Skip to content

Instantly share code, notes, and snippets.

View cktricky's full-sized avatar
🏠
Working from home

Ken Johnson cktricky

🏠
Working from home
180 followers · 164 following
View GitHub Profile
@cktricky
cktricky / review_s3_buckets.py
Created January 25, 2017 17:11
Review S3 Bucket Policies
import boto3
import pprint
# MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK.
access_key_id = 'replace me'
secret_access_key = 'replace me'
'''
WORK IN PROGRESS, NOT COMPLETED
This file is used to review s3 bucket permissions and whether or not they are encrypted
@cktricky
cktricky / list_monitoring_configuration.py
Created January 30, 2017 00:58
List Configuration of Monitoring Services in AWS
import boto3
import pprint
pp = pprint.PrettyPrinter(indent=5, width=80, compact=False)
#http://docs.aws.amazon.com/general/latest/gr/rande.html
regions = ['us-east-1', 'us-west-2', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'eu-central-1', 'eu-west-1']
'''
@cktricky
cktricky / cloud_metadata.txt
Created October 18, 2018 04:34 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@cktricky
cktricky / course_info.md
Created April 7, 2020 20:45

Course Abstract:

Ready to take your bug hunting to a deeper level? Ever been tasked with reviewing actual source for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing this code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit developing individual secure code review techniques by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.

Course Objectives:

This course introduces security professionals and software developers to the nitty/gritty details of performing a code review. Specifically, the course will impart the following to attendees:

  • Code Revi