# Table of Contents
- [About Me | Nathaniel Cyber Security](#about-me-nathaniel-cyber-security)
- [Homelab | Nathaniel Cyber Security](#homelab-nathaniel-cyber-security)
- [Change SSH Port | Nathaniel Cyber Security](#change-ssh-port-nathaniel-cyber-security)
- [Portainer | Nathaniel Cyber Security](#portainer-nathaniel-cyber-security)
- [Install Docker Ubuntu | Nathaniel Cyber Security](#install-docker-ubuntu-nathaniel-cyber-security)
- [Setting up Wireguard | Nathaniel Cyber Security](#setting-up-wireguard-nathaniel-cyber-security)
- [Cloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access | Nathaniel Cyber Security](#cloudflare-tunnels-the-cybersecurity-pro-s-secret-weapon-for-secure-cloud-access-nathaniel-cyber-security)
- [Opening SSH with Root Access to the World: A Controlled Honeypot Experiment | Nathaniel Cyber Security](#opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment-nathaniel-cyber-security)
- [Managing WireGuard Logs with Systemd and Logrotate 🔥 | Nathaniel Cyber Security](#managing-wireguard-logs-with-systemd-and-logrotate-nathaniel-cyber-security)
- [Install Active Directory | Nathaniel Cyber Security](#install-active-directory-nathaniel-cyber-security)
- [🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box | Nathaniel Cyber Security](#-how-i-routed-my-entire-lab-s-htb-traffic-through-a-single-vpn-box-nathaniel-cyber-security)
- [Grup Labs | Nathaniel Cyber Security](#grup-labs-nathaniel-cyber-security)
- [Building a Comprehensive AWS Config Lab: Tracking IAM Configuration Changes with SNS and S3 | Nathaniel Cyber Security](#building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3-nathaniel-cyber-security)
- [Email Protection | Cloudflare](#email-protection-cloudflare)
---
# About Me | Nathaniel Cyber Security

This is my personal blog, which is not associated with any company, and are my personal views

[](https://docs.wehost.co.in/#about-me)
About Me
-----------------------------------------------------
* A Tech Geek with business prowess
* Gone from Developer to Architecture to Operations to Management to Cyber Security
* My Hobbies
* Fashion
* Automating my life (With my Homelab)
* Geeking out in things which peek my interest
[](https://docs.wehost.co.in/#certifications)
Certifications
-----------------------------------------------------------------
###
[](https://docs.wehost.co.in/#cissp)
CISSP

CISSP
* Passed CISSP at the age of 23
* [Verify with credly link](https://www.credly.com/badges/660f96e7-9751-4f67-b163-637f9608b47d)
* Want to know how I got CISSP at the age of 23
* [The Journey of how I passed CISSP](https://docs.wehost.co.in/blog/the-journey-of-how-i-passed-cissp)
###
[](https://docs.wehost.co.in/#other-certification)
Other Certification
####
[](https://docs.wehost.co.in/#certified-in-cyber-security)
Certified in Cyber Security
* Link to [Badge](https://www.credly.com/badges/98cb1c0e-0827-46ad-add7-ecd275b0c130)

