Brandon Evans BrandonE
BrandonE
/ printCloudCredentials.js
Created
June 6, 2022 20:34
Extract the IAM credentials from the Instance Metadata Service (IMDS) for AWS, Azure, or GCP. Uses one dependency (https://github.com/axios/axios). Related to content from SANS SEC510: Public Cloud Security: AWS, Azure, and GCP - http://sec510.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const axios = require('axios') | |
| printAwsCredentials = async () => { | |
| try { | |
| const token = await axios({ | |
| method: 'PUT', | |
| url: 'http://169.254.169.254/latest/api/token', | |
| headers: { | |
| 'X-aws-ec2-metadata-token-ttl-seconds': 5 | |
| } |
BrandonE
/ archive.sh
Last active
August 24, 2023 03:57
Archive the contents of a directory to JSON using core shell commands. Use to extract files while "Living-off-the-Land". Works on serverless runtimes. Created for SANS SEC510: Public Cloud Security: AWS, Azure, and GCP - http://sec510.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SOURCE_DIRECTORY=/tmp | |
| ARCHIVE_TO=/tmp/documents.json | |
| # Clear the archive. | |
| : > "$ARCHIVE_TO" | |
| # Begin JSON array. | |
| echo -n '[' >> "$ARCHIVE_TO" | |
| for FILE in $(grep -lr --exclude="$(basename $ARCHIVE_TO)" . "$SOURCE_DIRECTORY") |