terraform plan -out=tfplan
terraform show tfplan | less -R
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 1. install iamlive | |
| brew install iann0036/iamlive/iamlive | |
| # 2. run iamlive | |
| iamlive --mode proxy --output-file readonly.json --force-wildcard-resource | |
| # 3. in a separate terraform window | |
| export HTTP_PROXY=http://127.0.0.1:10080 | |
| export HTTPS_PROXY=http://127.0.0.1:10080 | |
| export AWS_CA_BUNDLE=~/.iamlive/ca.pem |
petergs
/ Invoke-EnumerateAzureBlobs.ps1
Last active
June 5, 2025 20:42
Updated Invoke-EnumerateAzureBlobs.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| File: Invoke-EnumerateAzureBlobs.ps1 | |
| Author: Karl Fosaaen (@kfosaaen), NetSPI - 2018 | |
| Description: PowerShell function for enumerating public Azure Blob file resources. | |
| Parts of the Permutations.txt file borrowed from - https://github.com/brianwarehime/inSp3ctor | |
| Small updates by @petergs captured in these PRs: | |
| - https://github.com/NetSPI/MicroBurst/pull/53 | |
| - https://github.com/NetSPI/MicroBurst/pull/54 | |
| #> |
- https://www.kandji.io/blog/mac-logging-and-the-log-command-a-guide-for-apple-admins
- https://www.crowdstrike.com/en-us/blog/how-to-leverage-apple-unified-log-for-incident-response/
- https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/Predicates/AdditionalChapters/Introduction.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import pathlib | |
| import sys | |
| def upload(access_token: str, file_path: str, file_name: str): | |
| headers = { | |
| 'Authorization': f'Bearer {access_token}', | |
| 'Content-Type': 'text/plain' | |
| } |
I've generally found the Microsoft Graph CLI (mgc) hard to work with.
In many cases, harder than using the Graph API endpoints directly or language-specific SDKs. In general, Entra directory-related
commands seem to work well, but other parts of the Graph API are rough around the edges from a usability perspective.
This doc provides some quick examples so I never have to work through the trial-and-error of figuring them out again.
Listing and downloading items
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| curl "https://login.microsoftonline.com/getuserrealm.srf?login=$1&json=1" |
Fidelity-themed phishing campaign observed November 2024
Techniques & Tactics
- Use of CloudFlare anti-bot features to prevent automated access
- Use of server-based User-Agent checks to discourage access by non-phone devices
- Use of Javascript-based checks on viewport dimensions and User-Agent to discourage access by non-phone devices
- Phishing
csv of pre-consented first-party applications listed via the servicePrincipals endpoint
The list (microsoft-first-party-applications.csv) can be generated via
mgc service-principals list --all --filter "appOwnerOrganizationId eq f8cdef31-a31e-4b4a-93e4-5f571e91255a" --count true --consistency-level eventual --select appId,displayName | jq -r '.value[] | [.appId, .displayName] | @csv'
This list is more extensive, but is missing entries compared to this page from Microsoft Documentation: Verify first-party Microsoft applications in sign-in reports. These applications are captured in applications-from-docs.csv.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # pre-consented first-party Microsoft apps with registered service principals | |
| mgc service-principals list --all --filter "appOwnerOrganizationId eq f8cdef31-a31e-4b4a-93e4-5f571e91255a" --count true --consistency-level eventual --select id,displayName |
NewerOlder