I hereby claim:
- I am spasam on github.
- I am seshu (https://keybase.io/seshu) on keybase.
- I have a public key whose fingerprint is D64C C0FD 0430 3172 D769 6FB2 E685 47D5 05B0 88D6
To claim this, I am signing this object:
spasam
/ keybase.md
Last active
May 4, 2018 16:59
We can make this file beautiful and searchable if this error is corrected: It looks like row 5 should actually have 5 columns, instead of 4. in line 4.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| file,md5,sha1,sha256,sha512 | |
| log4j-core-2.0.1.jar,fbfa5f33ab4b29a6fdd52473ee7b834d,895130076efaf6dcafb741ed7e97f2d346903708,a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d,61a6665cafa2e3cc25904fe066ba7ff73538e5a0812dbc81a1f1084e3997a3603adc0f6a1cc969609e5a380af7e3ccc8be43be469fb594b665435a490323a55f | |
| log4j-core-2.0.2.jar,8c0cf3eb047154a4f8e16daf5a209319,13521c5364501478e28c77a7f86b90b6ed5dbb77,c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d,e8b734587166eccc9de6087982dd95666e6a703239cf89f3cb91981d4375c74bdebfceea038efe05e0accc7f2fdae9b3dce8bbecb3cfb831b3030129983f8f56 | |
| log4j-core-2.0-alpha1.jar,f5e2d2a9543ee3c4339b6f90b6cb01fc,e7dc681a6da4f2f203dccd1068a1ea090f67a057,006fc6623fbb961084243cfc327c885f3c57f2eba8ee05fbc4e93e5358778c85,e857af43e9b1093414801c44db30de6bc070a5193f7f3e47d3f867a2e67be186e8e5c115d108dfb52e5b44f8757b7ef2675ade3ac2e1f50330d23d715aeaf1bb | |
| log4j-core-2.0-alpha2.jar,2addabe2ceca2145955c02a6182f7fc5,685125b7b8bbd7c2f58259937090ac2ae9bcb129,bf4f41403280c1b115650d47 |
spasam
/ log4j-jndi.csv
Last active
December 15, 2021 18:05
JNDI URLs in the wild. Most of them ldap, but some with rmi, dns etc.
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host,url | |
| 0005f49368dd.bingsearchlib.com:39356,/a | |
| 000864ffaf5d.bingsearchlib.com:39356,/a | |
| 009cf07646dc.bingsearchlib.com:39356,/a | |
| 013982df19dc.bingsearchlib.com:39356,/a | |
| 01fde8c5eef6.bingsearchlib.com:39356,/a | |
| 023371450809.bingsearchlib.com:39356,/a | |
| 024e5d4e29f6.bingsearchlib.com:39356,/a | |
| 042hdmedy6s834ih3hdcssqig9m5d51u.burpcollaborator.net,/Kh | |
| 0455cf49e9f0.bingsearchlib.com:39356,/a |
spasam
/ sentinel-analytical-rules.csv
Created
February 8, 2023 18:56
Microsoft Azure Sentinel - Analytical Rules
We can make this file beautiful and searchable if this error is corrected: It looks like row 10 should actually have 2 columns, instead of 1. in line 9.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rule,"Red team bypass" | |
| Change To RDS Database,"Covers RDS, but where are the checks for Redshift, Elasticache, etc.?" | |
| Change To VPC,"Only checks for CreateNetworkAclEntry, CreateRoute, CreateRouteTable, CreateInternetGateway, CreateNatGateway API calls. There are many more APIs that can be used to make changes to a VPC: Peering, Transit Gateway, etc." | |
| Clear Stop Change Trail Logs,"Checks for UpdateTrail, DeleteTrail, StopLogging, DeleteFlowLogs, DeleteEventBus. What about DeleteQueryLoggingConfig or DeleteLogGroup?" | |
| Created CRUD DynamoDB Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
| Created CRUD IAM to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
| Created CRUD KMS Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
| Created CRUD S3 Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
| Created CRUD Lambda Policy to Privilege Escalation,"Can use wildcard in policy Actions to bypass" | |
| Created CloudFormation Poli |
spasam
/ sentinel-hunting-queries.csv
Created
February 8, 2023 19:00
Microsoft Azure Sentinel - Hunting Queries
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 6.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rule,"Red team bypass" | |
| Excessive Execution of Discovery Events,"Send User Agent HTTP header with aws-cli in it to bypass this" | |
| Failed Brute Force S3 Bucket,"Use HeadObject instead of GetObject to brute force" | |
| IAM Access Denied Discovery Events,"Send User Agent HTTP header that ends with .amazonaws.com to bypass this" | |
| IAM Policy Change,"Checks for AttachGroupPolicy, AttachRolePolicy, AttachUserPolicy, CreatePolicy, DeleteGroupPolicy, DeletePolicy, DeleteRolePolicy, DeleteUserPolicy, DetachGroupPolicy, PutUserPolicy, PutGroupPolicy, CreatePolicyVersion, DeletePolicyVersion, DetachRolePolicy, CreatePolicy. But what about DetachUserPolicy, PutRolePolicy, DeleteRolePermissionsBoundary, DeleteUserPermissionsBoundary, SetDefaultPolicyVersion, UpdateAssumeRolePolicy, etc. that also have similar impact?" | |
| Modification of Route Table Attributes," Check for CreateRoute, DeleteRoute, ReplaceRoute API calls. But what about associating or disassociating route tables with subnets? Also, doesn’t cover Transit Gateway route ta |
spasam
/ aws-scp-region-deny.json
Last active
March 25, 2023 20:45
Disallows access to unlisted operations in global and regional services outside of the specified regions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Condition": { | |
| "StringNotEquals": { | |
| "aws:RequestedRegion": [ | |
| "us-east-1", | |
| "us-west-2" | |
| ] |
spasam
/ aws-scp-root-accesskey.json
Last active
November 6, 2023 04:45
Secure your AWS accounts by disallowing creation of access keys for the root user, which will allow unrestricted access to all resources in the account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "GRRESTRICTROOTUSERACCESSKEYS", | |
| "Effect": "Deny", | |
| "Action": "iam:CreateAccessKey", | |
| "Resource": [ | |
| "*" | |
| ], |
spasam
/ aws-scp-root-actions.json
Last active
March 25, 2023 20:46
Secure your AWS accounts by disallowing account access with root user credentials, which are credentials of the account owner and allow unrestricted access to all resources in the account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "GRRESTRICTROOTUSER", | |
| "Effect": "Deny", | |
| "Action": "*", | |
| "Resource": [ | |
| "*" | |
| ], |
spasam
/ aws-scp-cross-region-networking.json
Last active
March 25, 2023 20:46
Disallow cross-region networking connections from Amazon EC2, Amazon CloudFront, and AWS Global Accelerator services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "GRDISALLOWCROSSREGIONNETWORKING", | |
| "Effect": "Deny", | |
| "Action": [ | |
| "ec2:CreateVpcPeeringConnection", | |
| "ec2:AcceptVpcPeeringConnection", | |
| "ec2:CreateTransitGatewayPeeringAttachment", |
spasam
/ aws-scp-config-agg-authz.json
Last active
March 25, 2023 20:53
Prevent deletion of AWS Config aggregation authorizations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "GRCONFIGAGGREGATIONAUTHORIZATIONPOLICY", | |
| "Effect": "Deny", | |
| "Action": [ | |
| "config:DeleteAggregationAuthorization" | |
| ], | |
| "Resource": [ |
OlderNewer