Skip to content

Instantly share code, notes, and snippets.

View nitrocode's full-sized avatar
🚀
Thinking and typing

RB nitrocode

🚀
Thinking and typing
112 followers · 95 following
View GitHub Profile
@bschaatsbergen
bschaatsbergen / db.tf
Last active March 4, 2025 21:31
Ephemerality in Terraform
provider "aws" {
region = "us-west-2"
}
ephemeral "random_password" "db_password" {
length = 16
}
resource "aws_secretsmanager_secret" "db_password" {
name = "db-password"
@hackermondev
hackermondev / research.md
Last active May 8, 2025 17:41
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@houey
houey / aws_organizations_migration_notes.md
Last active February 11, 2025 01:17

Preface:

It is, unfortunately, extremely common for customers and enterprises operating in AWS to have chosen a workload/storage bearing account (more than likely, the main production account) as the Organization Management Account (formerly known Organization "Master" account, before AWS adopted better naming).
Many customers and companies operating in AWS made this decision in 2018 or so and its unforunately not something that can be easily changed as of 2024. Many customers have requests to AWS to make a friendly path for rehoming the Org Management account, but last I heard it is still not prioritized. Thus, we as customers are left to go through the nerve-wracking, if not dangerous process of migrating to a new AWS Organization in order to align with modern best practices and reduce common privilege escalation and account to account lateral movement concerns (made worse if you happen to have enabled things like Cloudformation Stacksets, Control Tower, or other powerful services in the same

@nitrocode
nitrocode / github-gpg-key-with-private-email.md
Last active March 15, 2025 23:04
Github "Verified" commits using GPG key with private email

Github "Verified" commits using GPG key with private email

It's nice to see a Verified message next to each commit for peace of mind.

Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub so other people can be confident that the changes come from a trusted source.

  1. Install latest gpg

    If using a mac use homebrew

@nitrocode
nitrocode / template-terraform-provider-for-darwin-arm.md
Last active September 17, 2024 12:16
Template terraform provider for darwin arm

Template terraform provider for darwin arm

Provider registry.terraform.io/hashicorp/template v2.2.0 does not have a package available for your current platform, darwin_arm64

why

The templatefile function only works with files. If you're working with files then switch to templatefile.

The hashicorp/template provider's template_file data source works with template strings and files (converted to strings) but was archived/deprecated before creating an arm release forcing people to look into other options if using Apple M1 (based on ARM).

@nadirollo
nadirollo / copy_tags.py
Created February 25, 2021 15:57
python script to copy tags from a packer build into different accounts
#!/usr/bin/env python
import boto3
import os
import json
script_dir = os.path.dirname(os.path.realpath(__file__))
owner_account = 'xxxxxxxxxxx'
@pjaudiomv
pjaudiomv / update-ssm-tags.sh
Created October 1, 2020 14:11
Tags instances with detected platform and patch group
#!/bin/bash
INSTANCE_IDS=$(aws ssm describe-instance-information --query 'InstanceInformationList[?starts_with(InstanceId, `i-`) == `true` && starts_with(PingStatus, `Online`) == `true`].InstanceId' --output json)
# we don't wan't instances that start with m as they are not taggable, usually workspaces. We also will only tag instances that are online.
export INSTANCE_IDS
echo "Instances that are going to be updated: $INSTANCE_IDS"
echo "$INSTANCE_IDS" | jq -r '.[]' | while read INSTANCE; do
PLATFORM_NAME=$(aws ssm describe-instance-information --instance-information-filter-list key=InstanceIds,valueSet=$INSTANCE --output text --query 'InstanceInformationList[].PlatformName')
PLATFORM_VER=$(aws ssm describe-instance-information --instance-information-filter-list key=InstanceIds,valueSet=$INSTANCE --output text --query 'InstanceInformationList[].PlatformVersion')
@michalstala
michalstala / sorting-aws-cli-describe-images-output.md
Created October 3, 2018 09:54
How to sort AWS CLI describe-images output using jd

As an example query AWS for a list of all NAT Instance AMIs:


aws ec2 describe-images --filter Name="owner-alias",Values="amazon" --filter Name="name",Values="amzn-ami-vpc-nat*" --region us-west-2 | jq '.Images | sort_by(.CreationDate)'

If only specific fields are required to print into output:

@dstokes
dstokes / dns-check.sh
Created November 7, 2016 23:53
Test Dead Route53 DNS Records
#!/bin/bash
DOMAIN=$1
PORT=$2
TYPES=(A CNAME)
# resolve zone id
ZONE=$(aws route53 list-hosted-zones --query 'HostedZones[?Name==`'$DOMAIN'.`].Id' --output text)
if [[ -z "$ZONE" ]]; then
echo "Unrecognized domain: $1" >&2
@michaelgrosser
michaelgrosser / vagrantfile.rb
Last active November 7, 2017 11:11
Share Host AWS Credentials with Vagrant Guest
# Copy AWS credentials and config from host to guest
$aws_credentials_path = ENV['HOME'] + "/.aws/credentials"
$aws_config_path = ENV['HOME'] + "/.aws/config"
if File.file?($aws_credentials_path) && File.file?($aws_config_path) then
config.vm.provision "shell",
inline: "mkdir -p /root/.aws",
privileged: true
config.vm.provision "shell",
inline: "mkdir -p /home/nginx/.aws",