zined

#!/usr/bin/python

import boto3
import time

client = boto3.client('logs')

now = time.time() * 1000 # milliseconds

logGroupName = "/some/loggroup/name"

zined

/*
 * CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
 * Copyright (C) 2021 Qualys, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,

zined

CVE-2020-0601 AKA ChainOfFools

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

zined

# Insomni'hack Teaser 2017 "winworld" task exploit
#
# Author:    Mateusz "j00ru" Jurczyk
# Date:      21 January 2017
#
import os
import random
import string
import sys
import struct

zined

#!/usr/bin/env bash

set -eu

USERS="$( aws iam get-group --group-name ssh --query 'Users[].UserName' --output text )"

for USER in $USERS; do
  PUBLIC_KEY_IDS="$( aws iam list-ssh-public-keys --user-name $USER --query 'SSHPublicKeys[].SSHPublicKeyId' --output text )"
  for PUBLIC_KEY_ID in $PUBLIC_KEY_IDS; do
    PUBLIC_KEY=$( aws iam get-ssh-public-key --user-name $USER --ssh-public-key-id $PUBLIC_KEY_ID --encoding SSH --query 'SSHPublicKey.SSHPublicKeyBody' --output text )

zined

#!/bin/bash

usage() {
        echo "usage: ${0} database target_directory"
        exit 127 
}

database="${1}"
if [ -z "${database}" ]; then
        usage

zined

Enforce CloudTrail in Child Accounts via Cloudformation Cross-Account StackSets

Prepare StackSet IAM Roles

Following http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html

• Login to Parent Account and (open in new Tab)
• Write down Parent Account Id (we need it later)
• For each Child Account, Login to Child Account and [](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=cfn-stackset-child&templateURL=https://s3.amazonaws.com/cloudformation-stackset-sample-templates-us-east-1/AWSCloudFormationS

zined

[dadrian@platzhalter.gmbh@ip-10-0-9-244 ~]$ kdestroy -A
[dadrian@platzhalter.gmbh@ip-10-0-9-244 ~]$ klist
klist: Credentials cache keyring 'persistent:818801110:krb_ccache_eHUMT0r' not found
[dadrian@platzhalter.gmbh@ip-10-0-9-244 ~]$
[dadrian@platzhalter.gmbh@ip-10-0-9-244 ~]$ ssh $( hostname -f )
dadrian@platzhalter.gmbh@ip-10-0-9-244.platzhalter.gmbh's password:

[dadrian@platzhalter.gmbh@ip-10-0-9-244 ~]$
[dadrian@platzhalter.gmbh@ip-10-0-9-244 ~]$ kinit dadrian@PLATZHALTER.GMBH
Password for dadrian@PLATZHALTER.GMBH:

zined

[dadrian@platzhalter.gmbh@ip-10-0-7-64 ~]$ klist
Ticket cache: KEYRING:persistent:818801110:krb_ccache_hPVo69Y
Default principal: dadrian@PLATZHALTER.GMBH

Valid starting       Expires              Service principal
07/22/2017 13:02:14  07/23/2017 13:02:14  krbtgt/PLATZHALTER.GMBH@PLATZHALTER.GMBH
	renew until 07/29/2017 13:02:14
[dadrian@platzhalter.gmbh@ip-10-0-7-64 ~]$ ssh $( hostname -f )
dadrian@platzhalter.gmbh@ip-10-0-7-64.platzhalter.gmbh's password:

zined

curl https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed --data @aws_saml_request.xml -H "Content-Type: application/soap+xml"  --verbose -o "saml.xml"