manicminer

For some reason, it is surprisingly hard to create a bootable Windows USB using macOS. These are my steps for doing so, which have worked for me in macOS Monterey (12.6.1) for Windows 10 and 11. After following these steps, you should have a bootable Windows USB drive.

1. Download a Windows disc image (i.e. ISO file)

You can download Windows 10 or Windows 11 directly from Microsoft.

2. Identify your USB drive

After plugging the drive to your machine, identify the name of the USB device using diskutil list, which should return an output like the one below. In my case, the correct disk name is disk2.

manicminer

#!/bin/bash
#
# transcode-video.sh
#
# Copyright (c) 2013-2015 Don Melton
#

about() {
    cat <<EOF
$program 5.13 of April 8, 2015

manicminer

According to several forums, you can disable HSTS by introducing a new configuration variable. First, go to the Firefox configuration page (about:config), right-click, choose "New Integer", then provide the name "test.currentTimeOffsetSeconds" (no quotes) with a value of 11491200. This should bypass HSTS, although you may also need to clear the Cache and Active Logins in the Clear Recent History dialog (Ctrl-Shift-Del).

This apparently works because of a function called GetPreloadListEntry that checks to see if the current time is less than the next list expiration time; since the time is effectively calculated to be later than the expiration time, no check is performed. This effectively disables HSTS checks.

manicminer

set http or socks proxy environment variables

# set http proxy
export http_proxy=http://PROXYHOST:PROXYPORT

# set http proxy with user and password
export http_proxy=http://USERNAME:PASSWORD@PROXYHOST:PROXYPORT

# set http proxy with user and password (with special characters)

manicminer

Howto be a Hacker/Pentester/Security person - List of resources

I've just stolen HypnZA list of suggested links and added a few others by various people. (Please feel free to send me other links/info you think might be useful to add.)

HypnZA's commonly shared list (in the correct order):

1. https://www.hacksplaining.com
2. https://pentesterlab.com/exercises/web_for_pentester and https://pentesterlab.com/exercises/web_for_pentester_II
3. Watch Ippsec's HackTheBox videos from oldest to newest, but attempt the box in the video before watching the video (requires a paid hackthebox account to access the machines in the videos)

manicminer

BLURGHETY BLURRRRRRRM

manicminer

Ansible invocation with assumed IAM role

How it works

• boto3 initializes a session using the specified profile, for which it assumes a role as configured in your ~/.aws/config
• Python script with above session initialization prints out shell-compatible environment variables of the temporary credentials
• Wrapper script sets these a la eval
• By the time Ansible runs, the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN (for boto2) / AWS_SESSION_TOKEN (for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modules

Notes

manicminer

commit e244234a7f5cadaf885712b52f1e6eaf1231f734
Merge: 90011cd c0ceebe
Author: Tom Bamford <tom@bamford.co.za>
Date:   Wed Dec 7 11:53:37 2016 +0000

    Merged in tom-nfs-fix (pull request #8)
    
    NFS module fix

commit c0ceebee14b2bc8bdbdb81ab03efa07a25086c2a

manicminer

commit e244234a7f5cadaf885712b52f1e6eaf1231f734
Merge: 90011cd c0ceebe
Author: Tom Bamford <tom@bamford.co.za>
Date:   Wed Dec 7 11:53:37 2016 +0000

    Merged in tom-nfs-fix (pull request #8)
    
    NFS module fix

commit c0ceebee14b2bc8bdbdb81ab03efa07a25086c2a

manicminer

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.