Certified in Cyber Security
####
[](https://docs.wehost.co.in/#iso-iec-27001-information-security-associate)
ISO/IEC 27001 Information Security Associate
* Link to [Badge](https://www.skillfront.com/Badges/86910310894979)
####
[](https://docs.wehost.co.in/#google-cyber-security)
Google Cyber Security
* [https://coursera.org/share/7fd4e69b159fc5b210f83b19996a2006](https://coursera.org/share/7fd4e69b159fc5b210f83b19996a2006)
[](https://docs.wehost.co.in/#public-interviews)
Public Interviews
-----------------------------------------------------------------------
###
[](https://docs.wehost.co.in/#john-hammond)
John Hammond
[](https://docs.wehost.co.in/#public-talks)
Public Talks
-------------------------------------------------------------
* Breachforce
* Diving into nmap How exactly does OS detection work
* [https://www.linkedin.com/posts/breachforce\_breachforce-cybersecurity-collaboration-activity-7228840264654626816-TiJ9?utm\_source=share&utm\_medium=member\_desktop](https://www.linkedin.com/posts/breachforce_breachforce-cybersecurity-collaboration-activity-7228840264654626816-TiJ9?utm_source=share&utm_medium=member_desktop)
* [How Nmap gets what OS is running by using different probes](https://docs.wehost.co.in/blog/how-nmap-gets-what-os-is-running-by-using-different-probes)
* Vidyalankar School of Information Technology (2024)
* breaking into cybersecurity
* [https://www.linkedin.com/feed/update/urn:li:activity:7098597108487745536/](https://www.linkedin.com/feed/update/urn:li:activity:7098597108487745536/)
* keynote speaker at Responsible Netism (2017)
* Social engineering high value targets
* [https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms](https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms)
[](https://docs.wehost.co.in/#fun-facts-about-me)
Fun Facts about me
-------------------------------------------------------------------------
* started working at the age of 16 doing web development
* And things just scaled up from there
* I have given multiple speeches but my most notable one is at the age of 17
* [https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms](https://marathi.indiatimes.com/maharashtra/mumbai-news/work-together-for-cyber-security/articleshow/60784898.cms)
* After award a grant by honourable Minister [Ashwini Vaishnaw](https://www.linkedin.com/in/ashwini-vaishnaw-349b40226/)
\*
* Trained over 1500+ people in cyber security
###
[](https://docs.wehost.co.in/#about-this-site)
About this Site
* This is a public documentation site of the tools and configs to build application faster
* The Focus of my home lab is Cybersecurity
* building an entire enterprise enviroment
[](https://docs.wehost.co.in/#resume)
Resume
-------------------------------------------------
66KB
[Nathaniel\_resume.pdf](https://556493038-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxMLCiQqJJztvsDM2LNoE%2Fuploads%2Fgit-blob-2d894adcbfab764024ee24fe3160342a898d0dcb%2FNathaniel_resume.pdf?alt=media)
PDF
Download[Open](https://556493038-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxMLCiQqJJztvsDM2LNoE%2Fuploads%2Fgit-blob-2d894adcbfab764024ee24fe3160342a898d0dcb%2FNathaniel_resume.pdf?alt=media)
[](https://docs.wehost.co.in/#links)
Links
-----------------------------------------------
* [Github](https://github.com/nathaniel-security/Docs)
* [linkedin](https://www.linkedin.com/in/nathaniel-fernandes/)
[NextHomelab](https://docs.wehost.co.in/homelab)
Last updated 21 days ago
* [About Me](https://docs.wehost.co.in/#about-me)
* [Certifications](https://docs.wehost.co.in/#certifications)
* [CISSP](https://docs.wehost.co.in/#cissp)
* [Other Certification](https://docs.wehost.co.in/#other-certification)
* [Public Interviews](https://docs.wehost.co.in/#public-interviews)
* [John Hammond](https://docs.wehost.co.in/#john-hammond)
* [Public Talks](https://docs.wehost.co.in/#public-talks)
* [Fun Facts about me](https://docs.wehost.co.in/#fun-facts-about-me)
* [About this Site](https://docs.wehost.co.in/#about-this-site)
* [Resume](https://docs.wehost.co.in/#resume)
* [Links](https://docs.wehost.co.in/#links)
Copy
Copy
---
# Homelab | Nathaniel Cyber Security

* a place where I upload scripts I have used in my homelab for public documentation
* just added a high level architecture diagram below
[Homelab.xmind | Xmindapp.xmind.com](https://xmind.ai/share/P2MeGbPL?xid=UmBsMPfc)
Current Diagram
[PreviousAbout Me](https://docs.wehost.co.in/)
[NextChange SSH Port](https://docs.wehost.co.in/homelab/change-ssh-port)
Last updated 1 year ago
---
# Change SSH Port | Nathaniel Cyber Security
Copy
sudo nano /etc/ssh/sshd_config
* Change Port Number
####
[](https://docs.wehost.co.in/homelab/change-ssh-port#ftoc-heading-5)
Restart SSH
For the configuration changes to take effect, restart the SSH service. Run the following command:
Copy
sudo service ssh restart
[](https://docs.wehost.co.in/homelab/change-ssh-port#reference)
Reference
------------------------------------------------------------------------------
* [https://phoenixnap.com/kb/change-ssh-port](https://phoenixnap.com/kb/change-ssh-port)
[PreviousHomelab](https://docs.wehost.co.in/homelab)
[NextInstall Docker Ubuntu](https://docs.wehost.co.in/homelab/install-docker-ubuntu)
Last updated 1 year ago
---
# Portainer | Nathaniel Cyber Security
* Good Docker Management tool
* is opensource
[](https://docs.wehost.co.in/homelab/portainer#update)
Update
------------------------------------------------------------------
Copy
sudo apt update && sudo apt upgrade -y
[](https://docs.wehost.co.in/homelab/portainer#install-portainer-community-edition)
Install Portainer Community Edition
----------------------------------------------------------------------------------------------------------------------------
Copy
mkdir portainer_data
current_path=$(pwd)
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v $current_path/portainer_data:/data portainer/portainer-ce:latest
[PreviousInstall Docker Ubuntu](https://docs.wehost.co.in/homelab/install-docker-ubuntu)
[NextInstall Active Directory](https://docs.wehost.co.in/homelab/install-active-directory)
Last updated 1 year ago
* [Update](https://docs.wehost.co.in/homelab/portainer#update)
* [Install Portainer Community Edition](https://docs.wehost.co.in/homelab/portainer#install-portainer-community-edition)
---
# Install Docker Ubuntu | Nathaniel Cyber Security

[](https://docs.wehost.co.in/homelab/install-docker-ubuntu#install-docker-on-ubuntu)
Install docker on ubuntu
------------------------------------------------------------------------------------------------------------------
Copy
sudo apt-get update && sudo apt upgrade -y
Copy
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-release
Copy
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
Copy
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Copy
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
Copy
sudo apt install docker-ce -y
Copy
sudo systemctl status docker
[PreviousChange SSH Port](https://docs.wehost.co.in/homelab/change-ssh-port)
[NextPortainer](https://docs.wehost.co.in/homelab/portainer)
Last updated 1 year ago
---
# Setting up Wireguard | Nathaniel Cyber Security
* update and upgrade
Copy
sudo apt-get update && sudo apt-get upgrade -y
* install wireguard
Copy
sudo apt-get install wireguard
* edit the sysctl.conf
Copy
sudo nano /etc/sysctl.conf
* uncomment \`net.ipv4.ip\_forward=1\`
Copy
net.ipv4.ip_forward=1
Copy
sudo sysctl -p
* wireguard conf
Copy
cd /etc/wireguard
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
sudo nano /etc/wireguard/wg0.conf
* Server conf (technically its a peer)
Copy
[Interface]
PrivateKey =
Address = 10.0.0.1/24
# PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
# PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -o ens33 -j ACCEPT; iptables -A FORWARD -i ens33 -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -o ens33 -j ACCEPT; iptables -D FORWARD -i ens33 -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE
ListenPort = 51820
Table = off
[Peer]
PublicKey =
AllowedIPs = 10.0.0.2/32 , 192.168.0.0/24 , 192.168.0.146/32
* clinet conf
[](https://docs.wehost.co.in/homelab/setting-up-wireguard#references)
References
-------------------------------------------------------------------------------------
* https://upcloud.com/resources/tutorials/get-started-wireguard-vpn
[PreviousInstall Active Directory](https://docs.wehost.co.in/homelab/install-active-directory)
[NextManaging WireGuard Logs with Systemd and Logrotate 🔥](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate)
Last updated 9 months ago
Copy
wg genkey | tee privatekey | wg pubkey > publickey
Copy
[Interface]
Address = 10.0.0.2/32
PrivateKey =
# DNS = 1.1.1.1
[Peer]
PublicKey =
Endpoint = 110.110.110.110:51820
# Endpoint = :51820
AllowedIPs = 192.168.0.0/24
PersistentKeepalive = 25
---
# Cloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access | Nathaniel Cyber Security
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#backstory-why-i-set-this-up)
🔥 Backstory: Why I Set This Up
* One of my internal apps was **exposed on the internet** despite being **proxied through Cloudflare**.
* Anyone scanning the internet (like Shodan or Censys) could hit it directly, even though Cloudflare was enabled
* Enter: **Cloudflare Tunnel** no exposed ports, no firewall nightmares, no BS.
* * *
Would you like me to add a little `shodan.io` search reference or a quote from your internal logs to give it that gritty realness?
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#tl-dr)
✨ TL;DR
Use **Cloudflare Tunnel** to securely expose multiple web apps (on different ports) to the internet using **just one tunnel**, without opening a single port on your firewall. This blog walks through:
* Creating the tunnel
* Mapping subdomains to services
* Auto-starting with systemd
* * *
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#why-use-cloudflare-tunnel)
🧠 Why Use Cloudflare Tunnel?
* 🔐 No port forwarding
* 💸 Free for personal and dev use
* 🌍 Expose multiple apps via subdomains
* 📦 Works great with local HTTPS and Docker
* * *
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#my-setup)
⚙️ My Setup
* OS: Ubuntu 22.04 (but any Linux works)
* Cloudflare domain: `wehost.co.in`
* Goal: Expose multiple local apps like:
* `test.wehost.co.in` → `localhost:8002`
* * *
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-1-install-cloudflared)
🚀 Step 1: Install `cloudflared`
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-2-authenticate-with-cloudflare)
🔐 Step 2: Authenticate with Cloudflare
* This opens a browser window. Select your domain, and Cloudflare will generate a credentials file.
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-3-create-the-tunnel)
🌪️ Step 3: Create the Tunnel
This creates a tunnel and saves a `.json` credentials file under `~/.cloudflared/`.
You can confirm with:
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-4-create-config-file)
🛠️ Step 4: Create Config File
Create a `config.yml` in `~/.cloudflared/`:
Replace `` with the one from `cloudflared tunnel list`.
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-5-route-the-subdomain)
🌐 Step 5: Route the Subdomain
This links your tunnel to the subdomain in Cloudflare DNS.
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-6-run-the-tunnel)
✅ Step 6: Run the Tunnel
You should see output like:
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-7-auto-start-on-boot-with-systemd)
🔁 Step 7: Auto-Start on Boot with systemd
Create the service file:
###
[](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#whats-next-auto-magic-with-ci-cd)
🔮 What’s Next: Auto-Magic with CI/CD
Now that the tunnel’s solid, I’m planning to take it a step further:
> **The next iteration of this setup will integrate with a CI/CD pipeline** so every time I deploy a new app or update port mappings, the pipeline will:
>
> * Automatically update the `config.yml`
>
> * Push it to the server
>
> * Restart the Cloudflare tunnel service
>
> * Route any new subdomains on the fly
>
Think: zero-touch deployments with automatic subdomain provisioning. No more manual edits, no more downtime just ship and forget.
Stay tuned — that one’s gonna be fun. 🔧🚀
[PreviousManaging WireGuard Logs with Systemd and Logrotate 🔥](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate)
[Next🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box)
Last updated 8 months ago
* [🔥 Backstory: Why I Set This Up](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#backstory-why-i-set-this-up)
* [✨ TL;DR](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#tl-dr)
* [🧠 Why Use Cloudflare Tunnel?](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#why-use-cloudflare-tunnel)
* [⚙️ My Setup](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#my-setup)
* [🚀 Step 1: Install cloudflared](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-1-install-cloudflared)
* [🔐 Step 2: Authenticate with Cloudflare](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-2-authenticate-with-cloudflare)
* [🌪️ Step 3: Create the Tunnel](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-3-create-the-tunnel)
* [🛠️ Step 4: Create Config File](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-4-create-config-file)
* [🌐 Step 5: Route the Subdomain](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-5-route-the-subdomain)
* [✅ Step 6: Run the Tunnel](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-6-run-the-tunnel)
* [🔁 Step 7: Auto-Start on Boot with systemd](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#step-7-auto-start-on-boot-with-systemd)
* [🔮 What’s Next: Auto-Magic with CI/CD](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access#whats-next-auto-magic-with-ci-cd)
Copy
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb
Copy
cloudflared tunnel login
Copy
cloudflared tunnel create test
Copy
cloudflared tunnel list
Copy
nano ~/.cloudflared/config.yml
Copy
tunnel:
credentials-file: /home/groot/.cloudflared/.json
ingress:
- hostname: test.wehost.co.in
service: https://localhost:8002
originRequest:
noTLSVerify: true
- service: http_status:404
Copy
cloudflared tunnel route dns test test.wehost.co.in
Copy
cloudflared tunnel --config ~/.cloudflared/config.yml run test
Copy
Starting tunnel tunnelID=...
Using CurveP256...
Copy
sudo nano /etc/systemd/system/cloudflared-test.service
Copy
[Unit]
Description=Cloudflare Tunnel - test
After=network.target
[Service]
TimeoutStartSec=0
Restart=always
ExecStart=/usr/local/bin/cloudflared tunnel --config /home/groot/.cloudflared/config.yml run test
User=groot
Environment=HOME=/home/groot
[Install]
WantedBy=multi-user.target
Copy
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl enable cloudflared-test
sudo systemctl start cloudflared-test
---
# Opening SSH with Root Access to the World: A Controlled Honeypot Experiment | Nathaniel Cyber Security
> _"If you're going to set a trap, make sure it looks like a jackpot."_
* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#it-started-with-a-one-way-conversation)
🐱 It Started with a One-Way Conversation
Before any real hackers showed up, I decided to have a little fun. I shared the open SSH port with a friend and told him to "explore freely."
What followed was pure comedy.
He logged in, typed commands like `clear`, `ls`, `cat`, `man`, and even tried chatting with the server:
> `"what the f*** is the server"` `"why have you even exposed this on internet to waste our time"` `"please get a life bro"`
Meanwhile, I sat back, silently watching him yell at a machine that logged everything without a response.
Here’s a live snapshot from that session

* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-goal)
🎯 The Goal
After laughing way too hard, I got serious. This wasn’t about trolling, it was about building a **controlled honeypot** designed to capture real-world attacker behaviour.
The mission:
* **Expose a fake SSH service** offering **root access**.
* **Isolate** the honeypot completely from the real internet.
* **Control** entry points with tight firewalling and routing.
* **Observe** and log attacker behaviour safely.
In short: ✅ Full control. ✅ Full visibility. ✅ Zero risk.
* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-architecture)
🛠️ The Architecture
The setup involved two servers:
Machine
Role
IP / Interface
Notes
`shaddykrupa`
Cowrie SSH Honeypot
`192.168.237.128` (host-only network)
No internet access
`shaddy-reverse-proxy`
Reverse Proxy
LAN Interface: `ens33`, Host-Only Interface: `ens37`
Port `2000` exposed to the Internet (exposed on port 22 publically so technically 3 layers of network translation 2 NAT and 1 PAT )
**Traffic flow:**
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-firewall-iptables-rules)
🔥 The Firewall (iptables) Rules
Here’s the exact firewall script I used on `shaddy-reverse-proxy`:
This setup ensures:
* Only traffic on port `2000` is accepted and redirected.
* Packets are rewritten so Cowrie sees them correctly.
* Invalid traffic is dropped to harden the proxy itself.
* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#watching-the-world-come-in)
🧪 Watching the World Come In
Once the trap was live, it didn’t take long.
Bots, opportunistic attackers, and noisy scanners started pouring in each believing they had **found an open root-access SSH server**.
They spammed password attempts, tried `wget` malware downloads, dropped crypto-miners, and some immediately fired off `rm -rf /*` like it was Christmas morning.
Meanwhile, Cowrie quietly logged everything.
* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#key-observations-so-far)
📈 Key Observations (So Far)
* **Attackers behave differently** when they think they have root: bold, reckless, and noisy.
* **Speed is insane**: The first bot hit within minutes of exposure.
* **Defence in depth is non-negotiable**: Even honeypots need strong isolation.
* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#whats-next)
🛡️ What's Next?
This is just the beginning.
I'm **continuing to log** and **analyse** all incoming activity. The real fun starts now: studying **what the bots do**, how they behave, and what tools and malware they attempt to deploy when they believe they've found root access.
Will try and put updates soon with:
* Full analysis of attacker behaviour over time
* Common attack patterns spotted in the wild
* Tricks attackers use once they believe they "own" a system
* * *
###
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#final-thoughts)
🧠 Final Thoughts
This wasn’t just about catching hackers / Bots — it was about **understanding them**. Learning how fast they move, how they think, and how to outwit them.
By exposing fake root access in a controlled, isolated, and fortified environment, I got a front-row seat to the chaos without ever risking a real system.
And honestly? Watching my friend get mad at a fake server was just a bonus.
* * *
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#tl-dr)
🎯 TL;DR
------------------------------------------------------------------------------------------------------------------------------------
I opened SSH with root access to the world, but the only ones who got pwned were the bots.
And a little bit... my friend too.
[](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#reference)
Reference
-----------------------------------------------------------------------------------------------------------------------------------------
* [cowrie docker compose](https://gist.github.com/nathaniel-security/c7d662d0460af15f73e0c70c938b80f6)
* [iptables](https://gist.github.com/nathaniel-security/dc6165ae26b301f858a749e6a5db8df7)
[Previous🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box)
[NextCyberSecurity](https://docs.wehost.co.in/cybersecurity)
Last updated 7 months ago
* [🐱 It Started with a One-Way Conversation](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#it-started-with-a-one-way-conversation)
* [🎯 The Goal](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-goal)
* [🛠️ The Architecture](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-architecture)
