# Table of Contents - [About Me | Nathaniel Cyber Security](#about-me-nathaniel-cyber-security) - [Homelab | Nathaniel Cyber Security](#homelab-nathaniel-cyber-security) - [Change SSH Port | Nathaniel Cyber Security](#change-ssh-port-nathaniel-cyber-security) - [Portainer | Nathaniel Cyber Security](#portainer-nathaniel-cyber-security) - [Install Docker Ubuntu | Nathaniel Cyber Security](#install-docker-ubuntu-nathaniel-cyber-security) - [Setting up Wireguard | Nathaniel Cyber Security](#setting-up-wireguard-nathaniel-cyber-security) - [Cloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access | Nathaniel Cyber Security](#cloudflare-tunnels-the-cybersecurity-pro-s-secret-weapon-for-secure-cloud-access-nathaniel-cyber-security) - [Opening SSH with Root Access to the World: A Controlled Honeypot Experiment | Nathaniel Cyber Security](#opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment-nathaniel-cyber-security) - [Managing WireGuard Logs with Systemd and Logrotate 🔥 | Nathaniel Cyber Security](#managing-wireguard-logs-with-systemd-and-logrotate-nathaniel-cyber-security) - [Install Active Directory | Nathaniel Cyber Security](#install-active-directory-nathaniel-cyber-security) - [🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box | Nathaniel Cyber Security](#-how-i-routed-my-entire-lab-s-htb-traffic-through-a-single-vpn-box-nathaniel-cyber-security) - [Grup Labs | Nathaniel Cyber Security](#grup-labs-nathaniel-cyber-security) - [Building a Comprehensive AWS Config Lab: Tracking IAM Configuration Changes with SNS and S3 | Nathaniel Cyber Security](#building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3-nathaniel-cyber-security) - [Email Protection | Cloudflare](#email-protection-cloudflare) --- # About Me | Nathaniel Cyber Security ![Page cover](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-b2e04506de3232dcce769e080227f88d21583f77%252Fimage.jpg%3Falt%3Dmedia&width=1248&dpr=4&quality=100&sign=7fb57b78&sv=2) This is my personal blog, which is not associated with any company, and are my personal views ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-e7fbd0aec5e4b6e973b811e6ad5ecb8e4a3b29c0%252FWhatsApp%2520Image%25202023-11-18%2520at%252010.40.50_13275486.jpg%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e307e2d2&sv=2) [](https://docs.wehost.co.in/#about-me) About Me ----------------------------------------------------- * A Tech Geek with business prowess * Gone from Developer to Architecture to Operations to Management to Cyber Security * My Hobbies * Fashion * Automating my life (With my Homelab) * Geeking out in things which peek my interest [](https://docs.wehost.co.in/#certifications) Certifications ----------------------------------------------------------------- ### [](https://docs.wehost.co.in/#cissp) CISSP ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-d4208ceba8384fb6d6bb9cc6eedb2722a88b60e5%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=f17ffaea&sv=2) CISSP * Passed CISSP at the age of 23 * [Verify with credly link](https://www.credly.com/badges/660f96e7-9751-4f67-b163-637f9608b47d) * Want to know how I got CISSP at the age of 23 * [The Journey of how I passed CISSP](https://docs.wehost.co.in/blog/the-journey-of-how-i-passed-cissp) ### [](https://docs.wehost.co.in/#other-certification) Other Certification #### [](https://docs.wehost.co.in/#certified-in-cyber-security) Certified in Cyber Security * Link to [Badge](https://www.credly.com/badges/98cb1c0e-0827-46ad-add7-ecd275b0c130) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-d0efa460f8d7f3a904d5087b9a00a09cb733f55f%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=8ca5a96f&sv=2) Certified in Cyber Security #### [](https://docs.wehost.co.in/#iso-iec-27001-information-security-associate) ISO/IEC 27001 Information Security Associate * Link to [Badge](https://www.skillfront.com/Badges/86910310894979) #### [](https://docs.wehost.co.in/#google-cyber-security) Google Cyber Security * [https://coursera.org/share/7fd4e69b159fc5b210f83b19996a2006](https://coursera.org/share/7fd4e69b159fc5b210f83b19996a2006) [](https://docs.wehost.co.in/#public-interviews) Public Interviews ----------------------------------------------------------------------- ### [](https://docs.wehost.co.in/#john-hammond) John Hammond [](https://docs.wehost.co.in/#public-talks) Public Talks ------------------------------------------------------------- * Breachforce * Diving into nmap How exactly does OS detection work * [https://www.linkedin.com/posts/breachforce\_breachforce-cybersecurity-collaboration-activity-7228840264654626816-TiJ9?utm\_source=share&utm\_medium=member\_desktop](https://www.linkedin.com/posts/breachforce_breachforce-cybersecurity-collaboration-activity-7228840264654626816-TiJ9?utm_source=share&utm_medium=member_desktop) * [How Nmap gets what OS is running by using different probes](https://docs.wehost.co.in/blog/how-nmap-gets-what-os-is-running-by-using-different-probes) * Vidyalankar School of Information Technology (2024) * breaking into cybersecurity * [https://www.linkedin.com/feed/update/urn:li:activity:7098597108487745536/](https://www.linkedin.com/feed/update/urn:li:activity:7098597108487745536/) * keynote speaker at Responsible Netism (2017) * Social engineering high value targets * [https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms](https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms) [](https://docs.wehost.co.in/#fun-facts-about-me) Fun Facts about me ------------------------------------------------------------------------- * started working at the age of 16 doing web development * And things just scaled up from there * I have given multiple speeches but my most notable one is at the age of 17 * [https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms](https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms) * After award a grant by honourable Minister [Ashwini Vaishnaw](https://www.linkedin.com/in/ashwini-vaishnaw-349b40226/) \* * Trained