- chime:createapikey
- codepipeline:pollforjobs
- cognito-identity:getopenidtoken
- cognito-identity:getopenidtokenfordeveloperidentity
- cognito-identity:getcredentialsforidentity
- connect:getfederationtoken
- connect:getfederationtokens
- ecr:getauthorizationtoken
- [gamelift:requestuploadcredentials](https://docs.aws.amazon.com/gamelift/latest/apireference/API_Re
Rodrigo Montoro spookerlabs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Material for AWS Least Privilege Workshop Bsides 2022 | |
| bsidesLV2022 - Preparing machine before class | |
| https://www.evernote.com/shard/s320/sh/11d1d550-ef02-0a35-d918-f5a8c3929b2a/f9771c476dbcda85942fae426dc65987 | |
| bsidesLV2022 - Lab one - Configure and Playing with Cloudsplaining | |
| https://www.evernote.com/shard/s320/client/snv?noteGuid=5987d975-2f1f-3974-5aa9-4305b3d46f9d¬eKey=cbee06a12dd1268ce6b7d72fa9112ba8&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs320%2Fsh%2F5987d975-2f1f-3974-5aa9-4305b3d46f9d%2Fcbee06a12dd1268ce6b7d72fa9112ba8&title=bsidesLV2022%2B-%2BLab%2Bone%2B-%2B%2BConfigure%2Band%2BPlaying%2Bwith%2BCloudsplaining |
spookerlabs
/ AWS API calls that return credentials.md
Created
June 11, 2020 11:18
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
spookerlabs
/ StartLogging.xml
Created
May 12, 2019 10:51
— forked from Cyb3rWard0g/StartLogging.xml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.1"> | |
| <!-- Capture all hashes --> | |
| <HashAlgorithms>*</HashAlgorithms> | |
| <EventFiltering> | |
| <!-- Event ID 1 == Process Creation. Log all newly created processes except --> | |
| <ProcessCreate onmatch="exclude"> | |
| <Image condition="contains">splunk</Image> | |
| <Image condition="contains">btool.exe</Image> | |
| <Image condition="contains">SnareCore</Image> | |
| <Image condition="contains">nxlog</Image> |
spookerlabs
/ gist:d43bec75b5bf0c0557577b29b2204194
Created
January 7, 2019 20:43
— forked from tonyc/gist:1384523
Using strace and lsof
spookerlabs
/ certstream_watchdog_paypal.py
Created
January 7, 2019 02:56
— forked from PaulSec/certstream_watchdog_paypal.py
certstream utility to retrieve paypal and few other fraud keywords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import certstream | |
| keywords = ['paypal', 'paypol'] | |
| def extract_domains(domains): | |
| res = [] | |
| for domain in domains: | |
| for keyword in keywords: | |
| if keyword in domain: | |
| res.append(domain) |
spookerlabs
/ tweet_dumper.py
Created
January 7, 2019 02:55
— forked from PaulSec/tweet_dumper.py
A script to download all of a user's tweets into a csv
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # encoding: utf-8 | |
| import tweepy #https://github.com/tweepy/tweepy | |
| import csv | |
| #Twitter API credentials | |
| consumer_key = "" | |
| consumer_secret = "" | |
| access_key = "" |
spookerlabs
/ cheatsheet-elasticsearch.md
Created
October 18, 2018 03:19
— forked from ruanbekker/cheatsheet-elasticsearch.md
Elasticsearch Cheatsheet
(still a work-in-progress)
spookerlabs
/ bro-ids_logstash.conf
Created
August 28, 2018 17:40
— forked from mrlesmithjr/bro-ids_logstash.conf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bro-IDS Logstash parser | |
| # Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt | |
| #Logs being parsed: | |
| #app_stats.log | |
| #conn.log | |
| #dns.log | |
| #dpd.log | |
| #files.log | |
| #http.log |
spookerlabs
/ audit.rules
Last active
June 18, 2018 13:37
— forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ | |
| # | |
| # Linux Audit Daemon - Best Practice Configuration | |
| # /etc/audit/audit.rules | |
| # | |
| # Compiled by Florian Roth |