* [🔥 The Firewall (iptables) Rules](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#the-firewall-iptables-rules)
* [🧪 Watching the World Come In](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#watching-the-world-come-in)
* [📈 Key Observations (So Far)](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#key-observations-so-far)
* [🛡️ What's Next?](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#whats-next)
* [🧠 Final Thoughts](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#final-thoughts)
* [🎯 TL;DR](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#tl-dr)
* [Reference](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment#reference)
Copy
[ Attacker ]
⬇️
Public IP (Port 22 externally)
⬇️
shaddy-reverse-proxy:2000 (LAN-facing)
⬇️
iptables DNAT
⬇️
shaddykrupa:2222 (Cowrie Honeypot)
Copy
# Flush old NAT rules if needed
sudo iptables -t nat -F
# Forward all TCP traffic hitting port 2000 on the LAN-facing interface to Cowrie
sudo iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 2000 -j DNAT --to-destination 192.168.237.128:2222
# Allow forwarding
sudo iptables -A FORWARD -p tcp -d 192.168.237.128 --dport 2222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Masquerade the packets so they appear to come from the proxy
sudo iptables -t nat -A POSTROUTING -o ens37 -p tcp -d 192.168.237.128 --dport 2222 -j MASQUERADE
sudo iptables -A INPUT -m state --state INVALID -j DROP
sudo iptables -A FORWARD -m state --state INVALID -j DROP
---
# Managing WireGuard Logs with Systemd and Logrotate 🔥 | Nathaniel Cyber Security
When managing a **VPN like WireGuard**, logging is crucial for **monitoring activity, debugging issues, and ensuring security**. But if left unchecked, logs can **grow rapidly** and become unmanageable.
In this guide, we’ll **set up Systemd** to capture WireGuard logs dynamically and use **Logrotate** to keep them under control automatically.
###
[](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#setup-a-systemd-file-to-store-logs)
Setup a Systemd file to store logs
**Step 1: Create a Systemd Service to Store Logs**
First, we need to create a Systemd service that continuously logs WireGuard activity.
🔹 Open a new Systemd service file:
Copy
nano /etc/systemd/system/wireguard-log.service
🔹 Add the following configuration:
Copy
[Unit]
Description=WireGuard Dynamic Debug Logging
After=network.target
[Service]
ExecStart=/bin/bash -c 'dmesg -wT | grep wireguard >> /var/log/wireguard-dyndbg.log'
Restart=always
RestartSec=5
StandardOutput=null
StandardError=null
[Install]
WantedBy=multi-user.target
🔹 Reload and restart Systemd to apply changes:
🔹 Verify that the service is running:
###
[](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#set-up-logrotate-for-automatic-log-management)
**Set Up Logrotate for Automatic Log Management**
Now, let’s ensure our logs don’t grow indefinitely by setting up **Logrotate**.
🔹 Install Logrotate (if not already installed):
🔹 Create a Logrotate configuration file:
🔹 Add the following configuration to manage log rotation:
Test Your Log Rotation Setup
To **force** log rotation manually:
[PreviousSetting up Wireguard](https://docs.wehost.co.in/homelab/setting-up-wireguard)
[NextCloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access)
Last updated 9 months ago
* [Setup a Systemd file to store logs](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#setup-a-systemd-file-to-store-logs)
* [Set Up Logrotate for Automatic Log Management](https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate#set-up-logrotate-for-automatic-log-management)
Copy
sudo systemctl daemon-reload
sudo systemctl restart wireguard-log.service
sudo systemctl enable wireguard-log.service
Copy
sudo systemctl status wireguard-log.service
Copy
sudo apt update && sudo apt install logrotate -y
Copy
nano /etc/logrotate.d/wireguard
Copy
/var/log/wireguard-dyndbg.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0640 root root
postrotate
systemctl restart wireguard-log.service > /dev/null 2>&1 || true
endscript
}
Copy
sudo logrotate -v /etc/logrotate.d/wireguard
Copy
sudo rm -f /var/lib/logrotate/status
sudo logrotate -f /etc/logrotate.d/wireguard
Copy
ls -lh /var/log/wireguard-dyndbg.log*
---
# Install Active Directory | Nathaniel Cyber Security
* Config
* 4 GBram
* 4 cores
* windows server 2019
###
[](https://docs.wehost.co.in/homelab/install-active-directory#install-windows-server)
Install Windows server
* remove the floppy disk before starting it
* else it keep asking for product key








