Skip to content

Instantly share code, notes, and snippets.

Scott Stout skout23

Block or report user

Report or block skout23

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@skout23
skout23 / logs_insights_queries.txt
Created Feb 11, 2019
Scratch Pad ideas for Cloudtrail queries using AWS Cloudwatch Logs Insights
View logs_insights_queries.txt
```
filter eventName="ConsoleLogin"
| stats count(*) as eventCount by userIdentity.userName, sourceIPAddress
| sort eventCount desc
filter not sourceIPAddress =~ /^(?i)123.123.123.123/ and userIdentity.userName =~/^(?i)\w/
| stats count(*) as eventCount by eventName, userIdentity.userName, sourceIPAddress
| sort eventCount desc
filter eventName="ConsoleLogin"
@skout23
skout23 / s3_bucket_sizes.sh
Created Feb 1, 2019
Get the latest size in bytes of all s3 buckets given a list of profiles
View s3_bucket_sizes.sh
#!/bin/bash
aws_profile=("default" "otherprofile");
region="us-east-1"
# setting the expected date() format BSD style (macos)
start_time="$(date -v-2d '+%Y-%m-%d')"
end_time="$(date '+%Y-%m-%d')"
#loop AWS profiles array incase we provide more than 1 profile
for profile in "${aws_profile[@]}"; do
@skout23
skout23 / buffer_overflow.c
Last active Apr 26, 2018
simple buffer_overflow for testing afl
View buffer_overflow.c
/*
Compile with:
afl-gcc -fno-stack-protector -z execstack buffer_overflow.c -o buffer_overflow
gcc -fno-stack-protector -z execstack buffer_overflow.c -o buffer_overflow
*/
#include <stdio.h>
#include <string.h>
View pyenv + virtualenv all the things
# should pick up pyenv as dep
brew install pyenv-virtualenv
# add to your .bash_profile or other .profile
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
# List available pythons versions
$ pyenv install -l
@skout23
skout23 / too short.txt
Created Oct 4, 2015
Fixing suricata on 12.04 ubuntu
View too short.txt
aptitude install suricata
...
sudo modprobe nfnetlink_queue
View GeoIP Product Id's
ProductID Database
106 GeoIP.dat
111 GeoIPOrg.dat
112/115 GeoIPRegion.dat
117 GeoIPASNum.dat
119 GeoIPUserType.dat
121/122 GeoIPISP.dat
132/133 GeoIPCity.dat
135 GeoIPAreaCode.dat
137 GeoIPDMACode.dat
@skout23
skout23 / mario.rb
Created Aug 7, 2015
quick poc to print out the mario half pyramid
View mario.rb
#!/usr/bin/env ruby
#
# quick poc to print out the mario half pyramid
#
#
def pymid(base)
1.upto(base) do |row|
str = "#" * row
@skout23
skout23 / codewatcher.rb
Created Oct 29, 2014
simple-ish rss atom feed watcher to alert when a code change has taken place
View codewatcher.rb
# script to watch production code commit log and send a diff of if any changes for PCI regulation needs
require 'rss'
require 'openssl'
DEBUG = false
# set the local store for marshalled data
$prod_code_last_reported_date = '/home/someuser/bin/watch_rss/data/last_reported.yml'
@skout23
skout23 / gimmetime.rb
Created Oct 7, 2014
stupid import thing
View gimmetime.rb
#!/usr/bin/env ruby
require 'time'
$output = File.open("tstamp.csv",'w')
$input = File.open("dork.in",'r')
def gimmetime(str)
d1 = Time.parse(str)
rm1 = Random.new
@skout23
skout23 / get_vm_list
Created Sep 2, 2014
silly wrapper for azure vm list to a hash.
View get_vm_list
~$ azure vm list
info: Executing command vm list
data: DNS Name VM Name Status
data: -------------------------------- ----------- ---------
data: my-vm-name.cloudapp-preview.net my-vm0 ReadyRole
data: my-vm-name.cloudapp-preview.net my-vm1 ReadyRole
data: my-vm-name.cloudapp-preview.net my-vm2 ReadyRole
data: my-vm-name.cloudapp-preview.net my-vm3 NotReady
data: my-vm-name.cloudapp-preview.net my-vm4 ReadyRole
data: my-vm-name.cloudapp-preview.net my-vm5 ReadyRole
You can’t perform that action at this time.