a cludge for sandwiching Palo-Alto Firewalls between an internal and external AWS ELB.
The repo includes
updatenat.py which is an AWS Lambda function designed to do the following:
- Resolve the IP addresses of configured ELBs
- Match the IPs with configured Availability Zones
- Check if the associated Address Object on the PA Firewall residing in the respective Availability Zone matches the resolved IP
- Update the Address Objects if the addresses do not match the ELB’s IPs
- Store the resolved IP addresses as JSON in an S3 Bucket to reduce processing time at the next execution
- Commit the updated PA configuration
Repo here: paloaws-lambda
a tool for searching and scanning shodan results. I built this to scan for assets exposed to the CVE-2019-19781 “shitrix” vulnerability that kept me awake during xmas 2019. It can do other things too.
Gather a list of Citrix appliances in a country / state pair, and check if they’re vulnerable to CVE-2019-19781. Results are output as JSON which can be wrangled quite nicely into a meaningful PowerBI report.
It does this by querying Shodan for all results in a particular country matching a search string. By default, it searches
country:AU has_ssl:true with the search string
To check for vulnerability, we see if a HEAD for
https://<HOST>/vpn/%2E%2E/vpns/cfg/smb.conf returns a status
200. This means directory traversal is allowed, and the patch or workaround has not been applied to the host.
Repo here: webcvescanner
terraform and provisioners to build ssl-enabled gophish instances for multiple customers. I wrote about this in a blog post
GoPhish is an OSS “Phishing Toolkit” which provides facilities for creating, running, and reporting on phishing campaigns. You can read more about GoPhish and what it can do here. GoPhish was absolutely what I needed to move forward with running some phishing tests on our customers, but provisioning and configuring it was clunky and took time. GoPhish wasn’t designed with multiple target organisations in mind either.
Repo here: throwphish
a package to do OneDrive Known Folder Move on macOS. I wrote about this in a blog post
Microsoft OneDrive has a super great feature (for Windows) called Known Folder Move. This redirects the Desktop, Documents, and Pictures folders to your OneDrive folder. This allows you to have multiple computers stay in sync.
This application (a fork of synapsed) brings this same functionality to MacOS through the use of SymLinks thus enabling sync between your Desktop and Documents folders and OneDrive.
Repo here: MacOS-OneDrive-KFM
Latest release here: MacOS-OneDrive-KFM 0.2
a bunch of scripts to make tenant-to-tenant migrations using SkyKick a bit easier.
Repo here: skykick-scripts