There’s nothing worse than finding out that one of your accounts has been breached. Here’s a quick guide to help you secure your account: Discovering a breach in one of your accounts can be alarming. Follow this streamlined guide for securing your account efficiently: Prioritize and Stay Calm - First, assess if the compromised password was reused on more critical accounts. If yes, secure the more vital account immediately. Change Your Password - Log into the affected account and update your password to a unique and complex one. If access is denied, use the “forgot password” feature to reset it. ...

In this comprehensive guide, we’ll walk through the process of setting up AWS Systems Manager (SSM) and HashiCorp Packer, with two different approaches: one using Ansible and one without. We’ll also cover the setup of the necessary IAM instance profile. Prerequisites Before we begin, ensure you have the following: An AWS account with appropriate permissions AWS CLI installed and configured An s3 bucket for storing files transferred by Packer when using SSM Packer installed Ansible installed (for the Ansible example) Setting Up SSM and IAM Instance Profile AWS Systems Manager (SSM) is a management tool that provides a unified user interface to view and control your AWS infrastructure. To use SSM with Packer, we need to set up an IAM instance profile with the necessary permissions. ...

Sites with valid SSL certs ssl:"orgname" 200 Negative search This is used to specify things you don’t want to be appended to your search -"content" An example could be: ssl:"orgname" 200 -"nosniff" Look for patterns in html html:"Dashboard Jenkins" Search for a specific technology This example will find all sites that use Bootstrap http.component:bootstrap Jenkins: http.component:"jenkins" Resources: https://twitter.com/shodanhq/status/985964783089233920?lang=en https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6 Assets belonging to an organization org:"Name of Organization" With a 200 response code: ...

Search in conversation with a specific user in:@username <string to search for> Search in channel in:@channelname <string to search for> Resource: https://webapps.stackexchange.com/questions/103425/how-to-search-in-a-single-channel Keyboard Shortcuts Open search field COMMAND + g Create private channel w/ webhook Create a new private channel in slack Navigate to https://api.slack.com/apps and create a new app Navigate to https://api.slack.com/apps/YOURAPPID/incoming-webhooks Click Add New Webhook to Workspace Find the channel you created previously in the dropdown Click Allow Copy the Webhook URL and use it as needed

This guide documents how to use the Sliver C2 framework - both containerized and direct installation. It covers Docker builds across architectures, server deployment, implant generation, and operational commands for effective penetration testing. Environment Setup First, let’s set up some variables we’ll use throughout this guide: # Set your GitHub username GITHUB_USER=l50 # Set container registry path CONTAINER_REGISTRY=ghcr.io Building and Pushing Multi-Architecture Sliver Container Building for Multiple Architectures First, build your base Sliver image: ...

Generic Queries Update field UPDATE table_name SET column1 = value1, column2 = value2, ... WHERE condition; Get first row of data from table Replace table with a valid table in your db. SELECT * FROM <table> LIMIT 1; Single-line comment -- stuff to comment out Multi-line comment /** stuff to comment out **/ Delete the last n rows from a table DELETE FROM `table` WHERE `table`.`tableID` in (SELECT TOP 500 tableID FROM table ORDER BY tableID DESC) Delete the first n rows from a table DELETE FROM `table` WHERE `table`.`tableID` in (SELECT TOP 500 tableID FROM table ORDER BY tableID ASC) Get the number of rows in a table SELECT COUNT(*) FROM <table>; Resources: ...

Installation on Ubuntu 20.04 sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] \ https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install -y terraform # Verify it works terraform -v Resource: https://learn.hashicorp.com/tutorials/terraform/install-cli Commands This is used to download and configure providers in your terraform code: terraform init Resource: https://learn.hashicorp.com/tutorials/terraform/eks Reconfigure state If you need to reconfigure your state, run the following: ...

Create session with a name SESSION_NAME='mysession' tmux new -s "${SESSION_NAME}" Create detached session with a name This particular example will run SimpleHTTPServer in the background: SESSION_NAME='python_sesh' tmux new -s "${SESSION_NAME}" -d 'python3 -m http.server' Kill tmux session programmatically kill -9 "$(top -n 1 | pgrep tmux)" Attach to session with name SESSION_NAME='mysession' tmux a -t "${SESSION_NAME}" # Alternatively: tmux attach -t "${SESSION_NAME}" List sessions # Outside of a tmux session: tmux ls # Within a tmux session: Ctrl b s Background session Ctrl b d Rename current session Ctrl b $ Kill session SESSION_NAME='ohno' tmux kill-session -t "${SESSION_NAME}" Background session on remote host and close ssh session return ~ . Resources: https://gist.github.com/henrik/1967800 ...

This contains various regexes that I find useful. Match any character except newline . Match first word of a string on multiple lines /(word1|word2|word3)/igm Multiple lines of neg and pos floating point numbers that are less than 1000 /^-?\d{1,3}\.\d+$/igm Do not return result from a group (?:) For example, do not return the year from this string: 12/06/2016 05:52 (^\d{2}\/\d{2}\/(?:2015|2016) (\d{2}:\d{2})$) Everything else that you expect from a capture group will be captured in the output. This merely ensures that 2015 or 2016 are omitted from any results. ...

Useful Keyboard Shortcuts Select the beginning of a function Shift-V - Get version of vim :version Get to the end of a function $% Autoindent the current file gg=G Breaking it down: gg to get to the start of the file, = to indent and G to get to the end of the file. Use JQ to make JSON human readable :%!jq '.' Alternatively, you can also use python: :%!python -m json.tool Resources: ...