I hereby claim:
- I am hotnops on github.
- I am hotnops (https://keybase.io/hotnops) on keybase.
- I have a public key ASBkwHOmbmapDUoTZGkExGpiJiHJhQG5ULt_HR1zZtHM-Qo
To claim this, I am signing this object:
Daniel Heinsen hotnops
hotnops
/ gist:e450688fb4792845c047d336277f3d2c
Created
January 17, 2025 17:43
Default Entra Connect Sync Rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <SyncRules> | |
| <synchronizationRule> | |
| <id>{64304b7a-1bb1-4347-bec4-bfe30ba77174}</id> | |
| <internal-id>{64304b7a-1bb1-4347-bec4-bfe30ba77174}</internal-id> | |
| <version>1</version> | |
| <name>In from AAD - User Join</name> | |
| <description /> | |
| <immutable-tag>Microsoft.InfromAADUserJoin.005</immutable-tag> | |
| <direction>Inbound</direction> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Find cognito vulenerable roles as specified in https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/ | |
| MATCH p=(r:AWSRole) <- [:AttachedTo] - (a:AWSAssumeRolePolicy) <- [:AttachedTo] - (s:AWSStatement {effect: "Allow"}) - [:Principal] -> (prin) | |
| WHERE prin.name CONTAINS "cognito" | |
| WITH s, p, r | |
| OPTIONAL MATCH p2=(s) <- [:AttachedTo] - (c:AWSCondition) <- [:AttachedTo] - (ck:AWSConditionKey) | |
| WHERE ck.name = "cognito-identity.amazonaws.com:aud" | |
| WITH p, p2, s,r, COLLECT(ck) AS matchedKeys | |
| WHERE SIZE(matchedKeys) = 0 | |
| RETURN r.arn |
hotnops
/ oplog-sync.cna
Created
October 2, 2020 16:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.DataOutputStream; | |
| import java.net.HttpURLConnection; | |
| import java.net.URL; | |
| sub oplog::saveToDisk { | |
| local('$timestamp $localIP $destIP $userContext $command $operator $oplog_id $logfile $data $header $handle $error'); | |
| $timestamp = $1; | |
| $localIP = $2; | |
| $destIP = $3; | |
| $userContext = $4; |
hotnops
/ keybase.md
Created
April 29, 2020 02:22