Skip to content

Instantly share code, notes, and snippets.

View marcinantkiewicz's full-sized avatar

Marcin Antkiewicz marcinantkiewicz

View GitHub Profile
marcinantkiewicz /
Created April 23, 2024 15:22 — forked from fartbagxp/
Testing eDNS with dig
#! /usr/bin/env sh
while getopts sf:p ARG
case "${ARG}" in
p) PULL=1;;
*) echo "\nReads GCP cloudbuild config, lists secrets contained in the file\n\nUsage: $(basename $0) [-s] -f filename\n -s short output, do not display google secrets path\n -f cloudbuild config to read\n -p list values for the secrets from GCP, in a format ready to be exported into bash\n\n" && exit 1;
marcinantkiewicz /
Created November 10, 2023 16:42
read cloudbuild manifest, find secrets, pull them from Secrets Manager, and display in a way where they can be saved in env.
#! /usr/bin/env sh
set -o pipefail
FILEPATH=$1; shift;
function pull_secrets {
MANIFEST=$1; shift;
SECRETS=$(cat "${MANIFEST}" | jq -r '.availableSecrets.secretManager[] | .env + "=" + .versionName');
PROJECT_ID=$(gcloud projects list --filter $(gcloud config get project) --format="value(PROJECT_NUMBER)")
-- A quick hammerspoon to use the buttons on my Akai LPD8
-- which is a pretty fun little drum pad that can be had
-- for $40-50 bucks if you shop around:
devices = hs.midi.virtualSources()
marcinantkiewicz / newline_in_search_params.yaml
Created March 23, 2023 21:33
nuclei template - newline in search params
id: newline_search_params
name: newline_search_params
author: f
severity: low
description: search param set to newline results in empty response
tags: inputvalidation
marcinantkiewicz / list_repos.js
Created March 18, 2023 23:47
List GitHub repos via browser console
// go to, open JS console
// run the below. Once done, extract with "JSON.parse(sessionStorage.repolist).forEach((e)=>{console.log(e)})"
// The following will covert from https to ssh endpoint link
// %s/$/.git/
// %s/https:\/\//git@/
// %s/\.com\//\.com:/
function extract(){
marcinantkiewicz / _
Last active February 8, 2023 22:49
This repo provides a trivial example script, and shows how SpectreOps preflight adds a checksum verification step to the curl| bash.. pipe installer.

verify packages installed via 'curl | bash'

Spectral Ops preflight provides an easy way to add an integrity check to the pipe installed, turning them into 'curl | checksum | bash'.


The process takes has two steps:

  1. calculate the checksum
  2. pass the downloaded script through preflight when executing, preflight will pass the input to its output if the calculated and provided hashes match.
if (-Not([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")){
Write-Host "Not admin, elvevating"
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit
else {
Write-Host "I hate PS so, so much"
Start-Sleep -Second 5

Generating Authy passwords on other authenticators

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

* No IAM users, the exceptions are cases where username/password is a requirement that cannot be changed.
* Users login as roles, it OK to start with * for Action and Resource
* Role policy requires MFA
* use aws-vault
Practices/functionality to adopt soon
* create org structure
* terraform (or similar)
* account per project/environment