Android Security Notes

Reverse Engineering Methodology Use jadx (used to analyze java bytecode) to disassemble an APK. Another great tool is Apktool Terminology Activity Something a user “touches” What launches when you tap the application icon Service Long running process that runs in the background An example of this is spotify - you listen to music while doing stuff on other apps Intent Used to facilitate communications between different Android objects A message that states that you did or want something to happen For example, this could be something like the phone ringing, or receiving an SMS message Intents are used to start activities and services or deliver a brodcast message Intent Receiver Respond to input, which could be something like an SMS message, losing WiFi, etc....

July 3, 2020 · Jayson Grace

Packet Capture Notes

Wireshark Filter where the source ip is not 192.168.1.1 ip.src != 192.168.1.1 Filter where the destination ip is not 192.168.1.1 ip.dst != 192.168.1.1 Find packets with a string in them frame contains <thing to search> For example: frame contains google Resource: https://www.cellstream.com/reference-reading/tipsandtricks/431-finding-text-strings-in-wireshark-captures Show hostnames Go to View -> Name Resolution -> Check the box next to Resolve Network Addresses Resource: https://unix.stackexchange.com/questions/390852/how-to-filter-by-host-name-in-wireshark Filter TLS traffic ssl.record.version If you want to only show TLS v1....

June 15, 2020 · Jayson Grace

Shodan Cheatsheet

Sites with valid SSL certs ssl:"orgname" 200 Negative search This is used to specify things you don’t want to be appended to your search -"content" An example could be: ssl:"orgname" 200 -"nosniff" Look for patterns in html html:"Dashboard Jenkins" Search for a specific technology This example will find all sites that use Bootstrap http.component:bootstrap Jenkins: http.component:"jenkins" Resources: https://twitter.com/shodanhq/status/985964783089233920?lang=en https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6 Assets belonging to an organization org:"Name of Organization" That also return a 200 response code org:"Name of Organization" 200 Find CVE-2020-3452 org:"Name of Organization" 200 "Set-Cookie: webvpn;" Resource: https://twitter....

February 28, 2020 · Jayson Grace

Jira Cheatsheet

JQL Show tickets created by a user This will also show them in descending order, which will give you the most recently created issues first. reporter = <username> order by created DESC Query by project project = "Project Name" Find issues belonging to an inactive user reporter in (inactiveUsers()) Search via text text ~ "thing to search for" Searching for multiple criteria project = "Project Name" AND text ~ "something" Resource: https://community....

January 28, 2020 · Jayson Grace

Apache Cheatsheet

Log Responses Install the dump_io mod by running this as root: a2enmod dump_io Add these lines to the bottom of the /etc/apache2/apache2.conf file: LogLevel dumpio:trace7 DumpIOInput On DumpIOOutput On Restart the apache service to enact the changes: service apache2 restart View response data with this command: cat error.log | cut -f8- -d':' | egrep -v ' [0-9]+ bytes$' | grep -v '^$' | cut -c2- | sed 's/\\r\\n//' Run as an infinite loop:...

January 27, 2020 · Jayson Grace

Slack Cheatsheet

Search in conversation with a specific user in:@username <string to search for> Search in channel in:@channelname <string to search for> Resource: https://webapps.stackexchange.com/questions/103425/how-to-search-in-a-single-channel Keyboard Shortcuts Open search field COMMAND + g Create private channel w/ webhook Create a new private channel in slack Navigate to https://api.slack.com/apps and create a new app Navigate to https://api.slack.com/apps/YOURAPPID/incoming-webhooks Click Add New Webhook to Workspace Find the channel you created previously in the dropdown Click Allow Copy the Webhook URL and use it as needed

January 2, 2020 · Jayson Grace

Salt Notes

Secrets View secrets from master: salt '*' pillar.items Create key called mysecretkey on master: echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey" View secrets from minion: salt-call pillar.items Get a specific secret from a minion: salt-call pillar.get a-secret Resource: https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/ Directory structure There are two essential locations for salt related files (excluding service files): /etc/salt /srv/salt /etc/salt holds configuration files for the master and minion, as well as the keys for known minions....

December 2, 2019 · Jayson Grace

Pipelines Cheatsheet

Github Actions Get status of private action with bash Before running this command, you will need to create a Personal Access Token and set the env var PAT to its value. curl -u "$(git config user.name):${PAT}" \ -s "https://api.github.com/repos/username/somerepo/actions/workflows/someaction.yml/runs" | \ jq -r '.workflow_runs[0].status'time Resource: https://stackoverflow.com/questions/65953108/how-can-i-get-the-passing-failing-status-of-a-github-action-workflow Get latest commit hash with github actions # Set it: - name: Add SHORT_SHA env property with commit short sha run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV # Use it: - name: My step run: myscript ${SHORT_SHA} Resource: https://stackoverflow....

November 30, 2019 · Jayson Grace

Kubernetes Cheatsheet

Kubectl List all applications and services kubectl get all Resource: https://coreos.com/tectonic/docs/latest/tutorials/sandbox/deleting-deployment.html#:~:text=Go%20to%20Workloads%20%3E%20Deployments.,Go%20to%20Routing%20%3E%20Services. List all pods kubectl get pods List all containers in all pods kubectl get pods -o='custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name' List all containers in a pod kubectl get pods $POD_NAME -o='custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name' Resource: https://serverfault.com/questions/873490/how-to-list-all-containers-in-kubernetes List pods in a namespace kubectl get pods -n <namespace> Get all pods running in all namespaces kubectl get pods --all-namespaces Get all container images kubectl get pods --all-namespaces -o=jsonpath="{..image} Get all container images filtered by pod label kubectl get pods --all-namespaces -o=jsonpath="{....

October 2, 2019 · Jayson Grace

AWS Security

Automated Scanning Tools These are tools that can be run by attackers or defenders to get a sense for all of the assets in an environment. Create audit user to use for running tools export AUDIT_IAM_USER="usr-security-audit" aws iam create-user --user-name ${AUDIT_IAM_USER} aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/SecurityAudit aws iam create-access-key --user-name ${AUDIT_IAM_USER} Be sure to create a profile in your ~/.aws/config and ~/....

October 2, 2019 · Jayson Grace