petergs petergs

## pdf-extract-images.py
#! /usr/bin/python3

# This script requires pdfimage (poppler-utils) and convert (imagemagick)

# Raw images will be written to <OUTPUT_DIR>/15-organized
# Attempts at merging masks and images will be output to <OUTPUT_DIR/30-masked>
# A sample of one image using all compose methods will be written to <OUTPUT_DIR>/25-samples

# Rewritten from https://gist.github.com/bendavis78/ed22a974c2b4534305eabb2522956359

## rss-8k-1_05-filings.js
let Parser = require('rss-parser');

const url = 'https://www.sec.gov/cgi-bin/browse-edgar?action=getcurrent&CIK=&type=8-K&company=&dateb=&owner=include&start=40&count=40&output=atom'
let parser = new Parser({
    headers: {
        'User-Agent': 'Company Name admin@company.net'
    },
});

(async () => {

## create_gha_oidc_in_aws.sh
#!/bin/bash

# Script to create OIDC provider for GitHub Actions
# This script creates an OIDC provider in AWS for GitHub Actions to assume roles
# It also creates an IAM role with the appropriate trust policy for the specified repository

set -euo pipefail  # Exit on error, undefined variables, and pipe failures

# Color codes for output formatting
readonly RED='\033[0;31m'

## CloudTrail.csv
"Initial Access","Execution","Persistence","Privilege Escalation","Defense Evasion","Credential Access","Discovery","Lateral Movement","Exfiltration","Impact"
ConsoleLogin,StartInstance,CreateAccessKey,CreateGroup,StopLogging,GetSecretValue,ListUsers,AssumeRole,CreateSnapShot,PutBucketVersioning
PasswordRecoveryRequested,StartInstances,CreateUser,CreateRole,DeleteTrail,GetPasswordData,ListRoles,SwitchRole,ModifySnapshotAttributes ,RunInstances
,Invoke,CreateNetworkAclEntry,UpdateAccessKey,UpdateTrail,RequestCertificate,ListIdentities,,ModifyImageAttribute,DeleteAccountPublicAccessBlock
,SendCommand,CreateRoute,PutGroupPolicy,PutEventSelectors,UpdateAssumeRolePolicy,ListAccessKeys,,SharedSnapshotCopyInitiated,
,,CreateLoginProfile,PutRolePolicy,DeleteFlowLogs,,ListServiceQuotas,,SharedSnapshotVolumeCreated,
,,AuthorizeSecurityGroupEgress,PutUserPolicy,DeleteDetector,,ListInstanceProfiles,,ModifyDBSnapshotAttribute,
,,AuthorizeSecurityGroupIngress,AddRoleToInstanceProfile,DeleteMembers,,ListBuckets,,PutBucketP

## azure_client_ids.txt
00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management
04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI
0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA
18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs
1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell
1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight
1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell
1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams
22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client
268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client

## typescript-crash.ts
// Basic Types
let id: number = 5
let company: string = 'Traversy Media'
let isPublished: boolean = true
let x: any = 'Hello'

let ids: number[] = [1, 2, 3, 4, 5]
let arr: any[] = [1, true, 'Hello']

// Tuple

## macOS-IR-Forensics.md

      
              1 file
            
          
              24 forks
            
          
                2 comments
              
            
              129 stars
            
          
                0xmachos
                / macOS-IR-Forensics.md
            
            
              Last active
              September 6, 2025 08:20
            
              
                If someone wants to learn MacOS IR/forensics what’s the best resource for that?
              