over 1500+ people in cyber security ### [](https://docs.wehost.co.in/#about-this-site) About this Site * This is a public documentation site of the tools and configs to build application faster * The Focus of my home lab is Cybersecurity * building an entire enterprise enviroment [](https://docs.wehost.co.in/#resume) Resume ------------------------------------------------- 66KB [Nathaniel\_resume.pdf](https://556493038-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxMLCiQqJJztvsDM2LNoE%2Fuploads%2Fgit-blob-2d894adcbfab764024ee24fe3160342a898d0dcb%2FNathaniel_resume.pdf?alt=media) PDF Download[Open](https://556493038-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxMLCiQqJJztvsDM2LNoE%2Fuploads%2Fgit-blob-2d894adcbfab764024ee24fe3160342a898d0dcb%2FNathaniel_resume.pdf?alt=media) [](https://docs.wehost.co.in/#links) Links ----------------------------------------------- * [Github](https://github.com/nathaniel-security/Docs) * [linkedin](https://www.linkedin.com/in/nathaniel-fernandes/) [NextHomelab](https://docs.wehost.co.in/homelab) Last updated 21 days ago * [About Me](https://docs.wehost.co.in/#about-me) * [Certifications](https://docs.wehost.co.in/#certifications) * [CISSP](https://docs.wehost.co.in/#cissp) * [Other Certification](https://docs.wehost.co.in/#other-certification) * [Public Interviews](https://docs.wehost.co.in/#public-interviews) * [John Hammond](https://docs.wehost.co.in/#john-hammond) * [Public Talks](https://docs.wehost.co.in/#public-talks) * [Fun Facts about me](https://docs.wehost.co.in/#fun-facts-about-me) * [About this Site](https://docs.wehost.co.in/#about-this-site) * [Resume](https://docs.wehost.co.in/#resume) * [Links](https://docs.wehost.co.in/#links) Copy
Copy
--- # Homelab | Nathaniel Cyber Security ![Page cover](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2Fimages.unsplash.com%2Fphoto-1520869562399-e772f042f422%3Fcrop%3Dentropy%26cs%3Dsrgb%26fm%3Djpg%26ixid%3DM3wxOTcwMjR8MHwxfHNlYXJjaHwxfHxob21lbGFifGVufDB8fHx8MTcwODA1NzEyM3ww%26ixlib%3Drb-4.0.3%26q%3D85&width=1248&dpr=4&quality=100&sign=421afe7c&sv=2) * a place where I upload scripts I have used in my homelab for public documentation * just added a high level architecture diagram below [![Logo](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2Fapp.xmind.com%2Ficon_384.png&width=20&dpr=4&quality=100&sign=69263c45&sv=2)Homelab.xmind | Xmindapp.xmind.com](https://xmind.ai/share/P2MeGbPL?xid=UmBsMPfc) Current Diagram [PreviousAbout Me](https://docs.wehost.co.in/) [NextChange SSH Port](https://docs.wehost.co.in/homelab/change-ssh-port) Last updated 1 year ago --- # Change SSH Port | Nathaniel Cyber Security Copy sudo nano /etc/ssh/sshd_config * Change Port Number #### [](https://docs.wehost.co.in/homelab/change-ssh-port#ftoc-heading-5) Restart SSH For the configuration changes to take effect, restart the SSH service. Run the following command: Copy sudo service ssh restart [](https://docs.wehost.co.in/homelab/change-ssh-port#reference) Reference ------------------------------------------------------------------------------ * [https://phoenixnap.com/kb/change-ssh-port](https://phoenixnap.com/kb/change-ssh-port) [PreviousHomelab](https://docs.wehost.co.in/homelab) [NextInstall Docker Ubuntu](https://docs.wehost.co.in/homelab/install-docker-ubuntu) Last updated 1 year ago --- # Portainer | Nathaniel Cyber Security * Good Docker Management tool * is opensource [](https://docs.wehost.co.in/homelab/portainer#update) Update ------------------------------------------------------------------ Copy sudo apt update && sudo apt upgrade -y [](https://docs.wehost.co.in/homelab/portainer#install-portainer-community-edition) Install Portainer Community Edition ---------------------------------------------------------------------------------------------------------------------------- Copy mkdir portainer_data current_path=$(pwd) sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v $current_path/portainer_data:/data portainer/portainer-ce:latest [PreviousInstall Docker Ubuntu](https://docs.wehost.co.in/homelab/install-docker-ubuntu) [NextInstall Active Directory](https://docs.wehost.co.in/homelab/install-active-directory) Last updated 1 year ago * [Update](https://docs.wehost.co.in/homelab/portainer#update) * [Install Portainer Community Edition](https://docs.wehost.co.in/homelab/portainer#install-portainer-community-edition) --- # Install Docker Ubuntu | Nathaniel Cyber Security ![Page cover](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2Fimages.unsplash.com%2Fphoto-1605745341112-85968b19335b%3Fcrop%3Dentropy%26cs%3Dsrgb%26fm%3Djpg%26ixid%3DM3wxOTcwMjR8MHwxfHNlYXJjaHwxfHxkb2NrZXJ8ZW58MHx8fHwxNzA3MDIwNjYxfDA%26ixlib%3Drb-4.0.3%26q%3D85&width=1248&dpr=4&quality=100&sign=279d6e97&sv=2) [](https://docs.wehost.co.in/homelab/install-docker-ubuntu#install-docker-on-ubuntu) Install docker on ubuntu ------------------------------------------------------------------------------------------------------------------ Copy sudo apt-get update && sudo apt upgrade -y Copy sudo apt-get install \ ca-certificates \ curl \ gnupg \ lsb-release Copy sudo apt install apt-transport-https ca-certificates curl software-properties-common -y Copy curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - Copy sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable" Copy sudo apt install docker-ce -y Copy sudo systemctl status docker [PreviousChange SSH Port](https://docs.wehost.co.in/homelab/change-ssh-port) [NextPortainer](https://docs.wehost.co.in/homelab/portainer) Last updated 1 year ago --- # Setting up Wireguard | Nathaniel Cyber Security * update and upgrade Copy sudo apt-get update && sudo apt-get upgrade -y * install wireguard Copy sudo apt-get install wireguard * edit the sysctl.conf Copy sudo nano /etc/sysctl.conf * uncomment \`net.ipv4.ip\_forward=1\` Copy net.ipv4.ip_forward=1 Copy sudo sysctl -p * wireguard conf Copy cd /etc/wireguard umask 077 wg genkey | tee privatekey | wg pubkey > publickey sudo nano /etc/wireguard/wg0.conf * Server conf (technically its a peer) Copy [Interface] PrivateKey = Address = 10.0.0.1/24 # PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE # PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE PostUp = iptables -A FORWARD -i wg0 -o ens33 -j ACCEPT; iptables -A FORWARD -i ens33 -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -o ens33 -j ACCEPT; iptables -D FORWARD -i ens33 -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE ListenPort = 51820 Table = off [Peer] PublicKey = AllowedIPs = 10.0.0.2/32 , 192.168.0.0/24 , 192.168.0.146/32 * clinet conf [](https://docs.wehost.co.in/homelab/setting-up-wireguard#references) References ------------------------------------------------------------------------------------- * https://upcloud.com/resources/tutorials/get-started-wireguard-vpn [PreviousInstall Active Directory](https://docs.wehost.co.in/homelab/install-active-directory) [NextManaging WireGuard Logs with Systemd and Logrotate 🔥](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate) Last updated 9 months ago Copy wg genkey | tee privatekey | wg pubkey > publickey Copy [Interface] Address = 10.0.0.2/32 PrivateKey = # DNS = 1.1.1.1 [Peer] PublicKey = Endpoint = 110.110.110.110:51820 # Endpoint = :51820 AllowedIPs = 192.168.0.0/24 PersistentKeepalive = 25 --- # Cloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access | Nathaniel Cyber Security ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#backstory-why-i-set-this-up) 🔥 Backstory: Why I Set This Up * One of my internal apps was **exposed on the internet** despite being **proxied through Cloudflare**. * Anyone scanning the internet (like Shodan or Censys) could hit it directly, even though Cloudflare was enabled * Enter: **Cloudflare Tunnel** no exposed ports, no firewall nightmares, no BS. * * * Would you like me to add a little `shodan.io` search reference or a quote from your internal logs to give it that gritty realness? ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#tl-dr) ✨ TL;DR Use **Cloudflare Tunnel** to securely expose multiple web apps (on different ports) to the internet using **just one tunnel**, without opening a single port on your firewall. This blog walks through: * Creating the tunnel * Mapping subdomains to services * Auto-starting with systemd * * * ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#why-use-cloudflare-tunnel) 🧠 Why Use Cloudflare Tunnel? * 🔐 No port forwarding * 💸 Free for personal and dev use * 🌍 Expose multiple apps via subdomains * 📦 Works great with local HTTPS and Docker * * * ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#my-setup) ⚙️ My Setup * OS: Ubuntu 22.04 (but any Linux works) * Cloudflare domain: `wehost.co.in` * Goal: Expose multiple local apps like: * `test.wehost.co.in` → `localhost:8002` * * * ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-1-install-cloudflared) 🚀 Step 1: Install `cloudflared` ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-2-authenticate-with-cloudflare) 🔐 Step 2: Authenticate with Cloudflare * This opens a browser window. Select your domain, and Cloudflare will generate a credentials file. ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-3-create-the-tunnel) 🌪️ Step 3: Create the Tunnel This creates a tunnel and saves a `.json` credentials file under `~/.cloudflared/`. You can confirm with: ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-4-create-config-file) 🛠️ Step 4: Create Config File Create a `config.yml` in `~/.cloudflared/`: Replace `` with the one from `cloudflared tunnel list`. ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-5-route-the-subdomain) 🌐 Step 5: Route the Subdomain This links your tunnel to the subdomain in Cloudflare DNS. ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-6-run-the-tunnel) ✅ Step 6: Run the Tunnel You should see output like: ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-7-auto-start-on-boot-with-systemd) 🔁 Step 7: Auto-Start on Boot with systemd Create the service file: ### [](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#whats-next-auto-magic-with-ci-cd) 🔮 What’s Next: Auto-Magic with CI/CD Now that the tunnel’s solid, I’m planning to take it a step further: > **The next iteration of this setup will integrate with a CI/CD pipeline** so every time I deploy a new app or update port mappings, the pipeline will: > > * Automatically update the `config.yml` > > * Push it to the server > > * Restart the Cloudflare tunnel service > > * Route any new subdomains on the fly > Think: zero-touch deployments with automatic subdomain provisioning. No more manual edits, no more downtime just ship and forget. Stay tuned — that one’s gonna be fun. 🔧🚀 [PreviousManaging WireGuard Logs with Systemd and Logrotate 🔥](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate) [Next🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box) Last updated 8 months ago * [🔥 Backstory: Why I Set This Up](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#backstory-why-i-set-this-up) * [✨ TL;DR](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#tl-dr) * [🧠 Why Use Cloudflare Tunnel?](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#why-use-cloudflare-tunnel) * [⚙️ My Setup](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#my-setup) * [🚀 Step 1: Install cloudflared](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-1-install-cloudflared) * [🔐 Step 2: Authenticate with Cloudflare](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-2-authenticate-with-cloudflare) * [🌪️ Step 3: Create the Tunnel](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-3-create-the-tunnel) * [🛠️ Step 4: Create Config File](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-4-create-config-file) * [🌐 Step 5: Route the Subdomain](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-5-route-the-subdomain) * [✅ Step 6: Run the Tunnel](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-6-run-the-tunnel) * [🔁 