Skip to content

Instantly share code, notes, and snippets.

View alsmola's full-sized avatar

Alex Smolen alsmola

28 followers · 3 following
View GitHub Profile
@alsmola
alsmola / gist:9905549
Created April 1, 2014 00:43
### Keybase proof
I hereby claim:
* I am alsmola on github.
* I am alsmola (https://keybase.io/alsmola) on keybase.
* I have a public key whose fingerprint is A396 4319 DB5C 469D 12D5 1299 AB1D 5964 6557 8858
To claim this, I am signing this object:
@alsmola
alsmola / git-list.rb
Last active August 29, 2015 14:09
List git branches with a numerical index, then check a branch out by index
#!/usr/bin/env ruby
# To setup - copy this to a file named git-list in a directory on your path and
# chmod +x.
#
# To use - Type git list, and select the branch you'd like to check out.
@branches = Array.new
class String
@alsmola
alsmola / xss_really.html
Last active June 28, 2016 00:00
XSS Really?
<html>
<body>
<script>
function log(arg) {
console.log(arg)
};
</script>
<div onclick="log('test&#39;);alert(1);//')">
Click me.
</div>
@alsmola
alsmola / kms_auth.go
Last active April 17, 2018 11:30
Confidant style KMS-based authentication in Go
/*
Copyright 2016 Alex Smolen (https://alexsmolen.com)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
@alsmola
alsmola / incongito_for_bash_profile.sh
Created April 28, 2018 03:17
function hide {
export OLD_PS1=${PS1}
set +o history
PS1="\e[41m $PS1 \e[m"
}
function show {
set -o history
PS1=${OLD_PS1}
}
@alsmola
alsmola / README.md
Last active December 27, 2019 04:53
Using session policies to limit IAM role access

Session Policy Example

First, upload test files to an S3 bucket you control (replace YOUR_BUCKET_NAME) in two directories representing isolated namespaces (123 and 124).

echo "123" > test.txt
aws s3 cp test.txt s3://YOUR_BUCKET_NAME/123/test.txt
echo "124" > test.txt
aws s3 cp test.txt s3://YOUR_BUCKET_NAME/124/test.txt
@alsmola
alsmola / gsuite_saml_cognito_alb.tf
Created February 1, 2020 18:19
ALB for gsuite-saml-cognito
resource "aws_lb" "app1" {
name = "App1"
internal = false
load_balancer_type = "application"
security_groups = ["<your-security-group>"]
subnets = ["<your-subnet-id>"]
}
resource "aws_lb_target_group" "app1" {
name = "App1"
@alsmola
alsmola / VerifyCognitoALBToken.js
Created February 3, 2020 04:37
Verifies ALB token from Cognito
// Get OIDC JWT from headers
const encodeJwt = req.headers["x-amzn-oidc-data"];
const jwtHeaders = encodeJwt.split(".")[0];
const decodedJwtHeaders = Buffer.from(jwtHeaders, "base64");
const decodedJson = JSON.parse(decodedJwtHeaders);
const kid = decodedJson["kid"];
// Lookup ALB public key for JWT
const region = "us-east-1";
const url = `https://public-keys.auth.elb.${region}.amazonaws.com/${kid}`;
@alsmola
alsmola / clever-openvpn-split-tunnel-config.md
Created March 21, 2020 22:01
Settings for Clever OpenVPN Split Tunnel

From https://www.smartspate.com/bypass-website-blocking-without-directing-traffic-vpn/

Advanced VPN > Additonal OpenVPN Config Directives
push "route 44.228.121.66 255.255.255.255 vpn_gateway" # DEIP databases
push "route 54.203.187.138 255.255.255.255 vpn_gateway"
push "route 54.188.185.98 255.255.255.255 vpn_gateway"
push "route 44.231.10.48 255.255.255.255 vpn_gateway"
push "route 35.167.142.219 255.255.255.255 vpn_gateway"
push "route 54.70.205.111 255.255.255.255 vpn_gateway"
@alsmola
alsmola / aws_multifactorauthpresent.snippet
Last active March 29, 2020 17:45
Use of aws:MultiFactorAuthPresent global condition context key
/* Dangerous - allows long-term access keys */
...
"Effect": "Deny",
"Condition":
{ "Bool": {"aws:MultiFactorAuthPresent": "false"}}
...
"Effect": "Allow",
"Condition":
{"Null": {"aws:MultiFactorAuthPresent": "false"}}
...