          
Sarah Edwards (@iamevltwin)

mac4n6.com
SANS FOR518: Mac and iOS Forensic Analysis and Incident Response
Apple Pattern of Life Lazy Output'er


Unified Log

Howard Oakley @howardnoakley

Unified log: 1 why, what and how
Unified log: 2 content and extraction


Unified log: 3 finding your way


## gist:b473bbb3097c5f4c656ed3d07b4d2222
acm-pca:CreateCertificateAuthority
aws-marketplace:AcceptAgreementApprovalRequest
aws-marketplace:Subscribe
backup:PutBackupVaultLockConfiguration
bedrock:CreateProvisionedModelThroughput
bedrock:UpdateProvisionedModelThroughput
devicefarm:PurchaseOffering
dynamodb:PurchaseReservedCapacityOfferings
ec2:ModifyReservedInstances
ec2:PurchaseCapacityBlock
	#! /usr/bin/python3

	# This script requires pdfimage (poppler-utils) and convert (imagemagick)

	# Raw images will be written to <OUTPUT_DIR>/15-organized
	# Attempts at merging masks and images will be output to <OUTPUT_DIR/30-masked>
	# A sample of one image using all compose methods will be written to <OUTPUT_DIR>/25-samples

	# Rewritten from https://gist.github.com/bendavis78/ed22a974c2b4534305eabb2522956359
	let Parser = require('rss-parser');

	const url = 'https://www.sec.gov/cgi-bin/browse-edgar?action=getcurrent&CIK=&type=8-K&company=&dateb=&owner=include&start=40&count=40&output=atom'
	let parser = new Parser({
	headers: {
	'User-Agent': 'Company Name admin@company.net'
	},
	});

	(async () => {
	#!/bin/bash

	# Script to create OIDC provider for GitHub Actions
	# This script creates an OIDC provider in AWS for GitHub Actions to assume roles
	# It also creates an IAM role with the appropriate trust policy for the specified repository

	set -euo pipefail # Exit on error, undefined variables, and pipe failures

	# Color codes for output formatting
	readonly RED='\033[0;31m'
	"Initial Access","Execution","Persistence","Privilege Escalation","Defense Evasion","Credential Access","Discovery","Lateral Movement","Exfiltration","Impact"
	ConsoleLogin,StartInstance,CreateAccessKey,CreateGroup,StopLogging,GetSecretValue,ListUsers,AssumeRole,CreateSnapShot,PutBucketVersioning
	PasswordRecoveryRequested,StartInstances,CreateUser,CreateRole,DeleteTrail,GetPasswordData,ListRoles,SwitchRole,ModifySnapshotAttributes ,RunInstances
	,Invoke,CreateNetworkAclEntry,UpdateAccessKey,UpdateTrail,RequestCertificate,ListIdentities,,ModifyImageAttribute,DeleteAccountPublicAccessBlock
	,SendCommand,CreateRoute,PutGroupPolicy,PutEventSelectors,UpdateAssumeRolePolicy,ListAccessKeys,,SharedSnapshotCopyInitiated,
	,,CreateLoginProfile,PutRolePolicy,DeleteFlowLogs,,ListServiceQuotas,,SharedSnapshotVolumeCreated,
	,,AuthorizeSecurityGroupEgress,PutUserPolicy,DeleteDetector,,ListInstanceProfiles,,ModifyDBSnapshotAttribute,
	,,AuthorizeSecurityGroupIngress,AddRoleToInstanceProfile,DeleteMembers,,ListBuckets,,PutBucketP
	00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management
	04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI
	0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA
	18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs
	1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell
	1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight
	1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell
	1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams
	22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client
	268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client
	// Basic Types
	let id: number = 5
	let company: string = 'Traversy Media'
	let isPublished: boolean = true
	let x: any = 'Hello'

	let ids: number[] = [1, 2, 3, 4, 5]
	let arr: any[] = [1, true, 'Hello']

	// Tuple
	acm-pca:CreateCertificateAuthority
	aws-marketplace:AcceptAgreementApprovalRequest
	aws-marketplace:Subscribe
	backup:PutBackupVaultLockConfiguration
	bedrock:CreateProvisionedModelThroughput
	bedrock:UpdateProvisionedModelThroughput
	devicefarm:PurchaseOffering
	dynamodb:PurchaseReservedCapacityOfferings
	ec2:ModifyReservedInstances
	ec2:PurchaseCapacityBlock