daily

ssm rate limiting I was spending a little bit of time trying to scrape some ssm stuff and i figured out that there seems to be a “feature” built in to ssm that doesn’t let you do too many describes. AWS will complain and say NO BUENO if you do it to often. aws ssm describe-parameters | jq '.Parameters[]| "\(.Name) \(.Type)"' An error occurred (ThrottlingException) when calling the DescribeParameters operation (reached max retries: 2): Rate exceeded I thought that was kind of a nice thing to stop people from describe everythign too often....

using multiple .gitconfig There is a neat feature in .gitconfig that will allow you to use uniueq gitconfig depending on the folder structure that you have. For example add this to your global gitconfig: This is assuming that ~/github has one org of repos, and ~/git has another, much lke personal and corporate git repos [includeIf "gitdir:~/git/"] path = ~/git/.gitconfig [includeIf "gitdir:~/github/"] path = ~/github/.gitconfig Then if you add this is the correpsonding location, the user name/email will be different in each folder structure....

BFG local cleanup This is a thing that you can do to clean up your local git repo AFTER doing a commit and before pushing to origin. PREWORK Download BFG.jar https://rtyley.github.io/bfg-repo-cleaner/ https://repo1.maven.org/maven2/com/madgag/bfg/1.13.0/bfg-1.13.0.jar Create directory structure mkdir -p ~/.binaries/ Move BFG into place, chmod it mv bfg-1.13.0.jar ~/.binaries/ && chmod 777 ~/.binaries/bfg-1.13.0.jar setup BASH_PROFILE echo 'alias bfg="java -jar ~/.binaries/bfg-1.13.0.jar"' >> ~/.bash_profile echo "export PATH=/Users/$(whoami)/.binaries:$PATH" >> ~/.bash_profile source it source ~/....

Turn off signed aps in mac I don’t want the security warning for unsigned apps. You can do this with this command on a mac. sudo spctl --master-disable This is terrible and prolly shouldn’t be done, but you know sometimes you need to. You can also yank things out of quarantine with this xattr -r -d com.apple.quarantine /path/to/dir

AWS credential_process There is a setting in the aws config that allows AWS to source the credentials externally. This can be super handy if you don’t want to store those as plain text things. It is called “credential process”. We can use this in conjunction with native openssl to give you a poor mans encrypted aws keys. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html First we will take the aws credentials and dump them to a temp file this is named key....

Virtualbox shared clipboard When using virtualbox it is pretty important that you are going to want to have a shared clipboard between your machine and the vm. This can be done for linux/kali linux by doing the following. Start VirtualBox. Start the host in question. Once the host has booted, click Devices | Insert Guest Additions CD Image. Open up a terminal window in the guest. Mount the CD-ROM with the command sudo mount /dev/cdrom /mnt....

pi-hole Well i had tried to use pi-hole before and it failed horribly. Tonight on the other hand, I just wiped a pi and installed an sdcard, ran a simple script and all the magic was done for me… So I guess I might have to use this after all…. I am also going to do some research on automating the maintaince of it to make sure the block lists are also up to date and whatnot....

fun with rsync Sometimes you jsut gotta back up files as clones, to another location. On a mac you have access to rsync and it is avaialbe in homebrew. brew install rsync wait for completion and then you are good to go. Alright so how about some commands.. copy from local to usb rsync -av /Users/$(whoami)/Documents/ /Volumes/1tb/backup/ copy from nas to usb rsync -av /Volumes/files/data/ /Volumes/1tb/backup/ mac will mount nas shares in the share name and then in volumes, so this is reliant on that mount being present when you want to pull something down from said nas....

books Everyone like to read things right? well I came across this list from palo alto earlier and it looks pretty promising. cybercanon.paloaltonetworks There area whole bunch of books in there raning from security to chaos engineering. Down the chaos engineering rabbit hole we go checkout this list of chaos engineering everything here awesome-chaos-engineering what is chaos engineering? It is using the ideas that the systems that we create now are so complex and dense....

