|
To perform a bulk whois lookup of a list of IP addresses use the following script: Bulk whois lookup while read ip; do if [ ! -z “$ip” ]; then echo -n “$ip – ” && whois $ip 2>/dev/null grep “Organization” -m 1; fi; done < ip_list.txt Example input (ip_list.txt) 172.217.8.206 172.217.8.203 172.217.8.266 151.101.65.67 Output . . . → Read More: Bulk Lookup Owner of IP Address Recently I needed to generate a list of all subnets across every AWS account in an organization. I’ve documented an easy way to achieve this Prerequisites Set up your aws config for multiple profiles (one for each account) [default] region=us-east-1 output=json [profile account1] role_arn = arn:aws:iam::XXXXXXXXXXXX:role/OrganizationAccountAccessRole source_profile = default region=us-east-1 output=json [profile account2] role_arn = . . . → Read More: List All Subnets Across Multiple AWS accounts/profiles Out of the box the aws s3 application is suppose to limit bandwidth by setting the “s3.max_bandwidth” option. Example: aws configure set default.s3.max_bandwidth 5MB/s Problem aws s3 sync is using more bandwidth than the ~/.aws/config file has specified. Replication Steps Run the following command to set a max bandwidth limit for the s3 application aws . . . → Read More: Limiting S3 Sync Bandwidth Recently I needed to confirm if an s3 bucket was indeed publicly writable (by trying to write to it from a different account). I decided to document how to confirm this for your organization. Prerequisites AWS CLI installed Two AWS accounts Account A – Has a bucket you suspect may be publicly writable Account B . . . → Read More: Testing Amazon S3 Bucket for Public Write Permissions This post covers how to install the telnet client from the command prompt on Windows 10. Run the following command: pkgmgr /iu:”TelnetClient” I wrote a quick shell script to cleanup old Jenkins builds. This will delete any build older than 30 days. #!/bin/bash # jenkins_delete_old_builds.sh # Author: Steve Stonebraker # Date: 8/5/2019 # Description: Deletes any build older than 30 days # Place in crontab # @daily /bin/bash -x /root/scripts/jenkins_cleanup.sh > /root/scripts/jenkins_cleanup.log find /var/lib/jenkins/jobs/*/builds/ -maxdepth 1 -mindepth . . . → Read More: Jenkins Cleanup Old Builds I came across a great article on detecting windows lateral movement and wanted to share it with everyone: CERT-EU Security Whitepaper 17-002 “Detecting Lateral Movements in Windows Infrastructure” https://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf To install Google Chrome using Powershell (headless install) run the following command from and Administrative PowerShell Prompt: $LocalTempDir = $env:TEMP; $ChromeInstaller = “ChromeInstaller.exe”; (new-object System.Net.WebClient).DownloadFile(‘http://dl.google.com/chrome/install/375.126/chrome_installer.exe’, “$LocalTempDir\$ChromeInstaller”); & “$LocalTempDir\$ChromeInstaller” /silent /install; $Process2Monitor = “ChromeInstaller”; Do { $ProcessesFound = Get-Process | ?{$Process2Monitor -contains $_.Name} | Select-Object -ExpandProperty Name; If ($ProcessesFound) { “Still running: $($ProcessesFound -join ‘, ‘)” . . . → Read More: Install Chrome using PowerShell Column Selection – Sublime Text 3 Selecting an entire column of text using Sublime Text 3 on a Mac can be frustrating. Here is how to do it the easy way! Legend ⌘ – Command ⇧ – Shift ⌃ – Control <- – Left Arrow -> – Right Arrow Instructions Follow these steps: ⌘ + . . . → Read More: Sublime Text 3 – Select Entire Column (Mac) Password Spraying Finding the source of Windows password spraying attacks can be daunting as the Event log does not provide the source IP of the machine making the calls. Windows Event Logs Ideally all of your Windows Event logs from your domain controllers should be going in to some type of SIEM. I will be . . . → Read More: Finding the Source of Windows Password Spraying Attacks |
|
|
Copyright © 2019 Brakertech - All Rights Reserved i can haz interweb |
|
