Skip to content

Instantly share code, notes, and snippets.

View aiwilliams's full-sized avatar

Adam Williams aiwilliams

73 followers · 22 following
View GitHub Profile
@aiwilliams
aiwilliams / jupiterone-aws-2020.diff
Last active December 24, 2020 02:51
JupiterOne AWS 2020
diff --git a/docs/docs-jupiterone-io/index.md b/docs/docs-jupiterone-io/index.md
index 3193b9c9..67b68829 100644
--- a/docs/docs-jupiterone-io/index.md
+++ b/docs/docs-jupiterone-io/index.md
@@ -46,7 +46,7 @@ The following entity resources and their meta data (not actual contents) are
ingested when the integration runs:
| AWS Service | AWS Entity Resource | \_type : \_class of the Entity |
-| -------------- | ------------------------- | ------------------------------------------------------------ |
+| --------------- | ------------------------- | ------------------------------------------------------------------------ |
@aiwilliams
aiwilliams / jupiterone-google-cloud-2020.md
Created December 24, 2020 00:03

Google Cloud

2020

Entities

The following entities are created:

Resources Entity _type Entity _class
@aiwilliams
aiwilliams / jupiterone-azure-2020.md
Created December 24, 2020 00:00

2020 Azure Resources

2019

Entities

Microsoft 365 Resources _type of the Entity _class of the Entity
Account azure_account Account
Group azure_user_group UserGroup
@aiwilliams
aiwilliams / create-mapped-relationship.md
Last active April 2, 2019 21:43

targetFilterKeys identify properties in the targetEntity that are used to locate the entites to connect to the sourceEntityKey. For example, if you know that you want to build a relationship to user entities with a known email, this can be expressed by:

{
  ...,
  targetFilterKeys: [['_class', 'email']],
  targetEntity: {
@aiwilliams
aiwilliams / vagrant-up-failure-broken-pipe.txt
Created November 12, 2015 16:39
Bringing machine 'computer7' up with 'vmware_fusion' provider...
==> computer7: Cloning VMware VM: 'ubuntu-14.04.2'. This can take some time...
==> computer7: Verifying vmnet devices are healthy...
==> computer7: Preparing network adapters...
==> computer7: Fixed port collision for 22 => 2222. Now on port 2205.
==> computer7: Starting the VMware VM...
==> computer7: Waiting for machine to boot. This may take a few minutes...
computer7: SSH address: 192.168.117.219:22
computer7: SSH username: vagrant
computer7: SSH auth method: private key
@aiwilliams
aiwilliams / vagrant-up-failure.txt
Created November 12, 2015 15:05
Bringing machine 'computer7' up with 'vmware_fusion' provider...
==> computer7: Cloning VMware VM: 'ubuntu-14.04.2'. This can take some time...
==> computer7: Verifying vmnet devices are healthy...
==> computer7: Preparing network adapters...
==> computer7: Fixed port collision for 22 => 2222. Now on port 2205.
==> computer7: Starting the VMware VM...
==> computer7: Waiting for machine to boot. This may take a few minutes...
computer7: SSH address: 192.168.117.219:22
computer7: SSH username: vagrant
computer7: SSH auth method: private key
@aiwilliams
aiwilliams / keybase.md
Created June 3, 2015 14:12

Keybase proof

I hereby claim:

  • I am aiwilliams on github.
  • I am aiwilliams (https://keybase.io/aiwilliams) on keybase.
  • I have a public key whose fingerprint is 7731 ACD2 06D2 AE0F C605 B443 3287 14B3 A356 B852

To claim this, I am signing this object:

@aiwilliams
aiwilliams / auditd-login-trace.log
Created November 19, 2013 16:25
How cool is this tool?! auditd FTW.
type=SYSCALL msg=audit(1384878019.652:5197): arch=c000003e syscall=2 success=yes exit=4 a0=7f04eed29dc0 a1=800 a2=1 a3=0 items=1 ppid=791 pid=7319 auid=4294967295 uid=0 gid=0 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" key="gemstuff"
type=CWD msg=audit(1384878019.652:5197): cwd="/"
type=PATH msg=audit(1384878019.652:5197): item=0 name="/home/vagrant/.ssh/authorized_keys" inode=2359308 dev=08:01 mode=0100600 ouid=1000 ogid=0 rdev=00:00
type=LOGIN msg=audit(1384878019.656:5198): login pid=7319 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=30
type=SYSCALL msg=audit(1384878019.672:5199): arch=c000003e syscall=2 success=yes exit=3 a0=116ab08 a1=0 a2=435e40 a3=0 items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.672:5199): cwd="/home/vagrant"
type=PATH msg=audit(13848780
@aiwilliams
aiwilliams / naxsi-rules
Created October 22, 2013 14:50
Generating suggested whitelists for Naxsi Web Application Firewall from multiple error logs. This assumes you want a distinct set for each log.
#!/usr/bin/env ruby
require 'fileutils'
nx_dir = 'naxsi-rules.d'
rules_dir = 'etc/nginx/naxsi'
FileUtils.mkdir_p nx_dir
Dir['var/log/nginx/*.error.log'].each do |log_path|
@aiwilliams
aiwilliams / 00-api_github_com_readme.md
Last active December 19, 2015 19:49
Exploring CORS on api.github.com.

Be sure to test the 08 html document using the http:// protocol.

01-05 were requests made to api.github.com using curl. I wanted to see what the response headers looked like, where:

  • 01 - Simple GET with no credentials.
  • 02 - Simple GET with Basic (username:password).
  • 03 - Simple GET with Basic, my own user - the response certainly included private information about me, the authenticated user.
  • 04 - Creating an OAUTH token - do these, too, have Access-Control-* headers? Yes!
  • 05 - Simple GET with Authorization token.

06-09 demonstrate a CORS request from an HTML document on my hard drive (08), loaded by Chrome (28.0.1500.71), where: