Aaron C. de Bruyn darkpixel

## gist:3473470
def cycle_key(self):
    #TODO: Errors here will tank the system, probably need some better handling...
    old_session_key = self.session_key
    old_session = Session.objects.get(session_key=old_session_key)
    try:
        cart = Cart.objects.get(session=old_session)
        super(SessionStore, self).cycle_key()
        new_session_key = self.session_key
        new_session = Session.objects.get(session_key=new_session_key)
        cart.session = new_session

## gist:582ccce8bf49846325d53ef5f898c87b
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver
spec:
  selector:
    matchLabels:
      app: echoserver
  replicas: 1
  template:

## CVE-2020-1350 Registry Remediation.xml
<?xml version="1.0" encoding="utf-8"?>
<AdminArsenal.Export Code="PDQDeploy" Name="PDQ Deploy" Version="19.0.40.0" MinimumVersion="15.0">
  <Package>
    <CurrentLibraryPackageVersionId value="null" />
    <PackageDefinition name="Definition">
      <Conditions type="list">
        <PackageStepCondition>
          <Architecture>Both</Architecture>
          <Version>AllServers</Version>
          <TypeName>OperatingSystem</TypeName>

## CVE-2020-1350 Collections.xml
<?xml version="1.0" encoding="utf-8"?>
<AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="19.0.40.0" MinimumVersion="4.0">
  <Collection>
    <ReportDefinition name="Definition">
      <RootFilter name="Filter">
        <Comparison>All</Comparison>
        <Filters type="list">
          <ValueFilter>
            <Table>Service</Table>
            <Column>Name</Column>

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                darkpixel
                / keybase.md
            
            
              Created
              June 24, 2020 15:39
            
          
    Keybase proof

I hereby claim:

I am darkpixel on github.
I am darkpixel (https://keybase.io/darkpixel) on keybase.
I have a public key ASDzv7Fb19M0mLduW9E9ASuIOA4njGMJw-7rteVauKVzEwo

To claim this, I am signing this object:

  
## gist:51930435c27724d2b41daa8c6bded673
# Quick-and-dirty how-to for wrapping salt traffic in spiped.  Critiques welcome.  You'll probably need to adjust slightly if you aren't using FreeBSD.

# There's a great write-up with pictures here: https://hackacad.net/security/2020/05/06/how-to-secure-you-salstack-salt-master-using-spiped.html

## Master
# /usr/local/etc/salt/master needs to be bound to localhost, and it's better to be explicit than implicit with your ports.
interface: 127.0.0.1
publish_port: 4505
ret_port: 4506

## gist:1effa7175d3850c5e8b5
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
use JSON;

my $webhook_url = 'your-webhook-url';
my $default_channel = '#your-channel';

my $ua = LWP::UserAgent->new;
$ua->timeout(15);

## gist:74ba400dd05271374d7830d6fcdf61a9
root@uslogdcnas04:/tmp# rsync --stats --progress test.file /tank/
test.file
  5,885,362,176 100%  327.86MB/s    0:00:17 (xfr#1, to-chk=0/1)

Number of files: 1 (reg: 1)
Number of created files: 1 (reg: 1)
Number of deleted files: 0
Number of regular files transferred: 1
Total file size: 5,885,362,176 bytes
Total transferred file size: 5,885,362,176 bytes

## iterdrives.py
import probstat, os, sys, popen2

# List of partitions possibly used in the array
li = ['/dev/hde1', '/dev/hdg1', '/dev/hdi1', '/dev/hdk1', '/dev/sdc1', '/dev/sdd1', '/dev/sde1', '/dev/sdf1']

# Assemble = Number of Devices in Array - Number of Parity Drives
# RAID 6 uses 2 parity drives.  So for an array of 10 partitions in RAID 6
# you would set assemble to 8
assemble = 5