###
[](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory)
Install Active Directory
####
[](https://docs.wehost.co.in/homelab/install-active-directory#rename-server)
Rename Server

###
[](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory-services)
Install Active Directory Services

* click on add roles and features







###
[](https://docs.wehost.co.in/homelab/install-active-directory#promote-to-domain-controller)
Promote to domain controller







* then Install
###
[](https://docs.wehost.co.in/homelab/install-active-directory#add-user-to-domain)
Add user to Domain

* click on Active directory Users and computers

[PreviousPortainer](https://docs.wehost.co.in/homelab/portainer)
[NextSetting up Wireguard](https://docs.wehost.co.in/homelab/setting-up-wireguard)
Last updated 1 year ago
* [Install Windows server](https://docs.wehost.co.in/homelab/install-active-directory#install-windows-server)
* [Install Active Directory](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory)
* [Install Active Directory Services](https://docs.wehost.co.in/homelab/install-active-directory#install-active-directory-services)
* [Promote to domain controller](https://docs.wehost.co.in/homelab/install-active-directory#promote-to-domain-controller)
* [Add user to Domain](https://docs.wehost.co.in/homelab/install-active-directory#add-user-to-domain)
---
# 🧠💥 How I Routed My Entire Lab's HTB Traffic Through a Single VPN Box | Nathaniel Cyber Security
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-problem)
😤 The Problem
If you’re working in a lab environment and doing serious work with Hack The Box (HTB), chances are you've got automation running scanners, exploit frameworks, recon tools, and maybe even a full orchestration setup.
The catch? HTB traffic only routes through their VPN tunnel. So unless _every single_ box in your lab connects to the VPN (spoiler: bad idea), you’re stuck.
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-goal)
🎯 The Goal
Instead of duct-taping VPN clients on every box, here’s what we want:
* **Single system connected to HTB VPN**
* **All LAN devices route HTB-bound traffic through that system**
* **Clean iptables rules that don’t wreck your firewall**
* **Scriptable and reversible setup that “just works”**
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-setup)
🧠 The Setup
Here’s the architecture:
* **LAN Interface:** Your main interface (e.g., `ens33`)
* **VPN Interface:** Where your HTB VPN is connected (`tun0`)
* **LAN Subnet:** `192.168.0.0/24`
* **HTB Subnet:** `10.10.0.0/16`
We’re going to build a gateway that transparently routes traffic from your LAN to HTB over the VPN.
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-script)
🛠️ The Script
👽 Link to updated [code](https://gist.github.com/nathaniel-security/0b63812f96c7dfca8c66b7e6a4176d2f#file-connect_htb-sh)
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#connect-my-client)
💥Connect my client
* `10.10.11.165` is an HTB IP address of the box
* `192.168.0.251` my proxy\_box IP address
* to delete the ip route
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#real-world-use-case)
⚡ Real-World Use Case
Now every system on my network even my toaster (I always knew it was destined for great things) can reach any HTB target, without needing its own VPN setup. 🤖🔗💣
###
[](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#final-thoughts)
💬 Final Thoughts
This isn’t about fancy scripts or over-engineering (I tend to do it a lot but don't we all). It’s about having a reliable, controlled setup that routes HTB traffic through your VPN **without reinventing the wheel or smashing your firewall with a sledgehammer**. You now have a surgical routing setup. There are no hacks, no weird side effects, and just a clean flow from your lab to HTB.
[PreviousCloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access](https://docs.wehost.co.in/homelab/cloudflare-tunnels-the-cybersecurity-pros-secret-weapon-for-secure-cloud-access)
[NextOpening SSH with Root Access to the World: A Controlled Honeypot Experiment](https://docs.wehost.co.in/homelab/opening-ssh-with-root-access-to-the-world-a-controlled-honeypot-experiment)
Last updated 8 months ago
* [😤 The Problem](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-problem)
* [🎯 The Goal](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-goal)
* [🧠 The Setup](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-setup)
* [🛠️ The Script](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#the-script)
* [💥Connect my client](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#connect-my-client)
* [⚡ Real-World Use Case](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#real-world-use-case)
* [💬 Final Thoughts](https://docs.wehost.co.in/homelab/how-i-routed-my-entire-labs-htb-traffic-through-a-single-vpn-box#final-thoughts)
Copy
# Define variables
LAN_IFACE="ens33"
# LAN_IFACE: The interface connected to your local network (home lab or automation server).
VPN_IFACE="tun0"
# VPN_IFACE: The interface created by HTB's OpenVPN connection.
LAN_SUBNET="192.168.0.0/24"
# LAN_SUBNET: The subnet used by your internal LAN devices.
HTB_SUBNET="10.10.0.0/16"
# HTB_SUBNET: The IP range used by HTB target machines. This is what we want to reach via VPN.
echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward
# 🚀 Enable IP forwarding
# Required so it can forward traffic from LAN to VPN
sudo iptables -F
sudo iptables -t nat -F
# Flushes all filter and NAT rules.
# ⚠️ Warning: This will wipe existing firewall rules. Fine for a lab, dangerous in production.
# NAT outgoing traffic to VPN
sudo iptables -t nat -A POSTROUTING -s $LAN_SUBNET -d $HTB_SUBNET -o $VPN_IFACE -j MASQUERADE
# Changes the source IP of packets from your LAN going to HTB, so they appear to come from your VPN interface IP.
# Allow traffic from LAN to VPN and back
sudo iptables -A FORWARD -s $LAN_SUBNET -d $HTB_SUBNET -i $LAN_IFACE -o $VPN_IFACE -j ACCEPT
# Allows packets going from LAN to HTB (via VPN)
sudo iptables -A FORWARD -d $LAN_SUBNET -s $HTB_SUBNET -i $VPN_IFACE -o $LAN_IFACE -j ACCEPT
# Allows return packets coming from HTB back to LAN
Copy
sudo ip route add 10.10.11.165 via 192.168.0.251 dev wlp0s20f3
Copy
sudo ip route del 10.10.11.165 via 192.168.0.251 dev wlp0s20f3
---
# Grup Labs | Nathaniel Cyber Security

Welcome to **Grup Labs** my personal collection of hands-on labs designed to help you **replicate**, **break**, and truly **understand** how real-world technologies work.
> Why "Grup"? It’s a stylized nod to the Turkish word for _group_, and maybe a subtle _Star Trek_ Easter egg (grups = grown-ups). But more than that, it reflects the idea of collaboration and learning by doing.
This isn’t your average write-up. Each lab here is built like a mini-CTF focused not just on hacking for flags, but on learning how:
* 🧠 Protocols behave
* 🔐 Misconfigurations lead to real vulnerabilities
* 🛠️ Enterprise tools and SaaS services operate under the hood
* 🌐 Tech stacks interact and break in the real world
Whether you’re a red teamer, a defender, or just someone who enjoys pulling things apart to see how they tick, **these labs are made for you**.
All labs are open-source, replicable, and structured to guide you through practical insights, not just walkthroughs.
No fluff. Just raw learning. Let’s get building. ⚙️
[PreviousTartarSauce – HTB Walkthrough](https://docs.wehost.co.in/ctf-walkthrough/tartarsauce-htb-walkthrough)
[NextAmazon Macie Lab: Spotting Sensitive Data Like a Boss](https://docs.wehost.co.in/grup-labs/amazon-macie-lab-spotting-sensitive-data-like-a-boss)
Last updated 4 months ago
---
# Building a Comprehensive AWS Config Lab: Tracking IAM Configuration Changes with SNS and S3 | Nathaniel Cyber Security

