This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "Linux machines should meet requirements for the Azure compute security baseline - custom 2", | |
| "policyType": "Custom", | |
| "mode": "Indexed", | |
| "description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not configured correctly for one of the recommendations in the Azure compute security baseline.", | |
| "metadata": { | |
| "category": "Guest Configuration", | |
| "createdBy": "73175a57-a138-4125-8bf9-8373cff050bf", | |
| "createdOn": "2023-11-14T20:27:31.7401264Z", |
iknowjason
/ tag-exception-policy.json
Created
November 13, 2023 13:09
Azure policy exception sample rule. This policy checks for existence of a tag of 'Jason-Created-Resource'. Cloned from Azure default policy of "Linux machines should meet requirements for the Azure compute security baseline." If tag exists, it returns false on the logic check and rest of policy is ignored.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "Linux machines should meet requirements for the Azure compute security baseline", | |
| "policyType": "BuiltIn", | |
| "mode": "Indexed", | |
| "description": "Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the machine is not configured correctly for one of the recommendations in the Azure compute security baseline.", | |
| "metadata": { | |
| "version": "2.1.0", | |
| "category": "Guest Configuration", | |
| "requiredProviders": [ |
iknowjason
/ blockallextensions.json
Created
November 9, 2023 19:26
Azure policy block all vm extensions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "Block all azure vm extensions policy", | |
| "policyType": "Custom", | |
| "mode": "All", | |
| "metadata": { | |
| "version": "2.0.0", | |
| "createdBy": "73175a57-a138-4125-8bf9-8373cff050bf", | |
| "createdOn": "2023-11-09T19:12:54.3579633Z", | |
| "updatedBy": null, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "region" { | |
| default = "us-east-1" | |
| } | |
| resource "aws_ec2_host" "example_host" { | |
| instance_type = "mac1.metal" | |
| availability_zone = "us-east-2b" | |
| } | |
| data "aws_ami" "macos" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Secrets scanning at scale: 3 different tools | |
| # trufflehog | |
| #!/bin/bash | |
| # 1. get all repos: gh repo list <organization> --limit 1000 > repos.txt | |
| # 2. parse repos.txt so each line looks similar to: https://github.com/username/repo-name.git | |
| # Remotely scan the repos using trufflehog without downloading | |
| while IFS= read -r repo | |
| do |
iknowjason
/ gitleaks_docker.sh
Last active
February 16, 2022 19:00
aws_key.toml and gitleaks docker in one line
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Credit and props to Manoel Abreu @reefbr - Thank you man! | |
| # This one-liner uses dockerized gitleaks to detect a custom toml file with AWS access keys and secret | |
| wget https://gist.githubusercontent.com/iknowjason/64914c08c0512f7380dbe7240812d69d/raw/6044896415ba9adc02a055fe774f67e31ecddad0/aws_key.toml; docker run --rm -v "$PWD:/script" -v <GIT_DIRECTORY_FULL_PATH>/:/code/ --name=gitleaks zricethezav/gitleaks -v detect -c=/script/aws_key.toml -p=/code |
iknowjason
/ aws_key.toml
Created
July 23, 2021 01:07
AWS gitleaks configuration for access keys and secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title = "gitleaks aws secrets config" | |
| [[rules]] | |
| description = "AWS Key ID" | |
| regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' | |
| tags = ["key", "AWS"] | |
| [[rules]] | |
| description = "AWS Secret Key2" | |
| regex = '''(?i)aws_secret_key=''' | |
| tags = ["key", "AWS"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Start with a DNS domain as seed, and do some recon to check if domain is M365 / Azure tenant hosted | |
| # Insert your domain environment variable below | |
| DOMAIN="microsoft.com" | |
| # Check the getuserrealm.srf endpoint for domain information | |
| # Check autodiscover.$DOMAIN DNS entry | |
| host autodiscover.$DOMAIN | |
| # Note: Checks autodiscover forward lookup ~ you should see a CNAME record for autodiscover.$DOMAIN pointing to autodiscover.otulook.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # Author: Jason Ostrom | |
| ### | |
| # | |
| # Description: Connect to a redis server and print unique values for keys | |
| # | |
| ### | |
| # 1. Install python redis client | |
| # $sudo pip3 install redis | |
| # 2. Edit your HOST |
iknowjason
/ masscan_nmap4.py
Created
December 8, 2020 17:53
A python script that automates running masscan and nmap together. Just supply the first masscan command for hosts and ports
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Step 1: Edit your masscan command in the variable line below, correctly specifying your hosts and ports. You don't need to change the '-oJ mscan.xml' line as this is required. | |
| masscan_command = "sudo masscan 192.168.7.0/24 --rate 20000 -p1-3000 -oG mscan.xml" | |
| #Example masscan_command = "sudo masscan 192.168.7.0/24 --rate 20000 -p1-65535 -oG mscan.xml" | |
| #Example masscan_command = "sudo masscan 192.168.7.0/24 -p1-65535 -oG mscan.xml" | |
| ### Note: Make sure your output file name is 'mscan.txt' | |
| ### Step 2: Run this script | |
| ### python3 masscan_nmap4.py | |
| import os |
NewerOlder