Skip to content

Instantly share code, notes, and snippets.

View aiwilliams's full-sized avatar

Adam Williams aiwilliams

73 followers · 22 following
View GitHub Profile
@aiwilliams
aiwilliams / jupiterone-aws-2020.diff
Last active December 24, 2020 02:51
JupiterOne AWS 2020
diff --git a/docs/docs-jupiterone-io/index.md b/docs/docs-jupiterone-io/index.md
index 3193b9c9..67b68829 100644
--- a/docs/docs-jupiterone-io/index.md
+++ b/docs/docs-jupiterone-io/index.md
@@ -46,7 +46,7 @@ The following entity resources and their meta data (not actual contents) are
ingested when the integration runs:
| AWS Service | AWS Entity Resource | \_type : \_class of the Entity |
-| -------------- | ------------------------- | ------------------------------------------------------------ |
+| --------------- | ------------------------- | ------------------------------------------------------------------------ |
@aiwilliams
aiwilliams / jupiterone-google-cloud-2020.md
Created December 24, 2020 00:03

Google Cloud

2020

Entities

The following entities are created:

Resources Entity _type Entity _class
@aiwilliams
aiwilliams / jupiterone-azure-2020.md
Created December 24, 2020 00:00

2020 Azure Resources

2019

Entities

Microsoft 365 Resources _type of the Entity _class of the Entity
Account azure_account Account
Group azure_user_group UserGroup
@aiwilliams
aiwilliams / create-mapped-relationship.md
Last active April 2, 2019 21:43

targetFilterKeys identify properties in the targetEntity that are used to locate the entites to connect to the sourceEntityKey. For example, if you know that you want to build a relationship to user entities with a known email, this can be expressed by:

{
  ...,
  targetFilterKeys: [['_class', 'email']],
  targetEntity: {
@aiwilliams
aiwilliams / gist:4072840
Created November 14, 2012 15:40
SQL JOIN multiple has_many through without duplicates
sqlite3 test.db
> create table events(_id smallint, name varchar(10));
create table speakers(_id smallint, name varchar(10));
create table terms(_id smallint, name varchar(10));
create table events_speakers(event_id smallint, speaker_id smallint);
create table events_terms(event_id smallint, term_id smallint);
insert into events values(1, 'Soccer');
insert into events values(2, 'Baseball');
insert into events values(3, 'Football');
@aiwilliams
aiwilliams / README.md
Created May 16, 2012 13:52
Storyboard in RubyMotion 1.4

Start XCode and create a new Storyboard file. I closed all my other XCode projects. When you choose the location of the created file, it should be your RubyMotion project's resources directory. Add a UIViewController, and set it's identifier property to "Start". Add some UI elements so you can see it working.

When you run rake in your RubyMotion project, it will compile the .storyboard file. You could auto-load the Storyboard using a plist configuration, but you'll see code can do it too.

@aiwilliams
aiwilliams / auditd-login-trace.log
Created November 19, 2013 16:25
How cool is this tool?! auditd FTW.
type=SYSCALL msg=audit(1384878019.652:5197): arch=c000003e syscall=2 success=yes exit=4 a0=7f04eed29dc0 a1=800 a2=1 a3=0 items=1 ppid=791 pid=7319 auid=4294967295 uid=0 gid=0 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" key="gemstuff"
type=CWD msg=audit(1384878019.652:5197): cwd="/"
type=PATH msg=audit(1384878019.652:5197): item=0 name="/home/vagrant/.ssh/authorized_keys" inode=2359308 dev=08:01 mode=0100600 ouid=1000 ogid=0 rdev=00:00
type=LOGIN msg=audit(1384878019.656:5198): login pid=7319 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=30
type=SYSCALL msg=audit(1384878019.672:5199): arch=c000003e syscall=2 success=yes exit=3 a0=116ab08 a1=0 a2=435e40 a3=0 items=1 ppid=7331 pid=7332 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=30 comm="bash" exe="/bin/bash" key="gemstuff"
type=CWD msg=audit(1384878019.672:5199): cwd="/home/vagrant"
type=PATH msg=audit(13848780
@aiwilliams
aiwilliams / naxsi-rules
Created October 22, 2013 14:50
Generating suggested whitelists for Naxsi Web Application Firewall from multiple error logs. This assumes you want a distinct set for each log.
#!/usr/bin/env ruby
require 'fileutils'
nx_dir = 'naxsi-rules.d'
rules_dir = 'etc/nginx/naxsi'
FileUtils.mkdir_p nx_dir
Dir['var/log/nginx/*.error.log'].each do |log_path|
@aiwilliams
aiwilliams / 00-api_github_com_readme.md
Last active December 19, 2015 19:49
Exploring CORS on api.github.com.

Be sure to test the 08 html document using the http:// protocol.

01-05 were requests made to api.github.com using curl. I wanted to see what the response headers looked like, where:

  • 01 - Simple GET with no credentials.
  • 02 - Simple GET with Basic (username:password).
  • 03 - Simple GET with Basic, my own user - the response certainly included private information about me, the authenticated user.
  • 04 - Creating an OAUTH token - do these, too, have Access-Control-* headers? Yes!
  • 05 - Simple GET with Authorization token.

06-09 demonstrate a CORS request from an HTML document on my hard drive (08), loaded by Chrome (28.0.1500.71), where:

@aiwilliams
aiwilliams / api_helpers_warden.rb
Last active December 15, 2015 00:39
Using Warden and Grape? You'll need some code to configure the Warden::Manager and install the Warden::Proxy in the Rack env. For Rails, this is typically done using Devise or rails_warden, and then you'll need some helper methods in your Grape::API, similar to those found in http://github.com/hassox/rails_warden/blob/master/lib/rails_warden/con…
# Provide access to the Warden::Proxy in the Rack env by including this module in your Grape::API:
#
# helpers Api::Helpers::Warden
#
# These methods require that something has configured the Warden::Manager, and
# the upstream middleware is in place to make the Warden::Proxy exist in the
# env! In a Rails app, this is typically done by Devise or rails_warden.
#
module Api::Helpers::Warden