Alex Chantavy achantavy
achantavy
/ shai-hulud-2025-11-24.cypher
Last active
November 24, 2025 23:52
https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24 | |
| WITH [ | |
| { name: 'cbre-flow-common', version: '99.2.0' }, | |
| { name: 'cbre-flow-common', version: '99.3.0' }, | |
| { name: 'cbre-flow-common', version: '99.4.0' }, | |
| { name: 'cbre-flow-common', version: '99.5.0' }, | |
| { name: 'cbre-flow-common', version: '99.6.0' }, | |
| { name: '@asyncapi/diff', version: '0.5.2' }, | |
| { name: '@asyncapi/avro-schema-parser', version: '3.0.26' }, | |
| { name: '@asyncapi/markdown-template', version: '1.6.8' }, |
achantavy
/ cartography-worktree-review-setup.sh
Created
November 10, 2025 22:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Option 1: for forks | |
| git rev-parse --is-bare-repository | |
| # must return 'true' for this to work | |
| CONTRIB_USER=github_username_goes_here | |
| CONTRIB_BRANCH=pr_branch_name_goes_here # the stuff right of the ':' | |
| git remote add $CONTRIB_USER [email protected]:${CONTRIB_USER}/cartography.git | |
| git fetch $CONTRIB_USER |
achantavy
/ unifi_cartography.py
Created
November 5, 2025 05:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from unificontrol import UnifiClient | |
| from typing import Any | |
| from typing import Dict | |
| from typing import List | |
| from cartography.client.core.tx import load_graph_data | |
| from dataclasses import dataclass | |
| import neo4j | |
| from neo4j import GraphDatabase |
achantavy
/ supply-chain.cypher
Created
October 1, 2025 16:33
supply-chain-npm-chalk-debug-shaihulud
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TODO: Adapt to show the _FULL_ list here: https://github.com/Cobenian/shai-hulud-detect/blob/main/compromised-packages.txt | |
| WITH [ | |
| { name: 'ansi-regex', version: '6.2.1' }, | |
| { name: 'ansi-styles', version: '6.2.2' }, | |
| { name: 'backslash', version: '0.2.1' }, | |
| { name: 'chalk', version: '5.6.1' }, | |
| { name: 'chalk-template', version: '1.1.1' }, | |
| { name: 'color-convert', version: '3.1.1' }, | |
| { name: 'color-name', version: '2.0.1' }, |
achantavy
/ cartography-npm-debug-chalk.cypher
Created
September 8, 2025 20:54
cartography-query-to-find-npm-debug-and-chalk-supply-chain-compromised-packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised | |
| // Note: this is a starting point. Verify with the version numbers in the article above. | |
| // You can update the WHERE clause below with `d.requirements CONTAINS "x.y.z"` | |
| MATCH (d:Dependency)--(r:GitHubRepository) | |
| WHERE d.ecosystem = 'npm' | |
| AND d.name IN ['backslash','chalk-template','supports-hyperlinks','has-ansi','simple-swizzle','color-string','error-ex','color-name','is-arrayish','slice-ansi','color-convert','wrap-ansi','ansi-regex','supports-color','strip-ansi','chalk','debug','ansi-styles'] | |
| RETURN d.name, d.requirements, d.manifest_file, r.id |
achantavy
/ dangling-eips.cypher
Created
June 16, 2023 19:31
Find dangling elastic IPs with cartography
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // github.com/lyft/cartography | |
| // Get all A records | |
| MATCH (dns:AWSDNSRecord{type:"A"}) | |
| // See which ones map to EIPs that are in our inventory | |
| OPTIONAL MATCH (e:ElasticIPAddress{id: dns.value}) | |
| // Do some data massaging, variable renaming | |
| WITH dns.name AS dns_name, dns.value AS dns_value, e.id AS eip | |
| // Return only DNS names that **don't** map back to an EIP that we know about |
achantavy
/ sync_multiple_accounts_sketch.py
Last active
June 30, 2022 00:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for profile_name, account_id in accounts.items(): | |
| logger.info("Syncing AWS account with ID '%s' using configured profile '%s'.", account_id, profile_name) | |
| common_job_parameters["AWS_ID"] = account_id | |
| boto3_session = boto3.Session(profile_name=profile_name) | |
| _autodiscover_accounts(neo4j_session, boto3_session, account_id, sync_tag, common_job_parameters) | |
| try: | |
| _sync_one_account( | |
| neo4j_session, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static_resources: | |
| listeners: | |
| - name: www | |
| address: | |
| socket_address: | |
| address: 0.0.0.0 | |
| port_value: 10000 | |
| filter_chains: | |
| - filters: | |
| - name: envoy.filters.network.http_connection_manager |
achantavy
/ aws_access_key_fix_sketch.py
Created
July 8, 2020 22:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change [this](https://github.com/lyft/cartography/blob/4a60653d5f343c95867e198d8c43b05e049f35b4/cartography/intel/aws/iam.py#L625-L631) | |
| # to this: | |
| for name in usernames; | |
| account_access_key = get_account_access_key_data(boto3_session, name) | |
| load_user_access_keys(neo4j_session, account_access_key, aws_update_tag) | |
| run_cleanup_job( | |
| 'aws_import_account_access_key_cleanup.json', | |
| neo4j_session, | |
| common_job_parameters, |
achantavy
/ graphql-cartography-sketch.py
Created
July 7, 2020 22:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| query = """ | |
| query($login: String!, $after: String) { | |
| organization(login: $login) | |
| { | |
| membersWithRole(first:100, after: $after){ | |
| edges { | |
| cursor | |
| hasTwoFactorEnabled | |
| node { | |
| login |