It is, unfortunately, extremely common for customers and enterprises operating in AWS to have chosen a workload/storage bearing account (more than likely, the main production account) as the Organization Management Account (formerly known Organization "Master" account, before AWS adopted better naming).
Many customers and companies operating in AWS made this decision in 2018 or so and its unforunately not something that can be easily changed as of 2024. Many customers have requests to AWS to make a friendly path for rehoming the Org Management account, but last I heard it is still not prioritized. Thus, we as customers are left to go through the nerve-wracking, if not dangerous process of migrating to a new AWS Organization in order to align with modern best practices and reduce common privilege escalation and account to account lateral movement concerns (made worse if you happen to have enabled things like Cloudformation Stacksets, Control Tower, or other powerful services in the same
houey
/ aws_organizations_migration_notes.md
Last active
October 20, 2025 00:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # THIS LINUX SETUP SCRIPT HAS MORPHED INTO A WHOLE PROJECT: HTTPS://OMAKUB.ORG | |
| # PLEASE CHECKOUT THAT PROJECT INSTEAD OF THIS OUTDATED SETUP SCRIPT. | |
| # | |
| # | |
| # Libraries and infrastructure | |
| sudo apt update -y | |
| sudo apt install -y \ | |
| docker.io docker-buildx \ | |
| build-essential pkg-config autoconf bison rustc cargo clang \ |
invictus-ir
/ CloudTrail.csv
Last active
October 10, 2025 15:40
An overview of CloudTrail events that are interesting from an Incident Response perspective
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 10 columns, instead of 9 in line 7.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Initial Access","Execution","Persistence","Privilege Escalation","Defense Evasion","Credential Access","Discovery","Lateral Movement","Exfiltration","Impact" | |
| ConsoleLogin,StartInstance,CreateAccessKey,CreateGroup,StopLogging,GetSecretValue,ListUsers,AssumeRole,CreateSnapShot,PutBucketVersioning | |
| PasswordRecoveryRequested,StartInstances,CreateUser,CreateRole,DeleteTrail,GetPasswordData,ListRoles,SwitchRole,ModifySnapshotAttributes ,RunInstances | |
| ,Invoke,CreateNetworkAclEntry,UpdateAccessKey,UpdateTrail,RequestCertificate,ListIdentities,,ModifyImageAttribute,DeleteAccountPublicAccessBlock | |
| ,SendCommand,CreateRoute,PutGroupPolicy,PutEventSelectors,UpdateAssumeRolePolicy,ListAccessKeys,,SharedSnapshotCopyInitiated, | |
| ,,CreateLoginProfile,PutRolePolicy,DeleteFlowLogs,,ListServiceQuotas,,SharedSnapshotVolumeCreated, | |
| ,,AuthorizeSecurityGroupEgress,PutUserPolicy,DeleteDetector,,ListInstanceProfiles,,ModifyDBSnapshotAttribute, | |
| ,,AuthorizeSecurityGroupIngress,AddRoleToInstanceProfile,DeleteMembers,,ListBuckets,,PutBucketP |
ramimac
/ Cloud Security Orienteering Checklist.md
Last active
October 10, 2024 17:47
A Checklist of Cloud Security Orienteering
Cloud Security Orienteering: Checklist
by Rami McCarthy
via TL;DR sec
How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.
Based on the Cloud Security Orienteering methodology.
psignoret
/ Get-AzureADPSPermissions.ps1
Last active
August 7, 2025 13:21
Script to list all delegated permissions and application permissions in Microsoft Entra ID
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
| # FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
| <# |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # digg.sh | |
| # Usage: digg [domain|ip|url] | |
| # Examples: | |
| # digg https://google.com/ | |
| # digg 67.1.1.1 | |
| # digg www.example.com | |
syafiqfaiz
/ how-to-copy-aws-rds-to-local.md
Last active
October 8, 2025 11:34
How to copy production database on AWS RDS(postgresql) to local development database.
- Change your database RDS instance security group to allow your machine to access it.
- Add your ip to the security group to acces the instance via Postgres.
- Make a copy of the database using pg_dump
$ pg_dump -h <public dns> -U <my username> -f <name of dump file .sql> <name of my database>- you will be asked for postgressql password.
- a dump file(.sql) will be created
- Restore that dump file to your local database.
- but you might need to drop the database and create it first
$ psql -U <postgresql username> -d <database name> -f <dump file that you want to restore>
- the database is restored
phlbnks
/ wp.sh
Last active
March 23, 2025 22:54
— forked from bgallagh3r/wp.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| clear | |
| echo "============================================" | |
| echo "WordPress Install Script" | |
| echo "============================================" | |
| echo "Do you need to setup new MySQL database? (y/n)" | |
| read -e setupmysql | |
| if [ "$setupmysql" == y ] ; then | |
| echo "MySQL Admin User: " | |
| read -e mysqluser |
plentz
/ nginx.conf
Last active
October 22, 2025 16:10
Best nginx configuration for improved security(and performance)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |