Packet Capture Notes

Wireshark Filter where the source ip is not 192.168.1.1 ip.src != 192.168.1.1 Filter where the destination ip is not 192.168.1.1 ip.dst != 192.168.1.1 Find packets with a string in them frame contains <thing to search> For example: frame contains google Resource: https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures Show hostnames Go to View -> Name Resolution -> Check the box next to Resolve Network Addresses Resource: https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark Filter TLS traffic ssl.record.version If you want to only show TLS v1....

June 15, 2020 · Jayson Grace

Shodan Cheatsheet

Sites with valid SSL certs ssl:"orgname" 200 Negative search This is used to specify things you don’t want to be appended to your search -"content" An example could be: ssl:"orgname" 200 -"nosniff" Look for patterns in html html:"Dashboard Jenkins" Search for a specific technology This example will find all sites that use Bootstrap http.component:bootstrap Jenkins: http.component:"jenkins" Resources: https://twitter.com/shodanhq/status/985964783089233920?lang=en https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6 Assets belonging to an organization org:"Name of Organization" That also return a 200 response code org:"Name of Organization" 200 Find CVE-2020-3452 org:"Name of Organization" 200 "Set-Cookie: webvpn;" Resource: https://twitter....

February 28, 2020 · Jayson Grace

Jira Cheatsheet

JQL Show tickets created by a user This will also show them in descending order, which will give you the most recently created issues first. reporter = <username> order by created DESC Query by project project = "Project Name" Find issues belonging to an inactive user reporter in (inactiveUsers()) Search via text text ~ "thing to search for" Searching for multiple criteria project = "Project Name" AND text ~ "something" Resource: https://community....

January 28, 2020 · Jayson Grace

Apache Cheatsheet

Log Responses Install the dump_io mod by running this as root: a2enmod dump_io Add these lines to the bottom of the /etc/apache2/apache2.conf file: LogLevel dumpio:trace7 DumpIOInput On DumpIOOutput On Restart the apache service to enact the changes: service apache2 restart View response data with this command: cat error.log | cut -f8- -d':' | egrep -v ' [0-9]+ bytes$' | grep -v '^$' | cut -c2- | sed 's/\\r\\n//' Run as an infinite loop:...

January 27, 2020 · Jayson Grace

Slack Cheatsheet

Search in conversation with a specific user in:@username <string to search for> Search in channel in:@channelname <string to search for> Resource: https://webapps.stackexchange.com/questions/103425/how-to-search-in-a-single-channel Keyboard Shortcuts Open search field COMMAND + g Create private channel w/ webhook Create a new private channel in slack Navigate to https://api.slack.com/apps and create a new app Navigate to https://api.slack.com/apps/YOURAPPID/incoming-webhooks Click Add New Webhook to Workspace Find the channel you created previously in the dropdown Click Allow Copy the Webhook URL and use it as needed

January 2, 2020 · Jayson Grace

Salt Notes

Secrets View secrets from master: salt '*' pillar.items Create key called mysecretkey on master: echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey" View secrets from minion: salt-call pillar.items Get a specific secret from a minion: salt-call pillar.get a-secret Resource: https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/ Directory structure There are two essential locations for salt related files (excluding service files): /etc/salt /srv/salt /etc/salt holds configuration files for the master and minion, as well as the keys for known minions....

December 2, 2019 · Jayson Grace

Pipelines Cheatsheet

Github Actions Get status of private action with bash Before running this command, you will need to create a Personal Access Token and set the env var PAT to its value. curl -u "$(git config user.name):${PAT}" \ -s "https://api.github.com/repos/username/somerepo/actions/workflows/someaction.yml/runs" | \ jq -r '.workflow_runs[0].status'time Resource: https://stackoverflow.com/questions/65953108/how-can-i-get-the-passing-failing-status-of-a-github-action-workflow Get latest commit hash with github actions # Set it: - name: Add SHORT_SHA env property with commit short sha run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV # Use it: - name: My step run: myscript ${SHORT_SHA} Resource: https://stackoverflow....

November 30, 2019 · Jayson Grace

LastPass CLI Cheatsheet

Login To get started, you have to login: lpass login <your email address> Look for passwords matching a string lpass show stringtomatch Get a password This will grab a password from LastPass via the cli. lpass show folder_name/name_of_password | grep -i password | awk -F ': ' '{print $2}'

November 20, 2019 · Jayson Grace

Kubernetes Cheatsheet

Kubectl List all applications and services kubectl get all Resource: https://coreos.com/tectonic/docs/latest/tutorials/sandbox/deleting-deployment.html#:~:text=Go%20to%20Workloads%20%3E%20Deployments.,Go%20to%20Routing%20%3E%20Services. List all pods kubectl get pods List all containers in all pods kubectl get pods -o='custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name' List all containers in a pod kubectl get pods $POD_NAME -o='custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name' Resource: https://serverfault.com/questions/873490/how-to-list-all-containers-in-kubernetes List pods in a namespace kubectl get pods -n <namespace> Get all pods running in all namespaces kubectl get pods --all-namespaces Get all container images kubectl get pods --all-namespaces -o=jsonpath="{..image} Get all container images filtered by pod label kubectl get pods --all-namespaces -o=jsonpath="{....

October 2, 2019 · Jayson Grace

AWS Security

Automated Scanning Tools These are tools that can be run by attackers or defenders to get a sense for all of the assets in an environment. Create audit user to use for running tools export AUDIT_IAM_USER="usr-security-audit" aws iam create-user --user-name ${AUDIT_IAM_USER} aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/SecurityAudit aws iam create-access-key --user-name ${AUDIT_IAM_USER} Be sure to create a profile in your ~/.aws/config and ~/....

October 2, 2019 · Jayson Grace