Azure Pipelines Cheatsheet

This is a great alternative to Travis CI or Circle CI. I've been using it quite a bit for a number of projects recently, and have been very happy with the results. Test a github project without committing If you want to debug a pipeline without committing code to your…

LastPass CLI Cheatsheet

Login To get started, you have to login: lpass login <your email address> Get a password This will grab a password from LastPass via the cli. lpass show <name of password> |grep txtPassword | awk '{print $2}' | tr -d '\n'…

Kubernetes Cheatsheet

List all containers kubectl get pods --all-namespaces -o=custom-columns=NameSpace:.metadata.namespace,NAME:.metadata.name,CONTAINERS:.spec.containers[*].name Resource: https://serverfault.com/questions/873490/how-to-list-all-containers-in-kubernetes By namespace kubectl get pods -n <namespace> Check for insecure kubelet API access From the host curl -k https://localhost:10250/pods…

AWS Pentesting

S3 Hunting You can reach S3 buckets via a web interface regardless of whether or not access is permitted. The URL formats are: http://<bucketname>.s3.amazonaws.com http://s3.amazonaws.com/<bucketname> A couple of things worth keeping in mind for creating tooling around hunting…

IOS Pentesting Cheatsheet

Jailbreaking At the time of this writing, only up to version 12.1.2 of iOS can be jailbroken. While it is theoretically possible to downgrade the version, it is a giant hassle and I was not able to find a fully working solution over the span of several hours…