nvidia fan settings Nvida gpu cards have firmware regulators in place that are OK with the cards running at 85c when they are under load. This is designed because of the assumption that the cards will only ever be under that kind of load for a short period. However when you want to run gpu’s at 100% utilization for an extended period it is often better to run these cards colder....

luks encryption lets create an encrypted container and toss some data in it… $ dd if=/dev/urandom of=test bs=1M count=100 $ cryptsetup luksFormat test #use password password $ cryptsetup luksOpen test tmp $ xxd -l 512 /dev/mapper/tmp # is random data at this point $ mkfs.ext4 /dev/mapper/tmp # use the same file system that is used by your system/device $ xxd -l 512 /dev/mapper/tmp # should no longer be random data $ cryptsetup luksClose tmp After it is created if we wanted to crack it with hashcat then we would just need to grab some header data and run it though...

docker powershell To prove a point i went out and foudn that there is a microsoft supported docker image for powershell. dockerhub - microsoft this means that running a mac, you can run docker that runs linux and then will let you run powershell.. You must go deeper… ha instant pot dragon head instant pots are pretty rad and there is this little thingverse that will let you have a dragon head for your instant pot, you just need to make sure that you print it with pla so that it does not instamelt when you are releasing the steam dragon head

Systemd restarting A while ago I had a service that would need to be restarted after it had a cool down of about 2 hours… I had a stanza that stated Restart=always RestartSec=7200 which was cool because it would just autorestart when it died. At the time the restart would work just fine after the cooldown. The catch that I ran in to was because of that timer, if I logged in and tried to start it when it was in a failed state, the service would hang....

Outlook is terrible Yes outlook is horrible but when you have to use it, its nice to be able to set defaults that don’t annoy others. One such is the default reminder for the calendar… Most of the time reminders aren’t useful unless they are used sparingly. Let turn them off. change-the-default-reminder-time tick stack and grafana i like the tick stack and it can be useful for a number of things, here is a brief overview of it....

Bash ctrl+r Bash has a special “recall” mode you can use to search for commands you’ve previously run: Ctrl+R: Recall the last command matching the characters you provide. Press this shortcut and start typing to search your bash history for a command. Ctrl+O: Run a command you found with Ctrl+R. Ctrl+G: Leave history searching mode without running a command. keyboard-shortcuts-for-bash-command-shell

Systemd restart policy sometimes services die. sometimes there is not a better option because of the situatuion that you are in, and you just need to wait it out and then restart the service… I know it isn’t ideal and that there should be better ways around having to do this but hey ¯_(ツ)_/¯ [Service] Type=simple Restart=always RestartSec=3 ExecStart=/path/to/script In my case I needed to wait it out and restart the service 2 hours after it died....

Splunk HTTP collector python script Hey the http collector is awesome so let use it in python to send things to stuff… This is going to just take a dictionary as event data and then pass that to the http collector using only the request library . You will need to have a collector enabled for splunk and a token generated. #!/usr/bin/env python import time import requests import urllib3 ##turns off the warning that is generated below because using self signed ssl cert urllib3....

Synology time machine “How_to_back_up_files_from_Mac_to_Synology_NAS_with_Time_Machine. This will let you p[lug in a usb drive to a synolgoy nas and then from there configure an AFP share that mac’s time machine software will find and then allow network backups. It is still on site so it isn’t totally secure and reliable. But it is a pretty good use of a 2tb drive and a NAS. The initial backup is kind of brutal but then anything after that should be a bit better and faster....

python http server simple startup of a python webserver for mac in your local directory: python2: python -m SimpleHTTPServer python3 with cgi: python -m http.server --cgi python3 normal: python3 -m http.server i mean what can go wrong here really?!? source: start-web-server-python-3

quick and dirty install of the aws cli sometimes you need to install the aws cli and you just need to get it done. I often use this when I am doing a bash install of it, for some kind of automation. #download it $ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" #unzip it $ unzip awscli-bundle.zip #run it $ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws #if you dont have root you can run it here $ ....