Step 7: Auto-Start on Boot with systemd](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-7-auto-start-on-boot-with-systemd) * [🔮 What’s Next: Auto-Magic with CI/CD](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#whats-next-auto-magic-with-ci-cd) Copy wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb sudo dpkg -i cloudflared-linux-amd64.deb Copy cloudflared tunnel login Copy cloudflared tunnel create test Copy cloudflared tunnel list Copy nano ~/.cloudflared/config.yml Copy tunnel: credentials-file: /home/groot/.cloudflared/.json ingress: - hostname: test.wehost.co.in service: https://localhost:8002 originRequest: noTLSVerify: true - service: http_status:404 Copy cloudflared tunnel route dns test test.wehost.co.in Copy cloudflared tunnel --config ~/.cloudflared/config.yml run test Copy Starting tunnel tunnelID=... Using CurveP256... Copy sudo nano /etc/systemd/system/cloudflared-test.service Copy [Unit] Description=Cloudflare Tunnel - test After=network.target [Service] TimeoutStartSec=0 Restart=always ExecStart=/usr/local/bin/cloudflared tunnel --config /home/groot/.cloudflared/config.yml run test User=groot Environment=HOME=/home/groot [Install] WantedBy=multi-user.target Copy sudo systemctl daemon-reexec sudo systemctl daemon-reload sudo systemctl enable cloudflared-test sudo systemctl start cloudflared-test --- # Opening SSH with Root Access to the World: A Controlled Honeypot Experiment | Nathaniel Cyber Security > _"If you're going to set a trap, make sure it looks like a jackpot."_ * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#it-started-with-a-one-way-conversation) 🐱 It Started with a One-Way Conversation Before any real hackers showed up, I decided to have a little fun. I shared the open SSH port with a friend and told him to "explore freely." What followed was pure comedy. He logged in, typed commands like `clear`, `ls`, `cat`, `man`, and even tried chatting with the server: > `"what the f*** is the server"` `"why have you even exposed this on internet to waste our time"` `"please get a life bro"` Meanwhile, I sat back, silently watching him yell at a machine that logged everything without a response. Here’s a live snapshot from that session ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-c99df332b32e4f691a76b00ec5de1b4b551cd29b%252FScreenshot%2520from%25202025-04-28%252023-33-08.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ef6b2ec0&sv=2) * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-goal) 🎯 The Goal After laughing way too hard, I got serious. This wasn’t about trolling, it was about building a **controlled honeypot** designed to capture real-world attacker behaviour. The mission: * **Expose a fake SSH service** offering **root access**. * **Isolate** the honeypot completely from the real internet. * **Control** entry points with tight firewalling and routing. * **Observe** and log attacker behaviour safely. In short: ✅ Full control. ✅ Full visibility. ✅ Zero risk. * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-architecture) 🛠️ The Architecture The setup involved two servers: Machine Role IP / Interface Notes `shaddykrupa` Cowrie SSH Honeypot `192.168.237.128` (host-only network) No internet access `shaddy-reverse-proxy` Reverse Proxy LAN Interface: `ens33`, Host-Only Interface: `ens37` Port `2000` exposed to the Internet (exposed on port 22 publically so technically 3 layers of network translation 2 NAT and 1 PAT ) **Traffic flow:** ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-firewall-iptables-rules) 🔥 The Firewall (iptables) Rules Here’s the exact firewall script I used on `shaddy-reverse-proxy`: This setup ensures: * Only traffic on port `2000` is accepted and redirected. * Packets are rewritten so Cowrie sees them correctly. * Invalid traffic is dropped to harden the proxy itself. * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#watching-the-world-come-in) 🧪 Watching the World Come In Once the trap was live, it didn’t take long. Bots, opportunistic attackers, and noisy scanners started pouring in each believing they had **found an open root-access SSH server**. They spammed password attempts, tried `wget` malware downloads, dropped crypto-miners, and some immediately fired off `rm -rf /*` like it was Christmas morning. Meanwhile, Cowrie quietly logged everything. * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#key-observations-so-far) 📈 Key Observations (So Far) * **Attackers behave differently** when they think they have root: bold, reckless, and noisy. * **Speed is insane**: The first bot hit within minutes of exposure. * **Defence in depth is non-negotiable**: Even honeypots need strong isolation. * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#whats-next) 🛡️ What's Next? This is just the beginning. I'm **continuing to log** and **analyse** all incoming activity. The real fun starts now: studying **what the bots do**, how they behave, and what tools and malware they attempt to deploy when they believe they've found root access. Will try and put updates soon with: * Full analysis of attacker behaviour over time * Common attack patterns spotted in the wild * Tricks attackers use once they believe they "own" a system * * * ### [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#final-thoughts) 🧠 Final Thoughts This wasn’t just about catching hackers / Bots — it was about **understanding them**. Learning how fast they move, how they think, and how to outwit them. By exposing fake root access in a controlled, isolated, and fortified environment, I got a front-row seat to the chaos without ever risking a real system. And honestly? Watching my friend get mad at a fake server was just a bonus. * * * [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#tl-dr) 🎯 TL;DR ------------------------------------------------------------------------------------------------------------------------------------ I opened SSH with root access to