Sites with valid SSL certs ssl:"orgname" 200 Negative search This is used to specify things you don’t want to be appended to your search -"content" An example could be: ssl:"orgname" 200 -"nosniff" Look for patterns in html html:"Dashboard Jenkins" Search for a specific technology This example will find all sites that use Bootstrap http.component:bootstrap Jenkins: http.component:"jenkins" Resources: https://twitter.com/shodanhq/status/985964783089233920?lang=en https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6 Assets belonging to an organization org:"Name of Organization" That also return a 200 response code org:"Name of Organization" 200 Find CVE-2020-3452 org:"Name of Organization" 200 "Set-Cookie: webvpn;" Resource: https://twitter....

JQL Show tickets created by a user This will also show them in descending order, which will give you the most recently created issues first. reporter = <username> order by created DESC Query by project project = "Project Name" Find issues belonging to an inactive user reporter in (inactiveUsers()) Search via text text ~ "thing to search for" Searching for multiple criteria project = "Project Name" AND text ~ "something" Resource: https://community....

Log Responses Install the dump_io mod by running this as root: a2enmod dump_io Add these lines to the bottom of the /etc/apache2/apache2.conf file: LogLevel dumpio:trace7 DumpIOInput On DumpIOOutput On Restart the apache service to enact the changes: service apache2 restart View response data with this command: cat error.log | cut -f8- -d':' | egrep -v ' [0-9]+ bytes$' | grep -v '^$' | cut -c2- | sed 's/\\r\\n//' Run as an infinite loop:...

Search in conversation with a specific user in:@username <string to search for> Search in channel in:@channelname <string to search for> Resource: https://webapps.stackexchange.com/questions/103425/how-to-search-in-a-single-channel Keyboard Shortcuts Open search field COMMAND + g Create private channel w/ webhook Create a new private channel in slack Navigate to https://api.slack.com/apps and create a new app Navigate to https://api.slack.com/apps/YOURAPPID/incoming-webhooks Click Add New Webhook to Workspace Find the channel you created previously in the dropdown Click Allow Copy the Webhook URL and use it as needed

Secrets View secrets from master: salt '*' pillar.items Create key called mysecretkey on master: echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey" View secrets from minion: salt-call pillar.items Get a specific secret from a minion: salt-call pillar.get a-secret Resource: https://fabianlee.org/2016/10/18/saltstack-keeping-salt-pillar-data-encrypted-using-gpg/ Directory structure There are two essential locations for salt related files (excluding service files): /etc/salt /srv/salt /etc/salt holds configuration files for the master and minion, as well as the keys for known minions....

This is a great alternative to Travis CI or Circle CI. I’ve been using it quite a bit for a number of projects recently, and have been very happy with the results. Test a github project without committing If you want to debug a pipeline without committing code to your github repo, you can do the following: Login to Azure Devops Click + New project Give the project a name, specify Private for the Visibility, and click Create Once the project has been created, you’ll need to import the repo code:...

Login To get started, you have to login: lpass login <your email address> Look for passwords matching a string lpass show stringtomatch Get a password This will grab a password from LastPass via the cli. lpass show folder_name/name_of_password | grep -i password | awk -F ': ' '{print $2}'

Kubectl List all applications and services kubectl get all Resource: https://coreos.com/tectonic/docs/latest/tutorials/sandbox/deleting-deployment.html#:~:text=Go%20to%20Workloads%20%3E%20Deployments.,Go%20to%20Routing%20%3E%20Services. List all pods kubectl get pods List all containers in all pods kubectl get pods -o='custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name' List all containers in a pod kubectl get pods $POD_NAME -o='custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name' Resource: https://serverfault.com/questions/873490/how-to-list-all-containers-in-kubernetes List pods in a namespace kubectl get pods -n <namespace> Get all pods running in all namespaces kubectl get pods --all-namespaces Get all container images kubectl get pods --all-namespaces -o=jsonpath="{..image} Get all container images filtered by pod label kubectl get pods --all-namespaces -o=jsonpath="{....

Automated Scanning Tools These are tools that can be run by attackers or defenders to get a sense for all of the assets in an environment. Create audit user to use for running tools export AUDIT_IAM_USER="usr-security-audit" aws iam create-user --user-name ${AUDIT_IAM_USER} aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess aws iam attach-user-policy --user-name ${AUDIT_IAM_USER} --policy-arn arn:aws:iam::aws:policy/SecurityAudit aws iam create-access-key --user-name ${AUDIT_IAM_USER} Be sure to create a profile in your ~/.aws/config and ~/....

Jailbreaking At the time of this writing, only up to version 12.1.2 of iOS can be jailbroken. While it is theoretically possible to downgrade the version, it is a giant hassle and I was not able to find a fully working solution over the span of several hours of research. Save yourself some time and just get a phone with an older version of iOS. Jailbreak using Chimera Following the instructions on here: https://cydia-app....