The following page contains my notes and links about the seminar we had @ Softuni on Vulnerability management in package dependencies at 31st of August 2021.
miglen
/ packagejson.py
Created
February 10, 2021 11:55
Dirty check for non existing public npm dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env python3 | |
| # https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/ | |
| # The following script finds all package.json files in the current dir and checks if there are referenced any | |
| # dependencies that no public package is available for, making your application vulnerable to supply-chain attack. | |
| # Simply run ./packagejson.py in your root repository direcotory. | |
| import json | |
| import requests | |
| from pathlib import Path | |
| import urllib.parse |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <opml version="1.0"> | |
| <head> | |
| <title>AWS RSS feeds 2019-04-22</title> | |
| </head> | |
| <body> | |
| <outline text="AWS" title="AWS"> | |
| <outline type="rss" text="Infrastructure & Automation" title="Infrastructure & Automation" xmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/feed/" htmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/"/> | |
| <outline type="rss" text="AWS Developer Blog" title="AWS Developer Blog" xmlUrl="http://feeds.feedburner.com/AwsDeveloperBlog" htmlUrl="https://aws.amazon.com/blogs/developer/"/> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Test and patch CVE-2021-3156 | |
| patch() { | |
| # Simple method to patch with yum | apt | |
| if command -v apt-get >/dev/null; then | |
| sudo apt-get update | |
| sudo apt-get install $1 | |
| elif command -v yum >/dev/null; then | |
| sudo yum updateinfo $1 |
miglen
/ iam_priviledge_escallation_deny_poilcy.json
Created
December 15, 2020 17:52
IAM Policy to deny API actions that could potentially allow privilege escalation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [{ | |
| "Sid": "DenyPriviledgeEscallationActions", | |
| "Effect": "Deny", | |
| "Action": [ | |
| "cloudformation:CreateStack", | |
| "codestar:AssociateTeamMember", | |
| "codestar:CreateProject", | |
| "codestar:CreateProjectFromTemplate", |
miglen
/ ec2-instance-prompt.sh
Last active
January 23, 2024 17:11
AWS EC2 Instance Prompt with EC2 ARN Instance Id Public IP Private IP Account Id Region and Instance Name Tag
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # description: EC2 Instance Prompt | |
| # author: Miglen Evlogiev <[email protected]> | |
| # | |
| # deployment: copy this file into /etc/profile.d/ec2-instance-prompt.sh | |
| # sudo wget https://gist.githubusercontent.com/miglen/e2e577b95acf1171a1853871737323ce/raw/ec2-instance-prompt.sh -P /etc/profile.d/ | |
| # sudo bash /etc/profile.d/ec2-instance-prompt.sh | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import datetime | |
| import requests | |
| from bs4 import BeautifulSoup | |
| """ | |
| The following script books specified sessions for | |
| tomorrow in flyefiet gym web app. | |
| """ |
miglen
/ web-servers.md
Created
March 9, 2019 15:40
— forked from willurd/web-servers.md
Big list of http static server one-liners
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000URL: http://overthewire.org/wargames/natas/ Type: Web
curl -s -u natas0:natas0 http://natas0.natas.labs.overthewire.org
The password is hidden in the source-code.
miglen
/ news-feeds-eradicator-linkedin.user.js
Last active
July 4, 2022 12:19
News Feed Eradicator for LinkedIn
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name News Feed Eradicator for LinkedIn | |
| // @namespace http://miglen.com/ | |
| // @version 0.5 | |
| // @description News Feed Eradicator for LinkedIn | |
| // @author Miglen Evlogiev ([email protected]) | |
| // @match https://www.linkedin.com/* | |
| // @grant none | |
| // @downloadURL https://gist.github.com/miglen/4f1bccf15b63944675d34149dff0bc3d/raw/news-feeds-eradicator-linkedin.user.js#.user.js | |
| // @updateURL https://gist.github.com/miglen/4f1bccf15b63944675d34149dff0bc3d/raw/news-feeds-eradicator-linkedin.user.js#.user.js |