HKT Tech week 2023

I’m very glad to be invited to the HKT Enterprise Solutions Tech week 2023.
This year they are foced on how OpenAI helps IT operations such as their EMS solution.

The new FortiNDR sandbox works with AI can achieve must faster response time.

Email gateway Geen Radar also use AI to improve their phishing detection system.

Update cloudflare DNS via API

Getting a the Cloudflare API Token
When updating the Cloudflare dynamic DNS record programmatically, your script must authenticate itself to the Cloudflare API. Only then will Cloudflare allow you to make changes to the DNS records in your account.

Cloudflare allows you to create API tokens with enough permissions for its purpose. In turn, you can then use your Cloudflare account’s username and the resulting API token to authenticate with the Cloudflare API.

To create a Cloudflare API Token, follow these steps.

  1. Open your browser, navigate to, and log in to your Cloudflare account.
  2. After logging in to the Cloudflare dashboard, click on the profile button on the upper-right corner and click My Profile.
  3. Next, click the API Tokens tab link. Under the API Tokens section, click the Create Token button. The example below assumes that you have not created any API tokens yet.
  4. On the list of API token templates, click the Edit zone DNS template to use it. This template allows you to create an API token with edit permission to all or selected DNS zones in your account.
  5. Under the Zone Resources section on the Create Token page, click the right-most dropdown box and select the DNS zone to include in this API token’s access. After choosing the DNS zone, click Continue to summary.
  6. Review the summary and ensure that the API has DNS:Edit permission to the previously selected DNS zone. Finally, click Create Token to create the API token.
  7. After creating the API token, copy the token value and make sure to store it securely. Treat the API token like how you would treat a password

Copy the script below, paste it into your PowerShell code editor, and save the file. Refer to the inline comments to understand what the script does.

#requires -Version 7.1

param (

# Build the request headers once. These headers will be used throughout the script.
$headers = @{
    "X-Auth-Email"  = $($Email)
    "Authorization" = "Bearer $($Token)"
    "Content-Type"  = "application/json"

#Region Token Test
## This block verifies that your API key is valid.
## If not, the script will terminate.

$uri = ""

$auth_result = Invoke-RestMethod -Method GET -Uri $uri -Headers $headers -SkipHttpErrorCheck
if (-not($auth_result.result)) {
    Write-Output "API token validation failed. Error: $($auth_result.errors.message). Terminating script."
    # Exit script
Write-Output "API token validation [$($Token)] success. $($auth_result.messages.message)."

#Region Get Zone ID
## Retrieves the domain's zone identifier based on the zone name. If the identifier is not found, the script will terminate.
$uri = "$($Domain)"
$DnsZone = Invoke-RestMethod -Method GET -Uri $uri -Headers $headers -SkipHttpErrorCheck
if (-not($DnsZone.result)) {
    Write-Output "Search for the DNS domain [$($Domain)] return zero results. Terminating script."
    # Exit script
## Store the DNS zone ID
$zone_id = $
Write-Output "Domain zone [$($Domain)]: ID=$($zone_id)"
#End Region

#Region Get DNS Record
## Retrieve the existing DNS record details from Cloudflare.
$uri = "$($zone_id)/dns_records?name=$($Record)"
$DnsRecord = Invoke-RestMethod -Method GET -Uri $uri -Headers $headers -SkipHttpErrorCheck
if (-not($DnsRecord.result)) {
    Write-Output "Search for the DNS record [$($Record)] return zero results. Terminating script."
    # Exit script
## Store the existing IP address in the DNS record
$old_ip = $DnsRecord.result.content
## Store the DNS record type value
$record_type = $DnsRecord.result.type
## Store the DNS record id value
$record_id = $
## Store the DNS record ttl value
$record_ttl = $DnsRecord.result.ttl
## Store the DNS record proxied value
$record_proxied = $DnsRecord.result.proxied
Write-Output "DNS record [$($Record)]: Type=$($record_type), IP=$($old_ip)"

#Region Get Current Public IP Address
$new_ip = Invoke-RestMethod -Uri ''
Write-Output "Public IP Address: OLD=$($old_ip), NEW=$($new_ip)"

#Region update Dynamic DNS Record
## Compare current IP address with the DNS record
## If the current IP address does not match the DNS record IP address, update the DNS record.
if ($new_ip -ne $old_ip) {
    Write-Output "The current IP address does not match the DNS record IP address. Attempt to update."
    ## Update the DNS record with the new IP address
    $uri = "$($zone_id)/dns_records/$($record_id)"
    $body = @{
        type    = $record_type
        name    = $Record
        content = $new_ip
        ttl     = $record_ttl
        proxied = $record_proxied
    } | ConvertTo-Json

    $Update = Invoke-RestMethod -Method PUT -Uri $uri -Headers $headers -SkipHttpErrorCheck -Body $body
    if (($Update.errors)) {
        Write-Output "DNS record update failed. Error: $($Update[0].errors.message)"
        ## Exit script

    Write-Output "DNS record update successful."
    return ($Update.result)
else {
    Write-Output "The current IP address and DNS record IP address are the same. There's no need to update."

Now that you’ve saved the Cloudflare dynamic DNS update script, what’s next? Before deploying the script, testing whether its functionality works is essential. Running the script requires four details to be successful, and those are:

Email – which is the email address for your Cloudflare account.
Token – the API token that you previously created from your Cloudflare account.
Domain – the DNS domain name that contains the DNS record you want to update. (e.g.,
Record – the DNS record you want to update. (e.g.,

PeopleCert certifications will have to be renewed

PeopleCert has recently announced that all its Global Best Practice certifications (also Foundation levels), including the most popular ones such as ITIL and PRINCE2, will have to be renewed.

If you were certified before 30 June 2020: You will have until 1 July 2023 to choose to renew your certification(s), regardless of your original award date.
If you were certified after June 2020: You will have the option to renew your certification(s) within 3 years of the original award date.

I just passed my ITIL foundation exam recently and it comes with renewal date.

There are several ways to renew the certification

  1. Retake the same exam: You can choose to renew your certification by re-taking your original exam before the renewal date.
  2. Take further courses and certifications: You can choose to renew your certification by attending another course and taking an exam within the same product suite before the renewal date.
  3. From March 2023, a third renewal path will be available: You will be able to choose to renew your certification through collecting and logging CPD points. More details on this path will follow soon.

Setup MacvLAN on docker instance

After you created a docker instance, by default it will sharing the docker host default network interface IP address and port.

If you want to create a virtual LAN for docker and getting static dedicated IP address from the same network as the host, you will need to setup a MacVLAN under the docker.

Simply use the below command to create a MacVLAN. But first, you will need to identify your host network interface, IP range, subnet and the DHCP configuration to avoid IP conflict.

sudo docker network create -d macvlan -o -parent=eth0 --subnet= --gateway= --ip-range= new-macvlan

The next step is to create a bridge interface on the docker, you use any network which is not in use.

Finally, add both bridge network and macvlan network to the docker instance to get it work.