image 20240701102639.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701102639.png]]
 In the target account, remember to accept the invitation inside the AWS Organizations portal and you are now connected to the organization. To enable role switching, follow below to enable IAM access to the account.
 #### Adding IAM role to target account
 Now that we have sent an invitation, we need to add the proper IAM roles in order to allow access from the management account:
 
-![[Pasted image 20240702080800.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702080800.png]]
 
 Select 'Create Role':
-![[Pasted image 20240702080843.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702080843.png]]
 Select:
 AWS Account>Another AWS Account and enter the management account ID:
-![[Pasted image 20240702080933.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702080933.png]]
 To add permissions, search 'administratoraccess':
-![[Pasted image 20240702081017.png]] 
-You can give it any role name but 'OrganizationAccountAccessRole'  is the standard role name that AWS has when allowing organization access: ![[Pasted image 20240702081048.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702081017.png]] 
+You can give it any role name but 'OrganizationAccountAccessRole'  is the standard role name that AWS has when allowing organization access: ![[content/3 AWS Services/Images/Pasted image 20240702081048.png]]
  Click on 'Create role' when you have finished. You can now go to the Role Switching section below.
 ### Create New Account
 In the AWS portal, navigate to AWS Organizations and select the 'Add an AWS Account':
-![[Pasted image 20240701100211.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701100211.png]]
 Enter a unique username and email address:
-![[2024-07-01 09_51_41-Add an AWS account _ AWS Organizations _ Global — Mozilla Firefox.png]]
+![[content/3 AWS Services/Images/2024-07-01 09_51_41-Add an AWS account _ AWS Organizations _ Global — Mozilla Firefox.png]]
 Once the account has been created, copy the ID (Green Box) and move to the role switching section below:
-![[Pasted image 20240701100310.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701100310.png]]
 Note: You can only access this type of account through role switching.
 ### Role Switching
 For invited accounts: In order to implement this, in the destination account, add an IAM role to allow administrator access for another AWS account.
 
 On the top right side, select the 'Switch Role' button:
 
-![[Pasted image 20240701102311.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701102311.png]]
 
 Enter the:
 - Account ID (Copied earlier in the 'Create Account' section above
@@ -52,14 +52,14 @@ Enter the:
 - Display Color - for easier identification
 Select switch role when done:
 
-![[Pasted image 20240701100506.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701100506.png]]
 
 The console will direct you to the new account which can be identified by the top right corner:
-![[Pasted image 20240701102343.png]]
+![[content/3 AWS Services/Images/Pasted image 20240701102343.png]]
 
 You once you switch the role, you will now see that you are in the target account on the top right corner of the console. To go back select the 'switch back' button:
 
-![[Pasted image 20240702082152.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702082152.png]]
 
 You can now invite, create, and switch AWS accounts. 
 

content/AWS/Revoking AWS Temporary Access Credentials.md → content/3 AWS Services/Revoking AWS Temporary Access Credentials.md

@@ -10,21 +10,21 @@ In order to revoke Temporary Access Credentials, we need to remove active sessio
 
 Navigate to IAM and under Access Management, select Roles:
 
-![[Pasted image 20240702103852.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702103852.png]]
 
 Select the role that was compromised and select 'Revoke sessions':
-![[Pasted image 20240702103958.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702103958.png]]
 
 Click on 'Revoke active sessions':
 
-![[Pasted image 20240702103745.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702103745.png]]
 
 A green banner will notify you that all active sessions have been revoked:
 
-![[Pasted image 20240702104131.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702104131.png]]
 
 If you go back to the permissions tab, you will notice a new policy revoking older sessions:
 
-![[Pasted image 20240702105458.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702105458.png]]
 
 Note: If EC2 instances are using the role, restart the instances and it will regenerate a new set of credentials for the service. 

content/AWS/Securing Access using Service Control Policies.md → content/3 AWS Services/Securing Access using Service Control Policies.md

@@ -11,36 +11,36 @@ If you apply a SCP to an Organizational Unit (OU), everything down the tree will
 
 Navigate to the 'Policies' section of AWS Organizations:
 
-![[Pasted image 20240702084215.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702084215.png]]
 
 Select 'Create policy':
-![[Pasted image 20240702084321.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702084321.png]]
 
 Give it a policy name and description of what it will do:
 
-![[Pasted image 20240702084757.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702084757.png]]
 
 For this example I will be allowing all services while denying EC2 and Budgets:
-![[Pasted image 20240702084844.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702084844.png]]
 
 Navigate back to the main page in AWS Organisations and select which Organizational Unit (OU) you want to apply the policy to. We will be using the PROD OU:
 
-![[Pasted image 20240702085029.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702085029.png]]
 
 Select the polices tab and select 'Attach':
 
-![[Pasted image 20240702085209.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702085209.png]]
 
 Select the SCP you created earlier and click on 'Attach policy':
 
-![[Pasted image 20240702085306.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702085306.png]]
 
 Now that the SCP has been attached, you can navigate into the targeted account and notice that EC2 has been denied:
 
-![[Pasted image 20240702085705.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702085705.png]]
 
 Going into Budgets also show that it has been denied:
 
-![[Pasted image 20240702085839.png]]
+![[content/3 AWS Services/Images/Pasted image 20240702085839.png]]
 
 You can now create and apply SCPs to OUs, effectively allowing or denying access on an organizational scale. 

content/index.md

@@ -6,6 +6,22 @@ Feel free to follow along!
 
 Learn more about me here: https://ottertech.cloud/
 
+Here are some of my projects I've been working with:
+
+AWS:
+[[Transforming images using S3 Events and Lambda]]
+
+Azure:
+[[Creating a Global Attack Map]]
+
+You can also see various projects I've done in the 'Projects' section in the left column.
+
+
+
+
+
+
+
 This site is hosted on Github Pages using Quartz and edited with Obsidian.
 
 Special thanks to Jacky Zhao for creating Quartz!