AWS Temporary Access Tokens

Originally posted over at Medium.com. Key management is a nightmare. It started with keys everywhere — then we all started sticking our keys, tokens, and break-glass passwords into a vault or password manager and rotating them accordingly. Storing secrets has become a business — but how do you manage AWS Read more…

Building My Site in Flask

This is a how-to for building simple sites in Flask. If you want a quick personal blog, I’d recommend deploying a pre-built WordPress instance on Google Cloud or AWS. In my case, I wanted to get a little more experience with Flask and general web development, so I built a Read more…

Steam Scanner

A small project to identify bot/malicious Steam accounts. The problem For context, Steam is a gaming marketplace serving 90M users. Users tie DRM games, in-game items, and digital currency to their accounts. Automated phishing of accounts via other steam profiles hasn’t so much been a rising, but persistent issue for Read more…

Simple LibSSH Detection

For those of you without off-the-shelf vulnerability scanners, try this simple bash script to detect libssh servers in your environment. Download: libssh_finder.sh # Specify which ports to check for SSH servers for port in 22 2022 2222 do # Substitute your target subnets and hosts for ip in 192.168.{0..10}.{0.255} do Read more…

LogRhythm to Slack Webhooks

Steps 1. Add a webhook to your Slack team. 2. Create your AIE alarm with fields that you want to pass to your webhook. 3. Create a powershell script accepting the fields as parameters: 4. Create the actions.xml manifest with the same parameters/fields: 5. Create your SmartResponse Plugin using the Read more…

F5 WAF Parser

Here is a LogRhythm regex parser that I use for F5 WAF syslog violations. This is for the actual WAF violations, not the L7 DDoS logs. Some of the tags are LogRhythm specific, but this can be easily modified for whatever SIEM you’d like. The LogRhythm field tags that I Read more…