Austin Songer, CISSP austinsonger
🙃
Removing a specific USB device (like a flash drive or security key) triggers an immediate shutdown. It combines the following:
- A launch daemon that monitors USB devices
- A script that checks if your specific USB is still connected
- A shutdown command if it disappears
- Edit the DEVICE_NAME at the top of the script to match your USB stick (use system_profiler SPUSBDataType).
austinsonger
/ kick-auth.js
Last active
May 2, 2025 03:24
— forked from ACPixel/demo-kick-auth.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const express = require("express"); | |
| const crypto = require("crypto"); | |
| const router = express.Router(); | |
| //Put your scopes here | |
| const KICK_SCOPES = [ | |
| "user:read", | |
| "channel:read", | |
| "channel:write", | |
| "chat:write", |
austinsonger
/ poc.md
Last active
March 6, 2025 23:03
Proof of Concept - Script Change & Tamper Detection for Webpages using Hono [PCI DSS 4.0.1 - 11.6.1 | HIPAA -164.312(c)(1) | FedRAMP SI-7, SI-4, CM-3, AU-2 | SOC 2 - CC7.1, CC7.2, CC6.6]
This solution provides a fully automated AWS-native mechanism to monitor, detect, and alert on unauthorized changes to page scripts. It leverages AWS CloudFront, Lambda@Edge, and the Hono framework to seamlessly enforce content integrity and real-time monitoring for scripts that are served as part of processing pages.
✨ Key Features
| Feature | Description |
|---|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| prefFile="$(readlink -f "/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Preferences.xml")" | |
| echo "Please go to https://plex.tv/claim in order to obtain a new claim-code, then type it below" | |
| echo -n "Claim Code: " | |
| read PLEX_CLAIM | |
| clientId=$(sed -n 's/.*ProcessedMachineIdentifier="\(\S*\)".*/\1/p' "${prefFile}") |
austinsonger
/ autoLabelPhishingEmails.gs
Last active
February 6, 2025 03:00
LABEL POSSIBLE PHISHING ATTEMPTS IN GOOGLE EMAIL (Google App Script) [REQUIRES: Gmail API + Trigger Every 1 Hour]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function autoLabelEmails() { | |
| const labelRules = [{ | |
| label: "POSSIBLE PHISHING ATTEMPT", | |
| subjectContains: [ | |
| // Security & Account Alerts | |
| "Suspicious Login Attempt Detected", "Your Account Has Been Compromised!", "Unusual Activity on Your Account", | |
| "Security Alert: Immediate Action Required", "We Detected Unauthorized Access", "Your Password Has Expired – Reset Now", | |
| "Account Locked Due to Multiple Failed Login Attempts", "Confirm Your Identity to Continue Using Your Account", | |
| "Important Security Update Required", "Verify Your Account Before It's Disabled", | |
| // Banking & Financial Scams |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from datetime import datetime | |
| import subprocess | |
| import json | |
| import logging | |
| # Configure logging | |
| logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') | |
| logger = logging.getLogger(__name__) |
austinsonger
/ merge-md.py
Last active
January 2, 2025 20:39
Merges all Markdown files found in the root directory and its subdirectories into a single output file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import glob | |
| import argparse | |
| # Define a default root directory constant | |
| DEFAULT_ROOT_DIR = "<PLACEHOLDER>" | |
| def merge_markdown_files(root_dir, output_file): | |
| """ | |
| Merges all Markdown files found in the root directory and its subdirectories into a single output file. |
austinsonger
/ merge.py
Last active
January 2, 2025 20:24
Extracts all code from all files and creating a markdown file that consolidates all the code.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| def create_markdown_from_directory(root_directory, output_markdown): | |
| """ | |
| Walks through a directory and subdirectories, extracting code from all files | |
| and creating a markdown file that consolidates all the code. | |
| Parameters: | |
| root_directory (str): The root directory to traverse. | |
| output_markdown (str): The path to the output markdown file. |
austinsonger
/ Elasticsearch user settings and extensions
Last active
December 31, 2024 16:28
Elastic SSO
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xpack.security.authc.realms.saml.cloud-saml: | |
| order: 2 | |
| attributes.principal: "nameid" | |
| attributes.groups: "groups" | |
| idp.metadata.path: "https://<PLACEHOLDER>.com//sso/saml/metadata" | |
| idp.entity_id: "http://www.<PLACEHOLDER>.com/<PLACEHOLDER>" | |
| sp.entity_id: "https://<PLACEHOLDER>.kb.us-east-1.aws.found.io:9243/" | |
| sp.acs: "https://<PLACEHOLDER>.kb.us-east-1.aws.found.io:9243/api/security/v1/saml" | |
| sp.logout: "https://<PLACEHOLDER>.kb.us-east-1.aws.found.io:9243/logout" |
NewerOlder