## gist:3e81c9554334a6fb0ab06c9128c6cad9
# Django
11:57:29 [aaron@ender:~/code/mspdna-receiver] master(+3/-3)* ± ab -s 60 -r -n 1000 -c 1000 -p test.json -T application/json http://127.0.0.1:8000/hook/v2/31038d0b2f2e01083001905ad22a759c67b0b908/a52b6347-37c3-49d4-b7f8-dd389c4dd0b8/
This is ApacheBench, Version 2.3 <$Revision: 1528965 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
	def cycle_key(self):
	#TODO: Errors here will tank the system, probably need some better handling...
	old_session_key = self.session_key
	old_session = Session.objects.get(session_key=old_session_key)
	try:
	cart = Cart.objects.get(session=old_session)
	super(SessionStore, self).cycle_key()
	new_session_key = self.session_key
	new_session = Session.objects.get(session_key=new_session_key)
	cart.session = new_session
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: echoserver
	spec:
	selector:
	matchLabels:
	app: echoserver
	replicas: 1
	template:
	<?xml version="1.0" encoding="utf-8"?>
	<AdminArsenal.Export Code="PDQDeploy" Name="PDQ Deploy" Version="19.0.40.0" MinimumVersion="15.0">
	<Package>
	<CurrentLibraryPackageVersionId value="null" />
	<PackageDefinition name="Definition">
	<Conditions type="list">
	<PackageStepCondition>
	<Architecture>Both</Architecture>
	<Version>AllServers</Version>
	<TypeName>OperatingSystem</TypeName>
	<?xml version="1.0" encoding="utf-8"?>
	<AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="19.0.40.0" MinimumVersion="4.0">
	<Collection>
	<ReportDefinition name="Definition">
	<RootFilter name="Filter">
	<Comparison>All</Comparison>
	<Filters type="list">
	<ValueFilter>
	<Table>Service</Table>
	<Column>Name</Column>
	# Quick-and-dirty how-to for wrapping salt traffic in spiped. Critiques welcome. You'll probably need to adjust slightly if you aren't using FreeBSD.

	# There's a great write-up with pictures here: https://hackacad.net/security/2020/05/06/how-to-secure-you-salstack-salt-master-using-spiped.html

	## Master
	# /usr/local/etc/salt/master needs to be bound to localhost, and it's better to be explicit than implicit with your ports.
	interface: 127.0.0.1
	publish_port: 4505
	ret_port: 4506
	use HTTP::Request::Common qw(POST);
	use LWP::UserAgent;
	use JSON;

	my $webhook_url = 'your-webhook-url';
	my $default_channel = '#your-channel';

	my $ua = LWP::UserAgent->new;
	$ua->timeout(15);
	root@uslogdcnas04:/tmp# rsync --stats --progress test.file /tank/
	test.file
	5,885,362,176 100% 327.86MB/s 0:00:17 (xfr#1, to-chk=0/1)

	Number of files: 1 (reg: 1)
	Number of created files: 1 (reg: 1)
	Number of deleted files: 0
	Number of regular files transferred: 1
	Total file size: 5,885,362,176 bytes
	Total transferred file size: 5,885,362,176 bytes
	import probstat, os, sys, popen2

	# List of partitions possibly used in the array
	li = ['/dev/hde1', '/dev/hdg1', '/dev/hdi1', '/dev/hdk1', '/dev/sdc1', '/dev/sdd1', '/dev/sde1', '/dev/sdf1']

	# Assemble = Number of Devices in Array - Number of Parity Drives
	# RAID 6 uses 2 parity drives. So for an array of 10 partitions in RAID 6
	# you would set assemble to 8
	assemble = 5
	# Django
	11:57:29 [aaron@ender:~/code/mspdna-receiver] master(+3/-3)* ± ab -s 60 -r -n 1000 -c 1000 -p test.json -T application/json http://127.0.0.1:8000/hook/v2/31038d0b2f2e01083001905ad22a759c67b0b908/a52b6347-37c3-49d4-b7f8-dd389c4dd0b8/
	This is ApacheBench, Version 2.3 <$Revision: 1528965 $>
	Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
	Licensed to The Apache Software Foundation, http://www.apache.org/

	Benchmarking 127.0.0.1 (be patient)
	Completed 100 requests
	Completed 200 requests
	Completed 300 requests