Skip to content

Instantly share code, notes, and snippets.

Avatar

Andrew Beresford beezly

View GitHub Profile
@beezly
beezly / ssm-rdp.sh
Created Apr 28, 2020
This pile of garbage will so SSM RDP on a Mac if you have the aws-cli and Microsoft RDP client installed. I'm not proud of this but it was useful to me.
View ssm-rdp.sh
#!/usr/bin/env zsh -e
LOCAL_PORT=$(( $RANDOM + 32767 )) # Handily $RANDOM gives a number between 0 and 32767, so this will give us a random port between 32767-65535
REMOTE_PORT=3389
target_id=$1
aws ssm start-session --region eu-west-1 --target "${target_id}" --document-name AWS-StartPortForwardingSession --parameters "localPortNumber=${LOCAL_PORT},portNumber=${REMOTE_PORT}" &
SESSION_PID=$!
RD_TEMP=$(mktemp -d)
@beezly
beezly / demo.c
Created Apr 11, 2020
MMX/SSE demo
View demo.c
/*
On a VM I got...
Allocating 134217728 bytes of RAM and writing a pattern to it.
allocate_ram: Took 15770 cycles
before first x86_add: Address 0xafd54010: 00000000000000000000000000000000
after first x86_add: Address 0xafd54010: 02020202020202020202020202020202
after last x86_add: Address 0xafd54010: cacacacacacacacacacacacacacacaca
x86_add: Took 13213002422 cycles
@beezly
beezly / op-wrapper.sh
Last active Feb 20, 2020
1password CLI wrapper - caches your "my" login token
View op-wrapper.sh
#!/bin/bash -e
# You can use this script in two ways
# 1. Source it in to an existing script to get access to your credentials
# e.g.
# #!/bin/bash
# . ~/bin/op-wrapper
# details=$(op get item 'Top Secret Password')
# 2. Wrap another script or command with this script
# e.g.
# ~/bin/op-wrapper ./myscript up down left right
@beezly
beezly / aws-rotate-key.sh
Last active Feb 12, 2020
My shonky script for rotating AWS CLI access credentials - requires jq
View aws-rotate-key.sh
#!/bin/bash -e
# First step, backup the old creds
tsec=$(date +%s)
pushd ~/.aws >/dev/null
tar -zcf "credential-backup-${tsec}.tar.gz" config credentials
popd > /dev/null
# Get the current key ID
@beezly
beezly / TLS_on_RDS_Postgres.md
Last active Jan 28, 2020
Correctly configuring TLS on RDS PostgreSQL instances
View TLS_on_RDS_Postgres.md

In an "out of the box" configuration, RDS PostgreSQL doesn't configure TLS in a safe way.

The server will allow non-TLS connections and most clients will not bother to validate the TLS certificates presented to it anyway.

But first...

Don't Panic

Assuming that you have configured other security measures like VPC Security Groups

@beezly
beezly / rotate-passwords.sh
Created Sep 9, 2019
Use kpasswd to rotate through a number of passwords between your old and new passwords
View rotate-passwords.sh
#!/usr/bin/env bash
CYCLE=24
declare -a PASSWORDS
let last_cycle=CYCLE+1
PASSWORDS[0]=$1
PASSWORDS[${last_cycle}]=$2
for i in $(seq ${last_cycle}); do
echo $i
@beezly
beezly / main.py
Created Jan 13, 2019
ESP32 Hardware Interrupts in micropython
View main.py
import machine
import sys
import utime
# Error buffer for inside ISRs
import micropython
micropython.alloc_emergency_exception_buf(100)
class Run():
def __init__(self):
@beezly
beezly / azure-token.sh
Last active Jul 19, 2018
get a vault token using azure
View azure-token.sh
#!/bin/bash -e
api_version="2018-02-01"
resource="https://<your resource URL>"
instance_data=$(curl -s -H 'Metadata: true' "http://169.254.169.254/metadata/instance?api-version=${api_version}")
offer_data=$(curl -s -H 'Metadata: true' "http://169.254.169.254/metadata/identity/oauth2/token?api-version=${api_version}&resource=${resource}")
rg=$(jq -r .compute.resourceGroupName <<< $instance_data)
type=vmss
name=$(jq -er .compute.vmScaleSetName <<< $instance_data)
@beezly
beezly / gist:52567aa8210fa16eae74a556ef14f0da
Created Apr 19, 2018
Delete One Password Items Duplicated by Title
View gist:52567aa8210fa16eae74a556ef14f0da
op list items | jq -r 'group_by(.overview.title) | .[] | select(length > 1) | min_by(.updatedAt) | .uuid' | xargs -n 1 op item delete
View keybase.md

Keybase proof

I hereby claim:

  • I am beezly on github.
  • I am beezly (https://keybase.io/beezly) on keybase.
  • I have a public key ASBqxtgg-zWLBnFoVdcBozWvYRuZfD40OmACI9-rUvPjZAo

To claim this, I am signing this object: