pirxwtfis: Passive FQDN and Domain Lookup ToolI wrote a nifty Python commandline tool for looking up FQDNs and domains using various OSINT sources. It’s definitely useful to me, but I…2 min read·Aug 13, 2022----
pirxLeast Privilege Role for Your AWS Static SiteLet’s say you’ve deployed a static site on our AWS account using Cloudfront and S3, such as described in Automated Static Site Deployment…2 min read·Jul 4, 2022----
pirxUpdate to Log4shell Detection With FalcoIn a prior post I described how to detection potential Log4shell ( CVE-2021–44228) exploitation by looking for patterns in a Java process’…3 min read·Jun 20, 2022----
pirxPwnKit Privilege Escalation DetectionThis article describes one way to detect the PwnKit ( CVE-2021–4034), a privilege escalation vulnerability on polkit’s pkexec utility.3 min read·Jun 7, 2022----
pirxSyscall-Based Log4Shell Detection on LinuxThis is a write-up about detecting exploitation of the Log4Shell vulnerability ( CVE-2021–44228) in Log4j by monitoring specific syscalls…9 min read·May 20, 2022----
pirxAutomated Static Site Deployment in AWS Using TerraformThis is a quick and reusable way to deploy an AWS-hosted environment for static sites generated by the likes of Hugo and Jekyll. The code…7 min read·May 2, 2022----