I hereby claim:
- I am spasam on github.
- I am seshu (https://keybase.io/seshu) on keybase.
- I have a public key whose fingerprint is D64C C0FD 0430 3172 D769 6FB2 E685 47D5 05B0 88D6
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
file,md5,sha1,sha256,sha512 | |
log4j-core-2.0.1.jar,fbfa5f33ab4b29a6fdd52473ee7b834d,895130076efaf6dcafb741ed7e97f2d346903708,a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d,61a6665cafa2e3cc25904fe066ba7ff73538e5a0812dbc81a1f1084e3997a3603adc0f6a1cc969609e5a380af7e3ccc8be43be469fb594b665435a490323a55f | |
log4j-core-2.0.2.jar,8c0cf3eb047154a4f8e16daf5a209319,13521c5364501478e28c77a7f86b90b6ed5dbb77,c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d,e8b734587166eccc9de6087982dd95666e6a703239cf89f3cb91981d4375c74bdebfceea038efe05e0accc7f2fdae9b3dce8bbecb3cfb831b3030129983f8f56 | |
log4j-core-2.0-alpha1.jar,f5e2d2a9543ee3c4339b6f90b6cb01fc,e7dc681a6da4f2f203dccd1068a1ea090f67a057,006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85,e857af43e9b1093414801c44db30de6bc070a5193f7f3e47d3f867a2e67be186e8e5c115d108dfb52e5b44f8757b7ef2675ade3ac2e1f50330d23d715aeaf1bb | |
log4j-core-2.0-alpha2.jar,2addabe2ceca2145955c02a6182f7fc5,685125b7b8bbd7c2f58259937090ac2ae9bcb129,bf4f41403280c1b115650d47 |
host,url | |
0005f49368dd.bingsearchlib.com:39356,/a | |
000864ffaf5d.bingsearchlib.com:39356,/a | |
009cf07646dc.bingsearchlib.com:39356,/a | |
013982df19dc.bingsearchlib.com:39356,/a | |
01fde8c5eef6.bingsearchlib.com:39356,/a | |
023371450809.bingsearchlib.com:39356,/a | |
024e5d4e29f6.bingsearchlib.com:39356,/a | |
042hdmedy6s834ih3hdcssqig9m5d51u.burpcollaborator.net,/Kh | |
0455cf49e9f0.bingsearchlib.com:39356,/a |
Rule,"Red team bypass" | |
Change To RDS Database,"Covers RDS, but where are the checks for Redshift, Elasticache, etc.?" | |
Change To VPC,"Only checks for CreateNetworkAclEntry, CreateRoute, CreateRouteTable, CreateInternetGateway, CreateNatGateway API calls. There are many more APIs that can be used to make changes to a VPC: Peering, Transit Gateway, etc." | |
Clear Stop Change Trail Logs,"Checks for UpdateTrail, DeleteTrail, StopLogging, DeleteFlowLogs, DeleteEventBus. What about DeleteQueryLoggingConfig or DeleteLogGroup?" | |
Created CRUD DynamoDB Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
Created CRUD IAM to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
Created CRUD KMS Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
Created CRUD S3 Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
Created CRUD Lambda Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
Created CloudFormation Poli |
Rule,"Red team bypass" | |
Excessive Execution of Discovery Events,"Send User Agent HTTP header with aws-cli in it to bypass this" | |
Failed Brute Force S3 Bucket,"Use HeadObject instead of GetObject to brute force" | |
IAM Access Denied Discovery Events,"Send User Agent HTTP header that ends with .amazonaws.com to bypass this" | |
IAM Policy Change,"Checks for AttachGroupPolicy, AttachRolePolicy, AttachUserPolicy, CreatePolicy, DeleteGroupPolicy, DeletePolicy, DeleteRolePolicy, DeleteUserPolicy, DetachGroupPolicy, PutUserPolicy, PutGroupPolicy, CreatePolicyVersion, DeletePolicyVersion, DetachRolePolicy, CreatePolicy. But what about DetachUserPolicy, PutRolePolicy, DeleteRolePermissionsBoundary, DeleteUserPermissionsBoundary, SetDefaultPolicyVersion, UpdateAssumeRolePolicy, etc. that also have similar impact?" | |
Modification of Route Table Attributes," Check for CreateRoute, DeleteRoute, ReplaceRoute API calls. But what about associating or disassociating route tables with subnets? Also, doesn’t cover Transit Gateway route ta |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Condition": { | |
"StringNotEquals": { | |
"aws:RequestedRegion": [ | |
"us-east-1", | |
"us-west-2" | |
] |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "GRRESTRICTROOTUSERACCESSKEYS", | |
"Effect": "Deny", | |
"Action": "iam:CreateAccessKey", | |
"Resource": [ | |
"*" | |
], |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "GRRESTRICTROOTUSER", | |
"Effect": "Deny", | |
"Action": "*", | |
"Resource": [ | |
"*" | |
], |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "GRDISALLOWCROSSREGIONNETWORKING", | |
"Effect": "Deny", | |
"Action": [ | |
"ec2:CreateVpcPeeringConnection", | |
"ec2:AcceptVpcPeeringConnection", | |
"ec2:CreateTransitGatewayPeeringAttachment", |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "GRCONFIGAGGREGATIONAUTHORIZATIONPOLICY", | |
"Effect": "Deny", | |
"Action": [ | |
"config:DeleteAggregationAuthorization" | |
], | |
"Resource": [ |