Skip to content

Instantly share code, notes, and snippets.

Avatar

Chris Gates carnal0wnage

View GitHub Profile
@carnal0wnage
carnal0wnage / auto_git_query
Created Sep 1, 2020 — forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
View auto_git_query
https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code
https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code
https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code
https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code
https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code
https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI
View Github bash generated search links (from hunter.sh)
View Security Engineer - Interview Questions
1. What is information security and how is it achieved?
2. What are the core principles of information security?
3. What is non-repudiation (as it applies to IT security)?
4. What is the relationship between information security and data availability?
5. What is a security policy and why do we need one?
6. What is the difference between logical and physical security? Can you give an example of both?
7. What’s an acceptable level of risk?
8. What are the most common types of attacks that threaten enterprise data security?
9. What is the difference between a threat and a vulnerability?
10. Can you give me an example of common security vulnerabilities?
@carnal0wnage
carnal0wnage / Road Trip Resources
Last active May 18, 2020
Asked on Twitter for recommendations for materials for a road trip - compiled list
View Road Trip Resources
Original tweet: https://twitter.com/carnal0wnage/status/1261025130307878916
"I have a multi day drive coming up soon - please send over your best podcasts, TED talks, hacker talks, cruising music.
I'll have my teenage daughter with me so topics other than infosec are welcome. Bonus points if on spotify and i can save
to offline listen"
List from the replies:
NPR "Car Talk" podcast with the "Click and Clack Brothers"
@carnal0wnage
carnal0wnage / aws_snapshot_by_owner.sh
Created May 15, 2020
shell script to list public snapshots for an owner for all regions
View aws_snapshot_by_owner.sh
OWNER='XXXXXXXXX'
echo $OWNER
for region in `aws ec2 describe-regions --output text | cut -f3`
do
echo -e "\nListing Snapshots for owner in region:'$region'..."
aws ec2 describe-snapshots --owner-ids=$OWNER --region $region
done
View YubiHSM2 Backed SSH Certificates
### I use HSM backed SSH certs and so can you. [why?: keys can be stolen, certs expire!]
1. Get a YubiHSM2 @ https://www.yubico.com/products/hardware-security-module/
2. Follow this: https://github.com/YubicoLabs/yubihsm-ssh-tool [ Yes, you're going to have to install all the other yubico stuff too, yubico-connector, etc, ..] on your issuing machine, or airgapped machine.
3. Be content that you can now sign certificates with the HSM on the issuer/airgapped machine.
3. Update /etc/ssh/sshd_config on remote server to add:
TrustedUserCAKeys /etc/ssh/ca.pub
AuthorizedPrincipalsFile /etc/ssh/auth_principals/%u
4. Add principals here:
ex:
View CVE-2017-5638.sh
#!/bin/bash
#
# Poc
#
# ./CVE-2017-5638.sh 192.168.9.3
#
# by f0r34chb3t4 - Qui Abr 12 21:00:24 -03 2018
#
# CVE-2017-5638
# Apache Struts 2 Vulnerability Remote Code Execution
View Preparación OSCP.md
View Backdoor Notes
#Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187
Notes:
Include 1) 1Password 7.app (Gatekeeper Approved) 2) StuffIt Expander.app/Backdoor (Not Approved) in /tmp/apps. You will be allowed to run both 1) and 2) (Gatekeeper bypass)
Alternative one liner:
$ pkgbuild --root /tmp/apps --identifier com.microsoft --install-location /Applications mypackage.pkg
You can’t perform that action at this time.