santrancisco

### Keybase proof

I hereby claim:

  * I am santrancisco on github.
  * I am santrancisco (https://keybase.io/santrancisco) on keybase.
  * I have a public key whose fingerprint is CC7C 67A8 A0E5 79FA 8ACB  6CAE CEA9 90A8 0EBA 8F5B

To claim this, I am signing this object:

santrancisco

# -*- mode: ruby -*-
# vi: set ft=ruby :

## Thanks to the discussion of various developers in this gist
## https://gist.github.com/andreptb/57e388df5e881937e62a#gistcomment-2346821
## Especially clement-igonet.

### How to get Windows10 with Edge official base image run with WinRM and RDP:
# To use Windows10-Edge vagrant you will first need to download https://aka.ms/msedge.win10.vagrant (this is now a zip file)
# Execute `vagrant box add ./MsEdge\ -\ Win10.box --name Win10-official` after unzip the file to add the box to our base image list

santrancisco

<html>
<body>please wait, loading...</body>
<script>
// Original code from Maxiosu ;) https://codepen.io/maxiosu/pen/gvJmgd?editors=0010
var query = "Symantec";
var sql =  "SELECT s.domain, s.issuer_cn, s.not_valid_after, s.not_valid_before "+
    "FROM ( "+
        "SELECT key, UNNEST(domains) AS domain, issuer_cn, not_valid_after, not_valid_before "+
        'FROM "b718232a-bc8d-49c0-9c1f-33c31b57cd88" '+
        "WHERE not_valid_before < NOW() AND not_valid_after > NOW() "+

santrancisco

#!/bin/bash
set -e

export DELETEONSYNC=true
export LOCALPATH=`perl -e 'use Cwd "abs_path";print abs_path(shift)' $1`
export REMOTEPATH=$3
export LOCALPATHLENGTH=${#LOCALPATH}
export REMOTESERVER=$2
export LISTEXT="$4"

santrancisco

package main

import (
	"context"
	"fmt"
	"log"
	"net/http"
	"os"
	"strings"
	"time"

santrancisco

#!/usr/bin/env python
"""
Very simple HTTP server in python to answer challenge request from slack server when create an event subscription
Usage::
    ./dummy-web-server.py [<port>]
Send a GET request::
    curl http://localhost
Send a HEAD request::
    curl -I http://localhost
Send a POST request::

santrancisco

gnu sed

masking out key,token,secret when reading a file to stdout - could be used as an alias to used for demo/presenting.

gsed -r -e "s/((key|token|secret)[^(:|=)]*(=|:)[\t| ]+?['|\"]?+)[^('|\"|$)]*('|\"|$)/\1xxxxxxxxxxx\4/g" ~/.aws/credentials

santrancisco

// Example of vulnerable code.
const express = require('express');
const router = express.Router();
const {
    exec
  } = require('child_process')
  const fs = require('fs')
  const uniqid = require('uniqid')
  const streamifier = require('streamifier');
  var magic = require('stream-mmmagic');

santrancisco

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "CTF check",
  "Resources": {
    "sg": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SSH Security Group",
        "SecurityGroupIngress": {
          "CidrIp": "0.0.0.0/0",

santrancisco

[^\\]\"> ?<[Ss]+[0-9]+>	0	Web	Medium	Certain
[^\\]"&gt; ?<[Ss]+[0-9]+>	0	Web	Medium	Certain