the world, but the only ones who got pwned were the bots. And a little bit... my friend too. [](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#reference) Reference ----------------------------------------------------------------------------------------------------------------------------------------- * [cowrie docker compose](https://gist.github.com/nathaniel-security/c7d662d0460af15f73e0c70c938b80f6) * [iptables](https://gist.github.com/nathaniel-security/dc6165ae26b301f858a749e6a5db8df7) [Previous🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box) [NextCyberSecurity](https://docs.wehost.co.in/cybersecurity) Last updated 7 months ago * [🐱 It Started with a One-Way Conversation](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#it-started-with-a-one-way-conversation) * [🎯 The Goal](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-goal) * [🛠️ The Architecture](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-architecture) * [🔥 The Firewall (iptables) Rules](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-firewall-iptables-rules) * [🧪 Watching the World Come In](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#watching-the-world-come-in) * [📈 Key Observations (So Far)](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#key-observations-so-far) * [🛡️ What's Next?](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#whats-next) * [🧠 Final Thoughts](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#final-thoughts) * [🎯 TL;DR](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#tl-dr) * [Reference](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#reference) Copy [ Attacker ] ⬇️ Public IP (Port 22 externally) ⬇️ shaddy-reverse-proxy:2000 (LAN-facing) ⬇️ iptables DNAT ⬇️ shaddykrupa:2222 (Cowrie Honeypot) Copy # Flush old NAT rules if needed sudo iptables -t nat -F # Forward all TCP traffic hitting port 2000 on the LAN-facing interface to Cowrie sudo iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 2000 -j DNAT --to-destination 192.168.237.128:2222 # Allow forwarding sudo iptables -A FORWARD -p tcp -d 192.168.237.128 --dport 2222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Masquerade the packets so they appear to come from the proxy sudo iptables -t nat -A POSTROUTING -o ens37 -p tcp -d 192.168.237.128 --dport 2222 -j MASQUERADE sudo iptables -A INPUT -m state --state INVALID -j DROP sudo iptables -A FORWARD -m state --state INVALID -j DROP --- # Managing WireGuard Logs with Systemd and Logrotate 🔥 | Nathaniel Cyber Security When managing a **VPN like WireGuard**, logging is crucial for **monitoring activity, debugging issues, and ensuring security**. But if left unchecked, logs can **grow rapidly** and become unmanageable. In this guide, we’ll **set up Systemd** to capture WireGuard logs dynamically and use **Logrotate** to keep them under control automatically. ### [](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#setup-a-systemd-file-to-store-logs) Setup a Systemd file to store logs **Step 1: Create a Systemd Service to Store Logs** First, we need to create a Systemd service that continuously logs WireGuard activity. 🔹 Open a new Systemd service file: Copy nano /etc/systemd/system/wireguard-log.service 🔹 Add the following configuration: Copy [Unit] Description=WireGuard Dynamic Debug Logging After=network.target [Service] ExecStart=/bin/bash -c 'dmesg -wT | grep wireguard >> /var/log/wireguard-dyndbg.log' Restart=always RestartSec=5 StandardOutput=null StandardError=null [Install] WantedBy=multi-user.target 🔹 Reload and restart Systemd to apply changes: 🔹 Verify that the service is running: ### [](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#set-up-logrotate-for-automatic-log-management) **Set Up Logrotate for Automatic Log Management** Now, let’s ensure our logs don’t grow indefinitely by setting up **Logrotate**. 🔹 Install Logrotate (if not already installed): 🔹 Create a Logrotate configuration file: 🔹 Add the following configuration to manage log rotation: Test Your Log Rotation Setup To **force** log rotation manually: [PreviousSetting up Wireguard](https://docs.wehost.co.in/homelab/setting-up-wireguard) [NextCloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access) Last updated 9 months ago * [Setup a Systemd file to store logs](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#setup-a-systemd-file-to-store-logs) * [Set Up Logrotate for Automatic Log Management](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#set-up-logrotate-for-automatic-log-management) Copy sudo systemctl daemon-reload sudo systemctl restart wireguard-log.service sudo systemctl enable wireguard-log.service Copy sudo systemctl status wireguard-log.service Copy sudo apt update && sudo apt install logrotate -y Copy nano /etc/logrotate.d/wireguard Copy /var/log/wireguard-dyndbg.log { daily rotate 7 compress delaycompress missingok notifempty create 0640 root root postrotate systemctl restart wireguard-log.service > /dev/null 2>&1 || true endscript } Copy sudo logrotate -v /etc/logrotate.d/wireguard Copy sudo rm -f /var/lib/logrotate/status sudo logrotate -f /etc/logrotate.d/wireguard Copy ls -lh /var/log/wireguard-dyndbg.log* --- # Install Active Directory | Nathaniel Cyber Security * Config * 4 GBram * 4 cores * windows server 2019 ### [](https://docs.wehost.co.in/homelab/install-active-directory#install-windows-server) Install Windows server * remove the floppy disk before starting it * else it keep asking for product key ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-6b65a3e360e82b7e1c80b48107ee43fba79ea350%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ea51c711&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-83c0e38e74ea6d6ad04025a5263ab7747c24075e%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=866a0e56&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-9c3701556d509201f0765e37d1d2342601e75193%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=4a2a664f&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-dccec0c5adbcf0ee891d638f557f4a2c179526bc%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=44acc654&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-d72479e4accfd3ad416748d42e200c408572f085%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=d43ce089&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-ad9596cfe0e2c4ed8e6e78152bc5b418c5f1571b%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=12bd1212&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-93750e5ac794ff8e032c69d5a2b725ed96a55923%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2ca328c8&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-db6cc4b9d186841bf65840e8d239a2ee2e07d5a4%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=ca3dcb87&sv=2) ### [](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory) Install Active Directory #### [](https://docs.wehost.co.in/homelab/install-active-directory#rename-server) Rename Server ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-8ea766aa778929e2370331a6e824cf540e9ac801%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6e2a02a3&sv=2) ### [](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory-services) Install Active Directory Services ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-7edbb00f5f8b69835fef5f55729648d43c62a41d%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1c896989&sv=2) * click on add roles and features ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-e850b2267c3c09ef350cee3c02e6d223090cb87e%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6520f394&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-caf6e8e33ba0654749a06c2af83a70671dffff13%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6ba2a469&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-a960b5499d0e15cd7b96f6422dbb9c25c4324d4c%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=311b8bf4&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-807157d8a6f50ea5976e31a952015a500b12eb22%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2def4bc4&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-0c45159d8c524289c7105673dae227747f2860c7%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=2c26bbf2&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-f3733ae40ce83d6ffadced3dee506c8fe4606886%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=6b4b23cb&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-74f003ad1e81c02241fb80bd3fe64da308f41211%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=c224f122&sv=2) ### [](https://docs.wehost.co.in/homelab/install-active-directory#promote-to-domain-controller) Promote to domain controller ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-f82005a4f2455f8d3fe4982f7c1629a426ac25ed%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=9208c6f9&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-7ef0d356e02bfa6d95d99c58e4dcab6fb55b75eb%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a58f0213&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-0bdf942e1fb9011e49c4cc3a6ea21e6fee274e0f%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=95227728&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-1f86f37c34c386ea3e8d199a9fe64683606e92f4%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=75723ea7&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-4951f0cae0092c0cda18900a515c5abdd723c178%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=93983d3f&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-503e8129dd7410a606c1a09a63bce771736acdbd%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=32bd5658&sv=2) ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-eada4760f96c9c2a0e91f64fec86a3809ab7f6b7%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=23af0335&sv=2) * then Install ### [](https://docs.wehost.co.in/homelab/install-active-directory#add-user-to-domain) Add user to Domain ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-1b56bb3f945dcf633abaf02daeac71578823cecb%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=4c2411bd&sv=2) * click on Active directory Users and computers ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-a25371e79632f70fc03e14452fb169e3806a8ac9%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=67179b2&sv=2) [PreviousPortainer](https://docs.wehost.co.in/homelab/portainer) [NextSetting up Wireguard](https://docs.wehost.co.in/homelab/setting-up-wireguard) Last updated 1 year ago * [Install Windows server](https://docs.wehost.co.in/homelab/install-active-directory#install-windows-server) * [Install Active Directory](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory) * [Install Active Directory Services](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory-services) * [Promote to domain controller](https://docs.wehost.co.in/homelab/install-active-directory#promote-to-domain-controller) * [Add user to Domain](https://docs.wehost.co.in/homelab/install-active-directory#add-user-to-domain) --- # 🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box | Nathaniel Cyber Security ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-problem) 😤 The Problem If you’re working in a lab environment and doing serious work with Hack The Box (HTB), chances are you've got automation running scanners, exploit frameworks, recon tools, and maybe even a full orchestration setup. The catch? HTB traffic only routes through their VPN tunnel. So unless _every single_ box in your lab connects to the VPN (spoiler: bad idea), you’re stuck. ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-goal) 🎯 The Goal Instead of duct-taping VPN clients on every box, here’s what we want: * **Single system connected to HTB VPN** * **All LAN devices route HTB-bound traffic through that system** * **Clean iptables rules that don’t wreck your firewall** * **Scriptable and reversible setup that “just works”** ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-setup) 🧠 The Setup Here’s the architecture: * **LAN Interface:** Your main interface (e.g., `ens33`) * **VPN Interface:** Where your HTB VPN is connected (`tun0`) * **LAN Subnet:** `192.168.0.0/24` * **HTB Subnet:** `10.10.0.0/16` We’re going to build a gateway that transparently routes traffic from your LAN to HTB over the VPN. ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-script) 🛠️ The Script 👽 Link to updated [code](https://gist.github.com/nathaniel-security/0b63812f96c7dfca8c66b7e6a4176d2f#file-connect_htb-sh) ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#connect-my-client) 💥Connect my client * `10.10.11.165` is an HTB IP address of the box * `192.168.0.251` my proxy\_box IP address * to delete the ip route ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#real-world-use-case) ⚡ Real-World Use Case Now every system on my network even my toaster (I always knew it was destined for great things) can reach any HTB target, without needing its own VPN setup. 🤖🔗💣 ### [](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#final-thoughts) 💬 Final Thoughts This isn’t about fancy scripts or over-engineering (I tend to do it a lot but don't we all). It’s about having a reliable, controlled setup that routes HTB traffic through your VPN **without reinventing the wheel or smashing your firewall with a sledgehammer**. You now have a surgical routing setup. There are no hacks, no weird side effects, and just a clean flow from your lab to HTB. [PreviousCloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access) [NextOpening SSH with Root Access to the World: A Controlled Honeypot Experiment](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment) Last updated 8 months ago * [😤 The Problem](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-problem) * [🎯 The Goal](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-goal) * [🧠 The Setup](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-setup) * [🛠️ The Script](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-script) * [💥Connect my client](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#connect-my-client) * [⚡ Real-World Use Case](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#real-world-use-case) * [💬 Final Thoughts](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#final-thoughts) Copy # Define variables LAN_IFACE="ens33" # LAN_IFACE: The interface connected to your local network (home lab or automation server). VPN_IFACE="tun0" # VPN_IFACE: The interface created by HTB's OpenVPN connection. LAN_SUBNET="192.168.0.0/24" # LAN_SUBNET: The subnet used by your internal LAN devices. HTB_SUBNET="10.10.0.0/16" # HTB_SUBNET: The IP range used by HTB target machines. This is what we want to reach via VPN. echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward # 🚀 Enable IP forwarding # Required so it can forward traffic from LAN to VPN sudo iptables -F sudo iptables -t nat -F # Flushes all filter and NAT rules. # ⚠️ Warning: This will wipe existing firewall rules. Fine for a lab, dangerous in production. # NAT outgoing traffic to VPN sudo iptables -t nat -A POSTROUTING -s $LAN_SUBNET -d $HTB_SUBNET -o $VPN_IFACE -j MASQUERADE # Changes the source IP of packets from your LAN going to HTB, so they appear to come from your VPN interface IP. # Allow traffic from LAN to VPN and back sudo iptables -A FORWARD -s $LAN_SUBNET -d $HTB_SUBNET -i $LAN_IFACE -o $VPN_IFACE -j ACCEPT # Allows packets going from LAN to HTB (via VPN) sudo iptables -A FORWARD -d $LAN_SUBNET -s $HTB_SUBNET -i $VPN_IFACE -o $LAN_IFACE -j ACCEPT # Allows return packets coming from HTB back to LAN Copy sudo ip route add 10.10.11.165 via 192.168.0.251 dev wlp0s20f3 Copy sudo ip route del 10.10.11.165 via 192.168.0.251 dev wlp0s20f3 --- # Grup Labs | Nathaniel Cyber Security ![Page cover](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2Fimages.unsplash.com%2Fphoto-1728632286888-04c64f48e506%3Fcrop%3Dentropy%26cs%3Dsrgb%26fm%3Djpg%26ixid%3DM3wxOTcwMjR8MHwxfHNlYXJjaHw3fHxjcmF6eSUyMGxhYiUyMHNjaXxlbnwwfHx8fDE3NTQ1ODU1MDF8MA%26ixlib%3Drb-4.1.0%26q%3D85&width=1248&dpr=4&quality=100&sign=a1824d19&sv=2) Welcome to **Grup Labs** my personal collection of hands-on labs designed to help you **replicate**, **break**, and truly **understand** how real-world technologies work. > Why "Grup"? It’s a stylized nod to the Turkish word for _group_, and maybe a subtle _Star Trek_ Easter egg (grups = grown-ups). But more than that, it reflects the idea of collaboration and learning by doing. This isn’t your average write-up. Each lab here is built like a mini-CTF focused not just on hacking for flags, but on learning how: * 🧠 Protocols behave * 🔐 Misconfigurations lead to real vulnerabilities * 🛠️ Enterprise tools and SaaS services operate under the hood * 🌐 Tech stacks interact and break in the real world Whether you’re a red teamer, a defender, or just someone who enjoys pulling things apart to see how they tick, **these labs are made for you**. All labs are open-source, replicable, and structured to guide you through practical insights, not just walkthroughs. No fluff. Just raw learning. Let’s get building. ⚙️ [PreviousTartarSauce – HTB Walkthrough](https://docs.wehost.co.in/ctf-walkthrough/tartarsauce-htb-walkthrough) [NextAmazon Macie Lab: Spotting Sensitive Data Like a Boss](https://docs.wehost.co.in/grup-labs/amazon-macie-lab-spotting-sensitive-data-like-a-boss) Last updated 4 months ago --- # Building a Comprehensive AWS Config Lab: Tracking IAM Configuration Changes with SNS and S3 | Nathaniel Cyber Security ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-cebad14d471d0c17e165677ea679d9512acee2f0%252F384a8516-5f79-4c11-b1e0-ed949d73b181%281%29.