magnologan / waf-smoke-test.sh

Created April 15, 2025 20:47 — forked from ridjex/waf-smoke-test.sh

Lightweight Bash script to test basic WAF (Web Application Firewall) protections against common SQL injection and XSS payloads. Use this to quickly assess your web application’s surface against low-hanging injection vulnerabilities.

	#!/bin/bash

	# 🚀 Discover More: Testing Your Firewall in 60 Seconds: A Lightweight WAF Testing Script That Anyone Can Use
	# Learn how this script works and the best practices for WAF testing.
	# Read the full article here:
	# 👉 https://medium.com/@kochuraa/testing-your-firewall-in-60-seconds-a-lightweight-waf-testing-script-that-anyone-can-use-a7a725fefcb7

	# Safe WAF Tester Script
	# Usage: ./waf-smoke-test.sh <URL> [-o output.md] [-H "Header: Value"]
	# Examples:

magnologan / Dockerfile with Bad Security Practices.txt

Created May 8, 2024 14:21

	# Dockerfile with Bad Security Practices

	# 1. Using a root user to run the container
	FROM ubuntu:latest
	USER root

	# 2. Installing all tools with one command
	# This approach often installs more than needed, increasing attack surface
	RUN apt-get update && apt-get install -y \
	curl \

magnologan / mitre_attack_oneliners.sh

Created June 29, 2023 17:16 — forked from thomaspatzke/mitre_attack_oneliners.sh

MITRE ATT&CK oneliners

	# Requires: curl, jq

	# Download MITRE ATT&CK data from GitHub repository
	curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

	# List all ATT&CK object types
	jq -r '[ .objects[].type ] \| unique \| .[]' enterprise-attack.json

	# List all ATT&CK technique identifiers
	jq -r '[ .objects[] \| select(.type == "attack-pattern") \| .external_references[] \| select(.source_name == "mitre-attack") \| .external_id ] \| sort \| .[]' enterprise-attack.json

magnologan / Preparation to App Sec Engineer Interview and Questions

Created April 8, 2023 18:12 — forked from themoonofendor/Preparation to App Sec Engineer Interview and Questions

	- Threat Modelling / Code Review —

	Resources-for-Application-Security

	How to prepare for a security engineer interview by Eray Mitrani

	Security_Engineer_Interview_Questions by Tad Whitaker

	Security Engineer - Interview Questions by Namish

magnologan / windows_hardening.cmd

Created February 26, 2023 02:15 — forked from mackwage/windows_hardening.cmd

Script to perform some hardening of Windows OS

	:: Windows 10 Hardening Script
	:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
	:: Obligatory 'views are my own'. :)
	:: Thank you @jaredhaight for the Win Firewall config recommendations!
	:: Thank you @ricardojba for the DLL Safe Order Search reg key!
	:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
	:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
	:

magnologan / index.html

Created January 12, 2023 14:03 — forked from looselytyped/index.html

Containers in 3 weeks — Week 1 (nginx test file)

	<!DOCTYPE html>
	<html lang="en">
	<head>
	<!-- BLATANTLY STOLEN FROM https://getbootstrap.com/docs/4.1/examples/cover/ -->
	<title>Docker Workshop</title>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
	<style>
	/*

magnologan / Setup.md

Created January 12, 2023 14:02 — forked from looselytyped/Setup.md

Containers in 3 weeks - Set up

Containers in 3 weeks — Week 1/2 setup

Installation

You will need Docker installed! Here is a link to get you started. Proceed after you are done installing.

Warm up your engines!

magnologan / Security Conferences.md

Created November 3, 2022 09:29 — forked from guyru/Security Conferences.md

Security Conferences

A list of interesting conferences for vulnerability researchers. See also: https://twitter.com/i/lists/1543557448123957249

Name	Dates	Location	Site
DEF CON	10-13/08/2023	Las Vegas, USA	https://defcon.org/
Black Hat USA	09-10/08/2023	Las Vegas, USA	https://www.blackhat.com/
REcon	03-05/06/2023	Montreal, Canada	https://recon.cx/
OffensiveCon	19-20/05/2023	Berlin, Germany	https://www.offensivecon.org/

magnologan / cloudTrailEventNames.list

Created September 13, 2022 14:26 — forked from pkazi/cloudTrailEventNames.list

List of values for parameter EventName in AWS Cloudtrail events

	AbortDocumentVersionUpload
	AbortEnvironmentUpdate
	AbortMultipartUpload
	AbortVaultLock
	AcceptAccountMapping
	AcceptCertificateTransfer
	AcceptDelegate
	AcceptDirectConnectGatewayAssociationProposal
	AcceptFxPaymentCurrencyTermsAndConditions
	AcceptHandshake

magnologan / install-kubernetes-flannel-centos7.md

Created April 20, 2022 18:05 — forked from rkaramandi/install-kubernetes-flannel-centos7.md

Installing Kubernetes with the Flannel Network Plugin on CentOS 7

Install Prerequisites on ALL (Worker and Master) Nodes

Let's remove any old versions of Docker if they exist:

sudo yum remove docker \
                  docker-common \
                  docker-selinux \
                  docker-engine

Magno Logan magnologan

Containers in 3 weeks — Week 1/2 setup

Installation

Warm up your engines!

Security Conferences

Install Prerequisites on ALL (Worker and Master) Nodes