Role-chaining to stay persistent in AWS environment

Says… you have access to iam or role, administrators are onto you and trying to remove your access by revoking roles, removing iam users you created, etc.. How do you persist? Here is one way to do it… Red team: Find a role in current account using aws iam list-roles with trust relationship set to arn:aws:iam::{current_accountid}:root and plug it in the script below. while [ 1 ]; \ do echo "[+] Acquiring new token using sts assume-role"; \ aws sts assume-role --role-arn arn:aws:iam::{accountid}:role/{roleid} --role-session-name test`date +'%s'` --duration 3600 | \ jq -r '.
Read more

S3 to Redshift with the help of AWS Glue :)

Sometimes the path to copy large amount of unsorted data from S3 to Redshift is a bit annoying. Recently I had to deal with large amount of unsorted JSON input log. These JSON come in with different attributes, tags, type, values and it was difficult to work out the schema without spending a great deal of time going through them manually or running script to pick up the logs, run some logic across to identify new fields etc…
Read more

Building minimal viable encrypted file sharing

Why another file sharing tool? Firefox send project was recently suspended due to malware abused. This sucks big time as I was literrally trying to advocate about it at work and that we could do better at file sharing on the very same day and was greeted with “Firefox send is down” message when trying to showcase it. I then spent that night looking into writing a terraform code to deploy firefox send in AWS… There were quite a few pieces.
Read more

Sheet 2 API!

Recently we needed a way to share the management of a lambda function with other team, the shared responsibility is to update a list of interesting patterns to trigger alerts on. This could potentially be done with a config file in the repository of the lambda function and redeploy the lambda function on every commit. With that said, i wanted to explore a simpler way to do it, especially when the other team is slighly less technical, the lambda function is not business critical and so sheet2api came about.
Read more

IP conversion tricks

Occasionally I need to bypass some dodgy filter to perform Server Side Request Forgery (SSRF). This could be useful in these instances. Example below is how you may be able to use this trick to bypass filters for the “magic cloud url” to get metadata of the server. Try curl http://2852039166/latest on an ec2 instance and see for yourself. And yes, in case you have not tried, you can even mix them up and shorten it by ignore 0, eg try ping 192.
Read more

Useful static apps! (Updated)

Sometimes i make static pages for single purpose and they can be quite useful so i will just leave them here For security Here is a simple page to show case some useful Content Security Policy (CSP) tricks for protecting apps from XSS https://cspdemo.surge.sh/. I find sharing this page and some explanation get buy in from developers a lot quicker. Here is my example to show why it is a good idea to host user’s provided content, especially ones where user has full control over, SSRF/proxied-pages in a completely separated domain.
Read more

Splunk trick

Index Time Sometimes we have logs that takes time to get ingested. When building an alert base off these logs, you may want to use index time instead of event time. This search is example when you want to “search for successful login from loginlog sourcetype where Ip address is included in the list of blocked IPs indexed in the last 120 minutes.” - Useful when we want to expand the search and see if the blocked ip managed to bruteforce their way into legit account previously.
Read more

Gnome extension - Argos

So just recently I got back on the Nix bandwagon and it has been an extremely smooth/enjoyable ride thanks to my trusty Galago Pro and the awesome PopOS that comes with it! ;) With that said, there are a few things I miss when i was using MacOSX and one of those is the awesome BitBar app! Then comes along Argos. This gnome extension project does exactly what i want and I have since created a couple of task menus with it to help with my day to day.
Read more

Sheets and script

Sometimes you have boring task such as scrolling through thousand lines of csv logs with TONS of columns and you have exhausted all your options using regex to help narrowing down things you are interested in, etc … and it becomes pretty annoying to scroll horizontally to read 50+ row while reading the truncated content in tiny cells (It may help if you have 50” with 4k resolution though). This is why i wrote this shitty piece of code to eh… help.
Read more

Android 8 root & cert

Recently i want to mess with some phone traffic so i took out my broken screen Pixel phone and decided to wipe it and use it for testing. After downloading the latest android 10 factory build and flash it to the phone via fastboot, It became apparent that the community hasn’t spent much time modding it and mounting /system as RW is still very alpha or doesnt work at all.
Read more