derelict garden

      ,_.     ,.eo-ee,
     .e.e,   e_/e0^o,
  .,;-o-e.. ,/ee^    
     ,e0\o  /-o0__ee,._
   ee 0_/e e\o_/__\-e,o^e
   ,,o0o\ ,|v/ee. ^"e- 
,ee_e._, \ //         
        \ V |   _.e.   
        |   /_-ee,_.    
       /\   \-__         
     _/ /  \ \  \_       
  .,wW'^^^//;^-^;^;w_

A comunity of bloggers with curated content. Focused in fostering the Brazilian developer scene, we provide a webring and a digital garden. See our manifesto.

BECOME A MEMBER!

Members

blog.16090000.xyz
blog.terminal.pink
bmayer.dev
foreverliketh.is
jhrl.dev
nivaldogmelo.github.io
pomba.net

Jobs

See our job board.

Our only source of income comes from donations, so if you'd like to foster this community to keep creating quality content please consider making a donation.

This project is licensed under the terms of the BSD-2-Clause.

Our garden

Garden article template

Copy and paste this to create a new article.
Created by Brian Mayer
Maturity: seed
Updated 22 Sep 23 05:40 BST

Linux configs for minimalists

Configuration files and decisions for minimalist Linux users.
Created by Brian Mayer
Maturity: seed
Updated 22 Sep 23 05:40 BST

News from the network

This blogpost showcases some not-so-commonly-advertised benefits and features that modern WAFs have, and how they can be used in an average company to gain benefits ranging from technical to political. It also provides some tips and tricks that I would have liked to know a few years ago. This was originally presented as a talk...

Pod Recurrent Restarts via Cronjobs

2024-05-03 from blog.16090000.xyz

Ever wondered how to cycle your deployment/pods the native way? Think no more!

Helm Chart Templating Tricks

2024-04-11 from blog.16090000.xyz

Some trick to alleviate the daily Helm burden of managing multiple equal resources in your deployments.

GCP-Pentest-Lab – A reproducible cloud pentesting lab in GCP

2024-04-09 from pomba.net

During the year 2023, I was a Cloud Security lecturer at FIAP. Long story short, It was an amazing experience. However, when we got to the more “red-team” parts of the course, I had trouble finding educational resources. I wanted a pentesting lab that would allow my students to exploit real-world misconfigurations, without the usual...

GCP – Extract all granted IAM permissions for all users

2023-10-13 from pomba.net

Introduction The following bash script is pretty simple. It generates a CSV that lists, for each user, all the roles given to them and in which resources. It’s great for doing IAM reviews. Note: if, for example, a user has access to a project, this scripts only lists the role granted at the project level....

Configs Vulneráveis Comuns em Stacks Google (GCP + Workspace)

2022-11-20 from pomba.net

Essa talk foi apresentada na B-Sides SP 2022, que ocorreu no dia 20/11/2022. Todo o conteúdo está disponível aqui: https://github.com/maximus-hackers/gcpBsides2022 Link direto do Docs: https://docs.google.com/presentation/d/164wBOdmQYWr2nFVR251XoFVY_GuUO7hJuIPdGRZY6FM/edit?usp=sharing Views: 234

Splunk – How to deal with delayed events in Alerts

2022-09-23 from pomba.net

If you’re using Splunk for Alerting, there is a problem that can occur where an event: Is generated before a scheduled search is executed But is only received after the search is done This will mean that: The scheduled search that should inspect the time-frame where the event was generated will not find the event,...

GCP – SSH into VMs without Public IP’s via IAP Tunneling (A better tutorial)

2022-09-15 from pomba.net

Table of Contents Activating IAP with OSLogin (best option) Activating IAP for Project Owners Activating IAP for Admins Activating IAP without OSLogin Introduction IAP Tunneling is extremely useful for acessing resources that don’t have public IPs.In fact, it’s much safer and easier than assigning public IPs and configuring Firewall rules, or setting up VPNs inside...

GCP – SSH into VMs as Service Account when OSLogin is enabled

2022-05-03 from pomba.net

OSLogin requires every SSH key to be tied to a user. For normal / human users the process is straight-forward and there is a lot of documentation about it. For Service Accounts, things get a little weirder… This tutorial will show you how to create an SSH key that is tied to a Service Accout...

Google Workspace / Gsuite – Use Authenticator/TOTP as 2FA without needing to register SMS or Physical Token

2022-03-22 from pomba.net

Introduction For some reason, users are forced to activate at least one 2FA method (SMS, token or cellphone alerts) before being allowed to activate TOTP (via Authenticator). SMS is an insecure method of 2FA, because telephone companies are usually susceptible to social engineering attacks that can transfer your number to an unauthorized user. If you...

Google Workspace / GSuite with GAM – Extract all Drive files shared externally

2022-03-22 from pomba.net

This is a useful command for extracting all files shared with at least one external user in Google Drive. I recommend running this command regularly to keep an eye on data exfiltration and improper sharing outside the company. Views: 216