Exercise 1: Kibana

Kibana is published by Ingress Controller.


Kibana is protected by NGINX App Protect embedded in Ingress Controller.


Security events logs are sent to ELK.

NAP logs

Security dashboards are available on Kibana. Mode details here

NAP logs
  • Using your web browser, try to reach ELK UI https://kibana{{site_ID}}… Damn it’s DOWN!

  • Restart the container using docker commands

docker ps


CONTAINER ID   IMAGE          COMMAND                  CREATED      STATUS      PORTS                                                                                                                                                 NAMES
3c87d89ab528   sebp/elk:742   "/usr/local/bin/star…"   5 days ago   Up 3 days>5144/tcp, :::5144->5144/tcp,>5601/tcp, :::5601->5601/tcp, 5044/tcp, 9300/tcp,>9200/tcp, :::9200->9200/tcp   f5-waf-elk-dashboards_elasticsearch_1
  • Note your {{CONTAINER_ID}} and restart it

docker restart {{CONTAINER_ID}}
  • Wait 3mn then browse ELK UI https://kibana{{site_ID}} >> Dashboard >> Overview and scroll to All Requests

Extra time: Cryptonice

Cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.

  • On Jumphost, evaluate SSL security for https://kibana{{site_ID}}

docker run -v `pwd`:`pwd` -w `pwd` -i -t f5labs/cryptonice kibana{{site_ID}} --json_out --no_console


Pre-scan checks
Scanning on port 443...
Analyzing DNS data for
Fetching additional records for resolves to OPEN
TLS is available: True
Connecting to port 443 using HTTPS
Reading HTTP headers for kibana{{site_ID}}
Queueing TLS scans (this might take a little while...)
Looking for HTTP/2

Scans complete
Total run time: 0:00:03.059256

Outputting data to ./kibana{{site_ID}}
  • View evaluation results

cat kibana{{site_ID}} | jq .

Capture The Flag

extra 1.1 What is the supported cipher suite?