AWS Temporary Access Tokens
Originally posted over at Medium.com. Key management is a nightmare. It started with keys everywhere — then we all started sticking our keys, tokens, and break-glass passwords into a vault or password manager and rotating them accordingly. Storing secrets has Read more…
Building My Site in Flask
This is a how-to for building simple sites in Flask. If you want a quick personal blog, I’d recommend deploying a pre-built WordPress instance on Google Cloud or AWS. In my case, I wanted to get a little more experience Read more…
Steam Scanner
A small project to identify bot/malicious Steam accounts. The problem For context, Steam is a gaming marketplace serving 90M users. Users tie DRM games, in-game items, and digital currency to their accounts. Automated phishing of accounts via other steam profiles Read more…
Simple LibSSH Detection
For those of you without off-the-shelf vulnerability scanners, try this simple bash script to detect libssh servers in your environment. Download: libssh_finder.sh # Specify which ports to check for SSH servers for port in 22 2022 2222 do # Substitute Read more…
SSH Tunneling & Network Pivoting
Overview Here are some examples for how to tunnel via SSH and pivot within a network. Hopefully this clears up any questions you might have. If you just want the syntax for SSH tunneling; here you go: The goal of Read more…
LogRhythm to Slack Webhooks
Steps 1. Add a webhook to your Slack team. 2. Create your AIE alarm with fields that you want to pass to your webhook. 3. Create a powershell script accepting the fields as parameters: 4. Create the actions.xml manifest with Read more…
F5 WAF Parser
Here is a LogRhythm regex parser that I use for F5 WAF syslog violations. This is for the actual WAF violations, not the L7 DDoS logs. Some of the tags are LogRhythm specific, but this can be easily modified for Read more…