Skip to content

Pomba Labs

Pruu Pruu Modafoca!

← derelict garden webring →

Category: BlueTeam

GCP – Extract all granted IAM permissions for all users

Posted on October 13, 2023May 3, 2024 by [email protected]

Introduction The following bash script is pretty simple. It generates a CSV that lists, for each user, all the roles given to them and in which resources. It’s great for doing IAM reviews. Note: if, for example, a user has access to a project, this scripts only lists the role granted at the project level….

CategoriesBlueTeam, Cloud, GCP, Tips and Tricks

Configs Vulneráveis Comuns em Stacks Google (GCP + Workspace)

Posted on November 20, 2022May 3, 2024 by [email protected]

Essa talk foi apresentada na B-Sides SP 2022, que ocorreu no dia 20/11/2022. Todo o conteúdo está disponível aqui: https://github.com/maximus-hackers/gcpBsides2022 Link direto do Docs: https://docs.google.com/presentation/d/164wBOdmQYWr2nFVR251XoFVY_GuUO7hJuIPdGRZY6FM/edit?usp=sharing Views: 242

CategoriesBlueTeam, Cloud, Pentesting

Splunk – How to deal with delayed events in Alerts

Posted on September 23, 2022May 3, 2024 by [email protected]

If you’re using Splunk for Alerting, there is a problem that can occur where an event: Is generated before a scheduled search is executed But is only received after the search is done This will mean that: The scheduled search that should inspect the time-frame where the event was generated will not find the event,…

CategoriesBlueTeam, Cloud, Tips and Tricks

How to run your own realistic Phishing Campaign easily and on a budget.

Posted on October 31, 2020May 3, 2024 by [email protected]

Phishing campaigns are useful for training your employees against common techniques (if you’re on the blue side) or to get some cr3ds (if you’re on the red side). This post is geared towards those on the blue side of things, but it can also be useful for red teamers and pentesters. The techniques and tools…

CategoriesBlueTeam, Phishing

Recent Posts

  • The WAF Swiss-Knife
  • GCP-Pentest-Lab – A reproducible cloud pentesting lab in GCP
  • GCP – Extract all granted IAM permissions for all users
  • Configs Vulneráveis Comuns em Stacks Google (GCP + Workspace)
  • Splunk – How to deal with delayed events in Alerts

Archives

  • May 2024
  • April 2024
  • October 2023
  • November 2022
  • September 2022
  • May 2022
  • March 2022
  • January 2022
  • August 2021
  • May 2021
  • February 2021
  • January 2021
  • October 2020
  • July 2020
  • June 2020
  • July 2019
  • May 2019
  • April 2019
  • March 2019
  • December 2018
  • March 2018

Categories

  • BlueTeam
  • Certifications
  • Cloud
  • GCP
  • Pentesting
  • Phishing
  • Programming
  • Theory
  • Tips and Tricks
  • Uncategorized
  • Useless

Vistors!

  • 1,898
  • 31,225
  • 24,694
Proudly powered by WordPress