Snort Rules: Ep.5 – Fake Tech Support Popup
I have been stuck on Question 5 for a while now. Create a Snort rule to detect connections to this IP address from 10.1.9.101 on port 49349, then submit the token. Does this IP refer to IP in the previous question? If so, I have tried so many different rules but one worked.Solved133Views1like1Comment
IAM: Demonstrate Your Skills - Developer access (2/3)
Developer access (2/3) I have completed the developer access question 1 with the following policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::147026630027:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "lambda:*", "Resource": "*" }, { "Sid": "VisualEditor2", "Effect": "Deny", "Action": "lambda:*", "Resource": "arn:aws:lambda:us-east-1:147026630027:function:virus-scanner" } ] } Currently stuck on the Developer access 2 question: Update the developers-lambda policy, with the following additional permissions: Ensure the policy allows CreatePolicy, CreateRole, GetRole, GetPolicy, GetPolicyVersion, ListRoles, ListPolicies, ListRolePolicies, and ListAttachedRolePolicies actions for all resources. Ensure the policy allows role policy attachment to all resources, but only when the developers-s3 arn:aws:iam::147026630027:policy/developers-s3 policy is present as a permissions boundary. This essentially restricts the maximum permissions of any developer-created role. Leave any condition qualifiers as default and ArnEquals as the condition. I have this code but is not working: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::147026630027:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "lambda:*", "iam:CreatePolicy", "iam:CreateRole", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "iam:ListPolicies", "iam:ListRolePolicies" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PermissionsBoundary": "arn:aws:iam::147026630027:policy/developers-s3" } } }, { "Sid": "VisualEditor3", "Effect": "Deny", "Action": "lambda:*", "Resource": "arn:aws:lambda:us-east-1:147026630027:function:virus-scanner" } ] } Any help would be great full. ThanksSolved100Views2likes2Comments
Systems Manager: Run Command (AWS)
Hi, I am attempting to complete the Systems Manager: Run Command lab and successfully complete run the commands (both turn green). It mentions there should be a token output from the second command but the commands fail each time. Anywhere else I should be looking to get the token and/or successful run the command.Solved99Views3likes4CommentsSystems Manager: Automation
Hello, On exercise 4 (Create playbook) I'm getting an error if I configure Step One according the instruction, and I can't proceed with the playbook creation. "AccessDeniedException: User: {{user}} is not authorized to perform: ssm:CreateDocument on resource: {{resource}}/NewRunbook because no permissions boundary allows the ssm:CreateDocument action" This is how I structured the code: schemaVersion: '0.3' assumeRole: {{according the instructions}} description: EC2-Stop-Prod-EU-WEST-1 mainSteps: - name: Pause action: aws:pause nextStep: Approve isEnd: false inputs: {} - name: Approve action: aws:approve nextStep: get_instance_ids isEnd: false inputs: Approvers: - {{according the instructions}} - name: get_instance_ids action: aws:executeAwsApi nextStep: turn_off_prod_instances isEnd: false inputs: Api: DescribeInstances Service: ec2 Filters: - Name: tag-key Values: - prod - Name: instance-state-name Values: - running outputs: - Name: InstanceIds Selector: $.Reservations..Instances..InstanceId Type: StringList - name: turn_off_prod_instances action: aws:executeScript isEnd: true inputs: Runtime: python3.8 Handler: script_handler Script: |- def script_handler(events,context): import boto3 #Initialize client ec2 = boto3.client('ec2') instanceList = events['InstanceIds'] for instance in instanceList: ec2.stop_instances(InstanceIds=[instance]) InputPayload: InstanceIds: '{{get_instance_ids.InstanceIds}}' Does anyone had the same error while doing this lab? Regards,Solved71Views3likes2Comments
