Encrypting AWS Instance Storage


Encrypted Data at Rest is the big term that has been floating around for several years. Just recently AWS started offering encrypted EBS volumes, the only problem with that is you cannot encrypt Instance Storage (aka Ephemeral Storage) volumes or Root volumes. This solution will not work for Root volumes, but it will for the Ephemeral volumes. The only potential problem with the encrypted EBS volumes is that AWS retains controls of the encryption keys for you in their IAM system. However since you’ve chosen to use the cloud that might not be a problem. Thankfully using SaltStack and my previous trick Just in Time Encryption Keys using SaltStack, you can automatically encrypt your Instance Storage on your EC2 Instances giving you that extra layer of security. This can be extremely beneficial if you want to convey to your clients that you are doing Full Disk Encryption and you want the ability to use SSD storage instead of EBS volumes.

Partial Continuous Deployment with Docker and SaltStack


If you haven’t figured out by now, I’m a big fan of both Docker and SaltStack. I’ve been using them both separately for a while now, but recently started using them together. Here’s my first iteration of continuous deployment using Docker and SaltStack.

This article will show you how to use SaltStack to re-deploy a container when a new version becomes available. I’ve made a few assumptions: (1) you know what Docker and SaltStack are, (2) you understand what a SaltStack State is, and (3) that you will use a docker index/registry to pull in your docker images (check out my docker-index project).

This post will break down the state file to explain each step, so even if you are not a Salt guru it should generally make sense. I won’t cover building docker images or how to trigger SaltStack to run the state file. (That might come in a future article.)

Docker Scripts - Updated


In a follow up to the original post Docker Scripts, Docker has made it so that you no longer need to have jq installed, you can do everything with the docker client’s inspect command and its (semi)new format feature.

I’ve updated the scripts to use the format command.

Analyzing an Android app with Docker and Androguard



Have you wanted to get into analyzing Android apps—for vulnerabilities, malware, or just for fun? Maybe you’ve experienced problems getting an environment setup because of complex tool dependencies, long READMEs, or just never really knew where to get started? This article can help. Using docker I can show you how to tear apart your first Android application, and maybe even find some vulnerabilities while you’re at it.