Skip to content

Instantly share code, notes, and snippets.

View rkhan99e's full-sized avatar

rkhan99e

1 follower · 3 following
View GitHub Profile
@rkhan99e
rkhan99e / convert-json-yaml.ps1
Created April 3, 2024 14:01
# Input Parameters
param(
[Parameter(Mandatory=$false)]
[string]$InputFile,
[Parameter(Mandatory=$false)]
[string]$OutputFile
)
# Ref: https://www.powershellgallery.com/packages/PSYaml/1.0.2/Content/Public%5CConvertTo-Yaml.ps1
function ConvertTo-Yaml
@rkhan99e
rkhan99e / cmd-app.md
Created March 21, 2024 23:31
cmd-app

(env) ➜ huggingface cat app3.py import argparse import sys

def main(): # Create the top-level parser parser = argparse.ArgumentParser(description="Process some files.") subparsers = parser.add_subparsers(dest='action', required=True, help='Action to perform')

Create the parser for the "lint" command

@rkhan99e
rkhan99e / azureinfo.md
Created March 17, 2024 13:06
Azure Entra ID Knoweldge

App registration permissions

There are two permissions available for granting the ability to create application registrations, each with different behavior.

microsoft.directory/applications/createAsOwner: Assigning this permission results in the creator being added as the first owner of the created app registration, and the created app registration counts against the creator's 250 created objects quota.
microsoft.directory/applications/create: Assigning this permission results in the creator not being added as the first owner of the created app registration, and the created app registration won't count against the creator's 250 created objects quota. Use this permission carefully, because there's nothing preventing the assignee from creating app registrations until the directory-level quota is hit. If both permissions are assigned, this permission takes precedence.
@rkhan99e
rkhan99e / Transactiona MFA.md
Created March 10, 2024 22:29
Transactional MFA

Comparing step-up authentication with MFA using OAuth/OpenID Connect versus using the Authentication API requires examining various factors, including flexibility, integration complexity, and use-case alignment. Here's a breakdown:

OAuth/OpenID Connect

Pros:

  • Standardization: Leverages widely accepted standards, ensuring compatibility across a broad range of platforms and services.
  • Ecosystem Support: Supported by a vast ecosystem of tools, libraries, and services, facilitating easier integration and maintenance.
  • Delegation: Designed for delegation scenarios, allowing third-party applications secure access without exposing user credentials.
  • User Experience: Can offer a smoother user experience, especially for web and mobile applications, by utilizing familiar login flows and minimizing additional prompts.
@rkhan99e
rkhan99e / API_Sec-API 2019 - The Improper Assets Management.md
Last active September 17, 2023 09:35
API Penetration Testing / Categories / Testing for Improper Assets Management / Improper Assets Management Assessment

when I was doing API 2019 - The Improper Assets Management - during the final exam noticed the following issue:

Question #4 Multi-choice response is incorrect:

Question (and answer):

The API response:

@rkhan99e
rkhan99e / multi-step-request.py
Created August 17, 2023 15:26
Burpsuite - Turbo Intruder Example
import re
import time
# Parameters to configure
re_csrf = 'name="csrf" value="([\w\d]+)"'
re_session = 'session=([\w\d]+)'
url='https://0add0030040299378166d901002800a1.web-security-academy.net'
delay=1 #sec
max_concurrent=5
max_thread=10