- Cluster Quota
oc create clusterquota env-qa \
--project-label-selector environment=qa \
--hard pods=10,services=5
oc create clusterquota user-qa \
Kaan Dolgun 180808k
invictus-ir
/ CloudTrail.csv
Last active
May 2, 2024 12:56
An overview of CloudTrail events that are interesting from an Incident Response perspective
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 10 columns, instead of 9. in line 7.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Initial Access","Execution","Persistence","Privilege Escalation","Defense Evasion","Credential Access","Discovery","Lateral Movement","Exfiltration","Impact" | |
| ConsoleLogin,StartInstance,CreateAccessKey,CreateGroup,StopLogging,GetSecretValue,ListUsers,AssumeRole,CreateSnapShot,PutBucketVersioning | |
| PasswordRecoveryRequested,StartInstances,CreateUser,CreateRole,DeleteTrail,GetPasswordData,ListRoles,SwitchRole,ModifySnapshotAttributes ,RunInstances | |
| ,Invoke,CreateNetworkAclEntry,UpdateAccessKey,UpdateTrail,RequestCertificate,ListIdentities,,ModifyImageAttribute,DeleteAccountPublicAccessBlock | |
| ,SendCommand,CreateRoute,PutGroupPolicy,PutEventSelectors,UpdateAssumeRolePolicy,ListAccessKeys,,SharedSnapshotCopyInitiated, | |
| ,,CreateLoginProfile,PutRolePolicy,DeleteFlowLogs,,ListServiceQuotas,,SharedSnapshotVolumeCreated, | |
| ,,AuthorizeSecurityGroupEgress,PutUserPolicy,DeleteDetector,,ListInstanceProfiles,,ModifyDBSnapshotAttribute, | |
| ,,AuthorizeSecurityGroupIngress,AddRoleToInstanceProfile,DeleteMembers,,ListBuckets,,PutBucketP |
ustayready
/ gpt.py
Created
January 16, 2023 23:49
CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import openai | |
| import boto3 | |
| import json | |
| import time | |
| from typing import Dict, List | |
| openai.api_key = '### SET YOUR OPENAPI API KEY HERE ###' | |
| session = boto3.session.Session() | |
| client = session.client('iam') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| async function readRequestBody(request) { | |
| const { headers } = request; | |
| const contentType = headers.get('content-type') || ''; | |
| if (contentType.includes('application/json')) { | |
| return JSON.stringify(await request.json()); | |
| } else if (contentType.includes('form')) { | |
| const formData = await request.formData(); | |
| const body = {}; | |
| for (const entry of formData.entries()) { | |
| body[entry[0]] = entry[1]; |
prabhu
/ git-scan.sh
Created
June 26, 2020 09:31
Script to perform security scan of top repos on GitHub using ShiftLeft Scan. Use it to produce your own state of the opensource security reports.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Script to clone top repos on github based on language and invoke ShiftLeft Scan against the repos to find vulnerabilities | |
| # Use case 1: Scan the top repos on GitHub and write a state of opensource report to criticize opensource! | |
| # Use case 2: Scan the top repos on GitHub and sell your magical security product to guard organizations against opensource vulnerabilities! | |
| CURR_DIR=$(pwd) | |
| mkdir -p reports_dir | |
| mkdir -p work_dir && cd work_dir | |
| # Get the latest scan image | |
| docker pull shiftleft/scan |
sminez
/ get_ippsec_details.py
Last active
January 5, 2024 05:51
Find examples of pen testing methods and tools in videos by Ippsec (as of 22nd January 2020)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Script used to pull down the current video descriptions from ippsec's youtube channel. | |
| The raw output still has a few HTML tags that need to be manually removed and there | |
| also seem to be multiple duplicates of videos that have been removed in the output | |
| saved as ippsec-details.txt | |
| """ | |
| import re | |
| import sys |
dansimau
/ ldif-to-csv.sh
Created
November 12, 2010 15:14
Shell script that reads LDIF data from STDIN and outputs as CSV.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Converts LDIF data to CSV. | |
| # Doesn't handle comments very well. Use -LLL with ldapsearch to remove them. | |
| # | |
| # 2010-03-07 | |
| # dsimmons@squiz.co.uk | |
| # | |
| # Show usage if we don't have the right params |