Skip to content

Instantly share code, notes, and snippets.

View andresriancho's full-sized avatar
🎯
Focusing

Andres Riancho andresriancho

🎯
Focusing
View GitHub Profile
@andresriancho
andresriancho / s3-query.sql
Created November 8, 2019 18:47
Athena query to get AWS S3 use
SELECT eventtime,
eventname,
requestparameters,
awsregion,
eventsource,
resources
FROM cloudtrail_662651605507
WHERE year = '2019'
AND month IN ('7', '8', '9', '10', '11')
AND eventsource = 's3.amazonaws.com'
@andresriancho
andresriancho / query.sql
Created November 8, 2019 17:17
Athena query to get AWS Lambda function invoke calls
SELECT eventtime,
eventname,
requestparameters,
awsregion,
eventsource,
resources
FROM cloudtrail_662651605507
WHERE year = '2019'
AND month IN ('7', '8', '9', '10', '11')
AND eventsource = 'lambda.amazonaws.com'
@andresriancho
andresriancho / README.md
Created October 17, 2019 17:58
guardduty-event-target.tf

GuardDuty events sent via CloudWatch rules and SNS emails are ugly.

It is possible to improve them using inputTransformer.

guardduty-event-target.tf shows an example usage.

@andresriancho
andresriancho / get-display-name.py
Last active December 5, 2023 13:29
Get AWS root account email address
import boto3
session = boto3.Session(profile_name='ariancho')
s3_client = session.client('s3')
display_name = s3_client.list_buckets()['Owner']['DisplayName']
print(display_name)
for bucket in s3_client.list_buckets()['Buckets']:
print(s3_client.get_bucket_acl(Bucket=bucket['Name'])['Owner']['DisplayName'])
@andresriancho
andresriancho / bruteforce-2fa.py
Created September 12, 2018 16:04
AWS S3 bucket bruteforce-2fa.py
import os
import sys
import time
import random
import subprocess
FNULL = open(os.devnull, 'w')
env = {'HTTPS_PROXY': 'http://localhost:8080/'}
cmd = ('aws --region us-east-1 --no-verify-ssl --profile=andres-root s3api delete-object'
@andresriancho
andresriancho / test.py
Created May 9, 2018 20:14
Test compression algorithms
import timeit
import lz4.frame
import lzf
import zlib
#import snappy
import os
from timeit import Timer
DATA = open("test.py", "rb").read()
DLEN = len(DATA)
@andresriancho
andresriancho / source-code-review-atom.md
Last active July 23, 2018 21:44
Ideas for source code review plugin for Atom

User story

As an application security expert I use Atom to read source code. I would like to be able to have a plugin with features that will help me identify vulnerabilities.

Ideas

  • Add annotations to the source code: Select a few lines of code, right click, "Add annotation", text box appears, user types comments on the source code, clicks "Save". All annotations can be seen in a tab. If the code has annotations then it is highlighted differently (change background color)

  • The plugin implements methods for searching for XSS, SQL injection, etc. The plugin adds a menu

@andresriancho
andresriancho / smart-contract-research.md
Last active November 8, 2017 11:34
Smart contracts research
### Keybase proof
I hereby claim:
* I am andresriancho on github.
* I am andresriancho (https://keybase.io/andresriancho) on keybase.
* I have a public key whose fingerprint is 0FA5 D462 EA05 CBBF EAEE 1F14 E0ED B201 A7B2 7B69
To claim this, I am signing this object:
@andresriancho
andresriancho / linq-example.cs
Created February 20, 2017 20:22
linq-example.cs
using System;
using System.Linq;
using System.Collections.Generic;
class app {
static void Main() {
string[] names = { "Burke", "Connor", "Frank",
"Everett", "Albert", "George",
"Harris", "David" };