###
[](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#introduction)
Introduction
Identity and Access Management (IAM) sits at the heart of AWS security. A single unnoticed change to a role, policy, or user could open the door to privilege escalation or unauthorised access.
This lab demonstrates a **Proof-of-Concept (POC)** setup using **AWS Config** to **track IAM configuration changes** in real-time, send **notifications via SNS**, and store **detailed history in S3** for long-term analysis.
This implementation is simple enough for a lab environment yet practical enough to adapt directly to production.
###
[](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#why-this-lab-matters)
Why This Lab Matters
AWS Config is a **configuration change tracking** service that can record the history of your AWS resources. By targeting IAM resources specifically, this setup focuses on **high-impact security changes** such as:
* Creation or deletion of IAM users
* Policy attachments or removals
* Trust policy modifications
* Privilege escalations
With **SNS for real-time alerts** and **S3 for historical storage**, you get both immediate visibility and an audit-ready trail of every change.
###
[](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#lab-architecture)
Lab Architecture
**Flow Overview:**
1. **AWS Config** records IAM resource changes.
2. **SNS Topic** receives change notifications.
3. **S3 Bucket** stores configuration history and snapshots.
###
[](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#prerequisites)
Prerequisites
Before you start, make sure you have:
* An AWS account with permissions to:
* Create and configure AWS Config
* Create IAM roles, SNS topics, and S3 buckets
* Basic understanding of IAM roles and policies
**Extra Considerations:**
* **Regional Awareness:** IAM is global service, enable AWS Config’s _global resource recording_ in only one region to avoid duplicate charges.
* **Cost Management:** AWS Config charges per configuration item. Record selectively.
* **Permissions:** AWS Config’s service role must have permissions for S3 and SNS
###
[](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#aws-config-setup)
AWS Config Setup
###
[](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#let-aws-config-create-storage-and-notifications)
Let AWS Config Create Storage and Notifications
For this lab, instead of manually creating the S3 bucket and SNS topic, we used AWS Config’s built-in option to **automatically provision** them during initial setup.

When you choose this option:
* AWS Config creates an S3 bucket with a unique name (e.g., `awsconfig-bucket-1234567890-region`).
* 
* An SNS topic is created and automatically linked to AWS Config.
* 
* All necessary permissions are applied by default.
**Why this is useful for a POC:**
* Zero additional setup - you can go from nothing to a working lab in minutes.
* AWS handles IAM policies for these resources automatically.
* Great for testing AWS Config capabilities without worrying about infrastructure.
**Things to note for production:**
* Auto-created buckets have generic names and no lifecycle policies by default - storage can grow quickly.
* SNS topics will need explicit subscription management to send notifications where you need them.
* You might want to enable S3 versioning and custom bucket policies for compliance.

[PreviousAmazon Macie Lab: Spotting Sensitive Data Like a Boss](https://docs.wehost.co.in/grup-labs/amazon-macie-lab-spotting-sensitive-data-like-a-boss)
[NextAWS NACL vs Security Group: The Practical Guide (With Console Walkthroughs)](https://docs.wehost.co.in/grup-labs/aws-nacl-vs-security-group-the-practical-guide-with-console-walkthroughs)
Last updated 4 months ago
* [Introduction](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#introduction)
* [Why This Lab Matters](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#why-this-lab-matters)
* [Lab Architecture](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#lab-architecture)
* [Prerequisites](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#prerequisites)
* [AWS Config Setup](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#aws-config-setup)
* [Let AWS Config Create Storage and Notifications](https://docs.wehost.co.in/grup-labs/building-a-comprehensive-aws-config-lab-tracking-iam-configuration-changes-with-sns-and-s3#let-aws-config-create-storage-and-notifications)
---
# Email Protection | Cloudflare
Please enable cookies.
Email Protection
================
You are unable to access this email address docs.wehost.co.in
-------------------------------------------------------------
The website from which you got to this page is protected by Cloudflare. Email addresses on that page have been hidden in order to keep them from being accessed by malicious bots. **You must enable Javascript in your browser in order to decode the e-mail address**.
If you have a website and are interested in protecting it in a similar way, you can [sign up for Cloudflare](https://www.cloudflare.com/sign-up?utm_source=email_protection)
.
* [How does Cloudflare protect email addresses on website from spammers?](https://developers.cloudflare.com/waf/tools/scrape-shield/email-address-obfuscation/)
* [Can I sign up for Cloudflare?](https://developers.cloudflare.com/fundamentals/setup/account/create-account/)
Cloudflare Ray ID: **9ae6af0f6c4638a3** • Your IP: Click to reveal 54.237.218.47 • Performance & security by [Cloudflare](https://www.cloudflare.com/5xx-error-landing)
---