Cheat sheets, notes, random code bits, tutorials, and projects that I’m working on.

whoami
My name is Jayson, and I am a security researcher. I have worked as a penetration tester, tool developer, devops engineer, and system administrator. I successfully completed my BS-CS at UNM in the Summer of 2016, and am very happy to be done with school (for now). I am passionate about penetration testing, security tool development and automating offensive security work. I am also interested in APTs (Advanced Persistent Threats) and understanding the motivations behind nation-state-funded Malware....
Password Manager Cheatsheet
Keeper Install CLI client Get the latest version and install the appropriate package: AUTHOR='Keeper-Security' REPO_NAME='Commander' curl -s "https://api.github.com/repos/${AUTHOR}/${REPO_NAME}/releases/latest" \ | jq -r '.assets[].browser_download_url' Login to Keeper Run this command: keeper login When prompted, enter your email, then your TOTP, and finally your master password. Resource: https://docs.keeper.io/secrets-manager/commander-cli/using-commander/logging-in Get a password using its name This particular example will return the password for the entry called gmail.com in the vault: My Vault> find-password gmail....
Markdown Cheatsheet
Table of Contents You can use this site to generate the code for you. For example: ## Table of Contents - [Prerequisites](#prerequisites) - [Create](#create) --- ## Prerequisites * Stuff * Things --- ## Create * More stuff * More things Resource: https://stackoverflow.com/questions/11948245/markdown-to-create-pages-and-table-of-contents Add line break Simply add two spaces after the line that you want to break on. Resource: https://stackoverflow.com/questions/26626256/how-to-insert-a-line-break-br-in-markdown
JQ Cheatsheet
Loop over JSON array This example will print all of the values associated with the name key: sample='[{"name":"foo"},{"name":"bar"}]' for row in $(echo "${sample}" | jq -r '.[] | @base64'); do echo ${row} | base64 --decode | jq -r '.name' done Resource: https://www.starkandwayne.com/blog/bash-for-loop-over-json-array-using-jq/ Get object based on value of JSON variable $ jq '.[] | select(.location=="Stockholm")' json { "location": "Stockholm", "name": "Walt" } { "location": "Stockholm", "name": "Donald" } Resource: https://stackoverflow.com/questions/18592173/select-objects-based-on-value-of-variable-in-object-using-jq
ELK Cheatsheet
Elasticsearch Get version of ES curl http://localhost:9200/ Get all indices in a cluster curl http://localhost:9200/_aliases Get all indices in a cluster (pretty) curl http://localhost:9200/_aliases?pretty=true Show index creation time curl http://localhost:9200/_cat/indices?h=health,status,index,id,pri,rep,docs.count,docs.deleted,store.size,creation.date.string&v= Resource: https://stackoverflow.com/questions/17426521/list-all-indexes-on-elasticsearch-server Get number of docs in a cluster curl http://localhost:9200/_cat/count?v Get number of docs in an index curl http://localhost:9200/index/_count Get Roles This is where you can get answers to questions like “what do I have access to?” curl http://localhost:9200/_security/role Resource: https://www....
Azure Cheatsheet
Getting Started Install latest version of Azure CLI on Mac brew update && brew install azure-cli Resource: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos Install latest version of Azure CLI on Linux # YOLO curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash Resources: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0 Install PowerShell brew install --cask powershell-preview Run a powershell terminal with: pwsh-preview Update Powershell brew update brew upgrade powershell-preview --cask Uninstall Powershell brew uninstall --cask powershell sudo rm -rf /usr/local/bin/pwsh-preview /usr/local/microsoft/powershell Resource: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1...
Javascript Cheatsheet
Submit a POST request via a form without reloading the page As an added bonus, this will also print the response output to the DOM. <!DOCTYPE html> <html lang="en"> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> <script> $(document).ready(function () { // Create a compute node for the specified email and return its public IP address function createCompute() { // Handle the POST request and subsequent response data $.ajax({ type: "POST", email: $("#email").val(), url: "https://awesomeendpoint.com?email=" + $("#userEmail")....
Terraform Cheatsheet
Installation on Ubuntu 20.04 sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install -y terraform # Verify it works terraform -v Resource: https://learn.hashicorp.com/tutorials/terraform/install-cli Commands This is used to download and configure providers in your terraform code: terraform init Resource: https://learn.hashicorp.com/tutorials/terraform/eks Reconfigure state If you need to reconfigure your state, run the following:...
IDA Cheatsheet
Find a string Alt+b Once you’ve done this, be sure to encase the string you want to find in “”. For example: "string to find" Open breakpoints window Ctrl + Alt + b Preset breakpoints Click Debugger Debugger options… Set specific options Check the box next to preset BPTs Click OK Debug Android Activity Find an activity in a package that you want to look at Click Debugger -> Debugger options -> Set specific options Set the ADB executable (you can find this with which adb) Click Fill from AndroidManifest....
Packet Capture Notes
Wireshark Filter where the source ip is not 192.168.1.1 ip.src != 192.168.1.1 Filter where the destination ip is not 192.168.1.1 ip.dst != 192.168.1.1 Find packets with a string in them frame contains <thing to search> For example: frame contains google Resource: https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures Show hostnames Go to View -> Name Resolution -> Check the box next to Resolve Network Addresses Resource: https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark Filter TLS traffic ssl.record.version If you want to only show TLS v1....