daily

AWS credential_process There is a setting in the aws config that allows AWS to source the credentials externally. This can be super handy if you don’t want to store those as plain text things. It is called “credential process”. We can use this in conjunction with native openssl to give you a poor mans encrypted aws keys. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html First we will take the aws credentials and dump them to a temp file this is named key....

Virtualbox shared clipboard When using virtualbox it is pretty important that you are going to want to have a shared clipboard between your machine and the vm. This can be done for linux/kali linux by doing the following. Start VirtualBox. Start the host in question. Once the host has booted, click Devices | Insert Guest Additions CD Image. Open up a terminal window in the guest. Mount the CD-ROM with the command sudo mount /dev/cdrom /mnt....

pi-hole Well i had tried to use pi-hole before and it failed horribly. Tonight on the other hand, I just wiped a pi and installed an sdcard, ran a simple script and all the magic was done for me… So I guess I might have to use this after all…. I am also going to do some research on automating the maintaince of it to make sure the block lists are also up to date and whatnot....

fun with rsync Sometimes you jsut gotta back up files as clones, to another location. On a mac you have access to rsync and it is avaialbe in homebrew. brew install rsync wait for completion and then you are good to go. Alright so how about some commands.. copy from local to usb rsync -av /Users/$(whoami)/Documents/ /Volumes/1tb/backup/ copy from nas to usb rsync -av /Volumes/files/data/ /Volumes/1tb/backup/ mac will mount nas shares in the share name and then in volumes, so this is reliant on that mount being present when you want to pull something down from said nas....

books Everyone like to read things right? well I came across this list from palo alto earlier and it looks pretty promising. cybercanon.paloaltonetworks There area whole bunch of books in there raning from security to chaos engineering. Down the chaos engineering rabbit hole we go checkout this list of chaos engineering everything here awesome-chaos-engineering what is chaos engineering? It is using the ideas that the systems that we create now are so complex and dense....

nvidia fan settings Nvida gpu cards have firmware regulators in place that are OK with the cards running at 85c when they are under load. This is designed because of the assumption that the cards will only ever be under that kind of load for a short period. However when you want to run gpu’s at 100% utilization for an extended period it is often better to run these cards colder....

luks encryption lets create an encrypted container and toss some data in it… $ dd if=/dev/urandom of=test bs=1M count=100 $ cryptsetup luksFormat test #use password password $ cryptsetup luksOpen test tmp $ xxd -l 512 /dev/mapper/tmp # is random data at this point $ mkfs.ext4 /dev/mapper/tmp # use the same file system that is used by your system/device $ xxd -l 512 /dev/mapper/tmp # should no longer be random data $ cryptsetup luksClose tmp After it is created if we wanted to crack it with hashcat then we would just need to grab some header data and run it though...

Synology time machine “How_to_back_up_files_from_Mac_to_Synology_NAS_with_Time_Machine. This will let you p[lug in a usb drive to a synolgoy nas and then from there configure an AFP share that mac’s time machine software will find and then allow network backups. It is still on site so it isn’t totally secure and reliable. But it is a pretty good use of a 2tb drive and a NAS. The initial backup is kind of brutal but then anything after that should be a bit better and faster....

python http server simple startup of a python webserver for mac in your local directory: python2: python -m SimpleHTTPServer python3 with cgi: python -m http.server --cgi python3 normal: python3 -m http.server i mean what can go wrong here really?!? source: start-web-server-python-3

quick and dirty install of the aws cli sometimes you need to install the aws cli and you just need to get it done. I often use this when I am doing a bash install of it, for some kind of automation. #download it $ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip" #unzip it $ unzip awscli-bundle.zip #run it $ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws #if you dont have root you can run it here $ ....

setting up mac keyboards key repeat with a new laptop means that you need to make all the changes to all the things. One of the annoyances that I had was the key repeat. Yes you can change this in the gui but why would I want to do it there when I can do it in the terminal instead… # read what everything is set at $ defaults read -g InitialKeyRepeat $ defaults read -g KeyRepeat # write some new values to the things....

I love bagel and egg sandwiches and they are super easy to make with almost no cleanup. Bagel and egg sandwich the easy way(almost NO cleanup): as learned from watching a local bagel shop do it for a couple years. heat pan i think its a 12 or 16", melt butter/oil to coat even nonstick pan while pan is heating take bowl, crack two eggs and whip them together - add whatever spices you want, I usually add nothing once pan is sizzling (if you toss a drop of water in it it sizzles) pour in bowl of eggs toast bagel let cook until it is just about no longer runny, take a decently big spatula fold egg in half, and then fold into quarter, press down, cook one side until it is done enough for you then flip....

self signed certs Genning certs is always a pita, luckily I found a quick and easy way from the folks over at spiderlabs, to do it.. gen-self-signed-cert.sh #!/bin/bash openssl genrsa -out my.key 2048 openssl req -new -x509 -days 3650 -key my.key -out my.crt -subj "/"

curl redirects Sometimes you want to be able to follow a redirect chain to see what is going on.you can do that pretty easily with curl. Toss in your url and hit enter then follow the breadcrumbs. curl -v -L http://google.com 2>&1 | egrep "^> (Host:|GET)" $ curl -v -L http://google.com 2>&1 | egrep "^> (Host:|GET)" > GET http://google.com/ HTTP/1.1 > Host: google.com > GET http://www.google.com/ HTTP/1.1 > Host: www.google.com

Github releases There is a nice way to get the latest release from a github repo. as long as it gets tagged as release. I like to be able to pull down the latest version of a release for specific code in automated builds. This helps that. Use curl to get the JSON response for the latest release Use grep to find the line containing file URL Use cut and tr to extract the URL Use wget to download it...

git-secrets I came across this handy piece of software today, called git-secrets. It is made by awslabs and it acts as a git-hook that will stop you form doing stupid things. https://github.com/awslabs/git-secrets

#QMK animation Having a keyboard with an oled screen means that you can add things to it. This cute little bongo cat animations or other things. This lets you create all sorts of animations https://githubmemory.com/repo/AskMeAboutBirds/qmk-oled-animation-compressor

sql server I needed to connect to a sql db this morning and I didn’t have a client. Docker to the rescue! docker run -it mysql /bin/bash mysql -u <myuser> -p -h <myhost> <mydatabase> and done. when using the -p flag it will prompt you for the password instead of having it in the terminal. Simple easy and connected.

sudo make me a sandwich, then I’ll pwn your fridge Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user. wikipedia-sudo Let’s say that we have a folder named /luggage/. The luggage is carrying some incredibly valuable things. Rincewind and twoflower are two users who have been traveling with this luggage for sometime. Because, rincewind doesn’t want twoflower to read the octavo, but is fine if he looks at the camera, both which are located in the in the luggage....

netcat netcat can work like a portscanner. If it is the only tool that you have you make do. this is going to scan localhost across all of the ports nc -zv 127.0.0.1 1-65535