annextuckner
annextuckner
/ agents-skills-osquery.py
Last active
February 9, 2026 20:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| osquery extension: agent_skills | |
| Discovers SKILL.md files, parses frontmatter, then enumerates all .md files | |
| in each skill directory. One row per .md file, with skill metadata on each row. | |
| Install: | |
| pip3 install osquery pyyaml | |
| Run: |
annextuckner
/ add-new-extensions-in-google-workspace-to-secure-annex.json
Created
October 17, 2025 19:41
google-workspace-unique-watch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "schema_version": 27, | |
| "standard_lib_version": 85, | |
| "action_runtime_version": 57, | |
| "name": "Add new extensions in Google Workspace to Secure Annex", | |
| "description": null, | |
| "guid": "d77161ae14d8f904f7c96c2ee7f5bf51", | |
| "slug": "add_new_extensions_in_google_workspace_to_secure_annex", | |
| "agents": [ | |
| { |
annextuckner
/ allow_extension.py
Created
May 30, 2025 14:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from google.oauth2 import service_account | |
| from googleapiclient.discovery import build | |
| import json | |
| def main(): | |
| # Authenticate the service account | |
| scopes = ['https://www.googleapis.com/auth/chrome.management.policy'] | |
| admin_to_impersonate = '' | |
| credentials = service_account.Credentials.from_service_account_file( | |
| 'acsa.json', scopes=scopes, subject=admin_to_impersonate |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Extension_Impersonation { | |
| meta: | |
| description = "Detects Chrome extensions that disable other extensions and change icons" | |
| author = "John Tuckner" | |
| severity = "medium" | |
| created = "2025-03-07" | |
| strings: | |
| // Direct pattern matching for setEnabled with false parameter | |
| $set_enabled_false = /chrome\.management\.setEnabled\([^,]*,\s*false\s*\)/ ascii wide |
annextuckner
/ secure_annex_bulk_watch.py
Last active
March 6, 2025 20:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Chrome Extension Monitor for Secure Annex | |
| Fetches Chrome extensions from Chrome Management API and configures monitoring in Secure Annex. | |
| Configure a service account in Google Cloud Console and set the SERVICE_ACCOUNT environment variable to the JSON string or file path. | |
| The service account must have the following permissions: | |
| - https://www.googleapis.com/auth/chrome.management.reports.readonly | |
| An admin email must be provided for the service account to impersonate. |