Latest Updates and Projects
It's been a bit since I made a blog post, so I felt it was time to write down all of my latest updates. It's been a busy but fun past few months and I am excited to share everything that I have been working on!
Projects – Google API reporting script, Google Drive API PII scraping script, web app pen testing, router hacking, detection and alerting, cloud security engineer certification and more!
Google API reporting script: https://github.com/acrypthash/Google-Workspace-2FA-Report
This was a fun one. This python script generates a report that shows me any user that doesn't have 2FA enrolled and outputs it to a file. The goal was to make it “automated”, so I have added this script to a cron job on one of my servers that runs once a month. The output is then sent to a Slack channel for me to review at a later time. It has proven to be very useful!
Google Drive API PII combing script: https://github.com/acrypthash/Google-PII/tree/main
Again, another fun one. This one is still a work in progress This python script combs a Google Workspace tenant's drives for any documents that have PII. The reason for this script was because while Google can generate a report to show a quantitative value of how many files contain PII, they can't actually tell you which documents actually contain PII. The goal of this script is to actually output the file id and location.
Web App Penetration Testing: I have been working with some new vendors over the last few weeks to make arrangements for a web app penetration test to be done against one of our websites in the upcoming month. I have been learning a lot about what to look out for in these tests, what tests are to be done and most importantly, cost. Bishop Fox (https://bishopfox.com) has been one I am most forward to working with however budget is a bit of an issue on our side. I've also like their recent release of a tester to see if your Foritgate is vulnerable to CVE-2023-27997.
There is much that I have left out of this post, but I will end in mentioning that I am working on getting my cloud security engineer certification from Google. I am excited to add this one to my security belt.