| /** | |
| * Handler that will be called during the execution of a PostLogin flow. | |
| * | |
| * @param {Event} event - Details about the user and the context in which they are logging in. | |
| * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login. | |
| */ | |
| const sdk = require('api')('@kolidek2/v0.1.0#fs30l4gl0u0cv0n'); | |
| const { DateTime } = require('luxon'); | |
| const maxMinuteSinceLastSeen = 5 |
| #!/bin/bash | |
| # Disables EKS features of GuardDuty that have been automatically enabled. | |
| # Run from the account that is your GuardDuty delegated admin account. | |
| # Assumes that GuardDuty is enabled in all regions with a single detector and that auto-enable is turned on. | |
| # If it isn't on in all regions you may need to adjust how you populate the list or regions. | |
| # If you don't want auto-enable turned on change --auto-enable to --no-auto-enable | |
| # If you have multiple detectors, I leave it as an excercise to the reader to deal with that. | |
| # xargs is used since update-member-detectors has an apparent limit of 12 accounts per call |
| import re | |
| from urllib.parse import unquote | |
| FLAGS = re.IGNORECASE | re.DOTALL | |
| ESC_DOLLAR = r'(?:\$|[\\%]u0024||\\x24|\\0?44|%24)' | |
| ESC_LCURLY = r'(?:\{|[\\%]u007B|\\x7B|\\173|%7B)' | |
| ESC_RCURLY = r'(?:\}|[\\%]u007D|\\x7D|\\175|%7D)' | |
| _U_PERCENT_ESCAPE_RE = re.compile(r'%(u[0-9a-f]{4})', flags=FLAGS) | |
| _PERCENT_ESCAPE_RE = re.compile(r'%[0-9a-f]{2}', flags=FLAGS) |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
| route53domains:RegisterDomain | |
| route53domains:RenewDomain | |
| route53domains:TransferDomain | |
| ec2:ModifyReservedInstances | |
| ec2:PurchaseHostReservation | |
| ec2:PurchaseReservedInstancesOffering | |
| ec2:PurchaseScheduledInstances | |
| rds:PurchaseReservedDBInstancesOffering | |
| dynamodb:PurchaseReservedCapacityOfferings | |
| s3:PutObjectRetention |
| Mute these words in your settings here: https://twitter.com/settings/muted_keywords | |
| ActivityTweet | |
| generic_activity_highlights | |
| generic_activity_momentsbreaking | |
| RankedOrganicTweet | |
| suggest_activity | |
| suggest_activity_feed | |
| suggest_activity_highlights | |
| suggest_activity_tweet |
| package jwtex | |
| import ( | |
| "encoding/base64" | |
| "encoding/json" | |
| "fmt" | |
| "strings" | |
| "testing" | |
| ) |
Tutorials for running live Kali on OSX often require you have networking on your laptop to apt install the drivers, but without an ethernet adapter you're not going to be able to do that, so this tutorial will cover a method of doing this manually, using another thumbdrive or external data source.
Download the appropriate Kali Linux .iso
I used a 64 bit .iso image, downloaded via HTTP.
| $ ./try_local_metadata.sh | |
| Trying 169.254.169.254... found metadata | |
| Trying 169.254.43518... found metadata | |
| Trying 169.16689662... found metadata | |
| Trying 2852039166... found metadata | |
| Trying 0251.0376.0251.0376... found metadata | |
| Trying 0251.0376.0124776... found metadata | |
| Trying 251.0775248... - | |
| Trying 25177524776... - | |
| Trying 0xa9.0xfe.0xa9.0xfe... found metadata |
Download the appropriate Kali Linux .iso
I used a 64 bit .iso image, downloaded via HTTP. I downloaded the amd64 weekly version, as the pool linux headers (needed below for installation of wireless drivers) were ahead of the stable release kernel.
Download the SHA256SUMS and SHA256SUMS.gpg files from the same location.