Deck
Recording
Ozgur Gul ozgurgul
lachie83
/ references.md
Last active
January 5, 2024 00:03
The Hitchhiker's Guide to Pod Security References
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
November 24, 2025 11:24
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
What I use for Hortonworks HDP (Hadoop) systems, but should work for anyone.
Some configurations are tuned for Active Directory without relying on 'sssd-ad' such that the hosts don't need to join the domain.
sudo yum install sssd sssd-ldap sssd-krb5 sssd-tools authconfig \
oddjob oddjob-mkhomedir openldap-clients cyrus-sasl-gssapi \
ozgurgul
/ presentation-links.md
Created
December 2, 2020 15:04
— forked from stevemar/presentation-links.md
- Sign-up for IBM Cloud account: https://ibm.biz/ibm-infosys-workshop
- Hands-on Lab: https://ide.skillsnetwork.site/quicklab/modernize-java-to-openshift
- Code repo for migrated application: https://github.com/stevemar/migrated-mod-resorts
- Image repo for migrated application: https://hub.docker.com/r/stevemar/migrated-mod-resorts
- Link to the slides: https://speakerdeck.com/pmmistry/application-modernization
- Replay of the talk:
What I use for Hortonworks HDP (Hadoop) systems, but should work for anyone.
Some configurations are tuned for Active Directory without relying on 'sssd-ad' such that the hosts don't need to join the domain.
sudo yum install sssd sssd-ldap sssd-krb5 sssd-tools authconfig \
oddjob oddjob-mkhomedir openldap-clients cyrus-sasl-gssapi \
cimentadaj
/ install_airflow.sh
Created
November 18, 2018 19:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://airflow.readthedocs.io/en/latest/start.html | |
| sudo apt-get install python3-pip | |
| sudo apt-get install postgresql postgresql-contrib | |
| sudo -u postgres createuser --interactive | |
| name: airflow | |
| superuser: yes |
ngollperrier
/ airflow-tutorial-gist-02.sql
Created
October 30, 2018 13:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; | |
| CREATE TABLE clickstream ( | |
| click_id uuid PRIMARY KEY NOT NULL DEFAULT uuid_generate_v4(), | |
| click_timestamp TIMESTAMP WITH TIME ZONE, | |
| user_id UUID, | |
| is_ad_display_event BOOLEAN, | |
| is_ad_search_event BOOLEAN | |
| ); |
josephlr
/ sources.list
Created
September 6, 2018 06:59
/etc/apt/sources.list for Ubuntu Bionic 18.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deb [arch=amd64,i386] http://us.archive.ubuntu.com/ubuntu/ bionic main restricted universe multiverse | |
| deb [arch=amd64,i386] http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted universe multiverse | |
| deb [arch=amd64,i386] http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse | |
| deb [arch=amd64,i386] http://security.ubuntu.com/ubuntu bionic-security main restricted universe multiverse | |
| deb [arch=arm64,armhf,ppc64el,s390x] http://ports.ubuntu.com/ubuntu-ports/ bionic main restricted universe multiverse | |
| deb [arch=arm64,armhf,ppc64el,s390x] http://ports.ubuntu.com/ubuntu-ports/ bionic-updates main restricted universe multiverse | |
| deb [arch=arm64,armhf,ppc64el,s390x] http://ports.ubuntu.com/ubuntu-ports/ bionic-backports main restricted universe multiverse | |
| deb [arch=arm64,armhf,ppc64el,s390x] http://ports.ubuntu.com/ubuntu-ports/ bionic-security main restricted universe multiverse |
jjo
/ kubectl-root-in-host-nopriv.sh
Last active
June 27, 2025 23:24
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root | |
| # without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged` | |
| # admission controller. | |
| # Pod command in turn runs a privileged container using node's /var/run/docker.sock. | |
| node=${1} | |
| case "${node}" in | |
| "") | |
| nodeSelector='' | |
| podName=${USER+${USER}-}docker-any |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from airflow.contrib.hooks.gcs_hook import GoogleCloudStorageHook | |
| from airflow.exceptions import AirflowException | |
| from airflow.hooks.http_hook import HttpHook | |
| from airflow.models import BaseOperator | |
| from airflow.utils.decorators import apply_defaults | |
| import json | |
| import time | |
| class AppEngineOperator(BaseOperator): |
NewerOlder