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=a3fc03a6&sv=2) ### [](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#introduction) Introduction Identity and Access Management (IAM) sits at the heart of AWS security. A single unnoticed change to a role, policy, or user could open the door to privilege escalation or unauthorised access. This lab demonstrates a **Proof-of-Concept (POC)** setup using **AWS Config** to **track IAM configuration changes** in real-time, send **notifications via SNS**, and store **detailed history in S3** for long-term analysis. This implementation is simple enough for a lab environment yet practical enough to adapt directly to production. ### [](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#why-this-lab-matters) Why This Lab Matters AWS Config is a **configuration change tracking** service that can record the history of your AWS resources. By targeting IAM resources specifically, this setup focuses on **high-impact security changes** such as: * Creation or deletion of IAM users * Policy attachments or removals * Trust policy modifications * Privilege escalations With **SNS for real-time alerts** and **S3 for historical storage**, you get both immediate visibility and an audit-ready trail of every change. ### [](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#lab-architecture) Lab Architecture **Flow Overview:** 1. **AWS Config** records IAM resource changes. 2. **SNS Topic** receives change notifications. 3. **S3 Bucket** stores configuration history and snapshots. ### [](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#prerequisites) Prerequisites Before you start, make sure you have: * An AWS account with permissions to: * Create and configure AWS Config * Create IAM roles, SNS topics, and S3 buckets * Basic understanding of IAM roles and policies **Extra Considerations:** * **Regional Awareness:** IAM is global service, enable AWS Config’s _global resource recording_ in only one region to avoid duplicate charges. * **Cost Management:** AWS Config charges per configuration item. Record selectively. * **Permissions:** AWS Config’s service role must have permissions for S3 and SNS ### [](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#aws-config-setup) AWS Config Setup ### [](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#let-aws-config-create-storage-and-notifications) Let AWS Config Create Storage and Notifications For this lab, instead of manually creating the S3 bucket and SNS topic, we used AWS Config’s built-in option to **automatically provision** them during initial setup. ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-5351f136b1f6dd66def66e3d6f13ae666e055a58%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=e8407570&sv=2) When you choose this option: * AWS Config creates an S3 bucket with a unique name (e.g., `awsconfig-bucket-1234567890-region`). * ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-eaeb223dec32e682361386db7d54fdd21a3fce02%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=efffe203&sv=2) * An SNS topic is created and automatically linked to AWS Config. * ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-702ab64b170b96ba51dc99e3e6510169e344c0d2%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=7c25cd7e&sv=2) * All necessary permissions are applied by default. **Why this is useful for a POC:** * Zero additional setup - you can go from nothing to a working lab in minutes. * AWS handles IAM policies for these resources automatically. * Great for testing AWS Config capabilities without worrying about infrastructure. **Things to note for production:** * Auto-created buckets have generic names and no lifecycle policies by default - storage can grow quickly. * SNS topics will need explicit subscription management to send notifications where you need them. * You might want to enable S3 versioning and custom bucket policies for compliance. ![](https://docs.wehost.co.in/~gitbook/image?url=https%3A%2F%2F556493038-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FxMLCiQqJJztvsDM2LNoE%252Fuploads%252Fgit-blob-ae12f03962c8cdbbf7f7704e5f912eca6dbd480c%252Fimage.png%3Falt%3Dmedia&width=768&dpr=4&quality=100&sign=1ed00bed&sv=2) [PreviousAmazon Macie Lab: Spotting Sensitive Data Like a Boss](https://docs.wehost.co.in/grup-labs/amazon-macie-lab-spotting-sensitive-data-like-a-boss) [NextAWS NACL vs Security Group: The Practical Guide (With Console Walkthroughs)](https://docs.wehost.co.in/grup-labs/aws-nacl-vs-security-group-the-practical-guide-with-console-walkthroughs) Last updated 4 months ago * [Introduction](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#introduction) * [Why This Lab Matters](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#why-this-lab-matters) * [Lab Architecture](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#lab-architecture) * [Prerequisites](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#prerequisites) * [AWS Config Setup](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#aws-config-setup) * [Let AWS Config Create Storage and Notifications](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#let-aws-config-create-storage-and-notifications) --- # Email Protection | Cloudflare Please enable cookies. Email Protection ================ You are unable to access this email address docs.wehost.co.in ------------------------------------------------------------- The website from which you got to this page is protected by Cloudflare. Email addresses on that page have been hidden in order to keep them from being accessed by malicious bots. **You must enable Javascript in your browser in order to decode the e-mail address**. If you have a website and are interested in protecting it in a similar way, you can [sign up for Cloudflare](https://www.cloudflare.com/sign-up?utm_source=email_protection) . * [How does Cloudflare protect email addresses on website from spammers?](https://developers.cloudflare.com/waf/tools/scrape-shield/email-address-obfuscation/) * [Can I sign up for Cloudflare?](https://developers.cloudflare.com/fundamentals/setup/account/create-account/) Cloudflare Ray ID: **9ae6af0f6c4638a3** • Your IP: Click to reveal 54.237.218.47 • Performance & security by [Cloudflare](https://www.cloudflare.com/5xx-error-landing) ---