Skip to content

Instantly share code, notes, and snippets.

Avatar
🦠
I'm really good at keeping secrets quarantined.

Joe Garcia infamousjoeg

🦠
I'm really good at keeping secrets quarantined.
View GitHub Profile
@infamousjoeg
infamousjoeg / aws.java
Last active Oct 15, 2020
Full Java source code for examples given in AWS IAM Authenticator Tutorial for Conjur Open Source (https://www.conjur.org/blog/aws-iam-authenticator-tutorial-for-conjur-open-source/)
View aws.java
package authn-iam_test;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.IOException;
import java.net.URL;
import org.json.JSONObject;
import com.cyberark.conjur.api.Conjur;
public class authn-iam_test {
@infamousjoeg
infamousjoeg / Vagrantfile
Created Sep 21, 2020
GuixSD configuration for testing summon and summon-conjur for Guix in Vagrant
View Vagrantfile
# Run the following command in the root directory where
# this Vagrantfile is located:
# $ git clone https://github.com/ryanprior/guix-packages.git
Vagrant.require_version ">= 2.1.3"
Vagrant.configure("2") do |config|
config.vm.box = "palfrey/guixsd"
config.vm.synced_folder ".", "/vagrant", disabled: true
config.vm.provision "file", source: "./guix-packages", destination: "$HOME/guix-packages"
end
@infamousjoeg
infamousjoeg / conjurAPISchema.json
Created Sep 17, 2020
Conjur/DAP API Schema for API Gateway Import
View conjurAPISchema.json
{
"info": {
"_postman_id": "676230f3-7895-4a35-a20f-57bd846e1a92",
"name": "CyberArk REST API [PUBLIC]",
"description": "All available requests in CyberArk Privileged Account Security Web Services for All Versions\n\n**Last Updated Version:** v11.6\n\n# THIS IS UNOFFICIAL DOCUMENTATION\n\n## New Features & Additions\n\n* Initial documentation of CyberArk's IDaptive Identity Platform API is available within the \"IDaptive Identity Platform\" folder.\n\nHappy automating!\n\n## Getting Started Guide\n\n[Getting Started with REST Using Postman](https://github.com/infamousjoeg/CyberArk-RESTAPI/blob/master/Getting%20Started%20with%20REST%20Using%20Postman.pdf) (PDF)\n\n## Community Tools\n\n* [psPAS](https://github.com/pspete/psPAS) - PowerShell Module for CyberArk's REST API\n* [CredentialRetriever](https://github.com/pspete/CredentialRetriever) - PowerShell Module for CyberArk's Application Access Manager (AAM)\n* [pyAIM](https://github.com/infamousjoeg/pyAIM) - Python Client Library for CyberArk's Applica
@infamousjoeg
infamousjoeg / HummusByChefKameel.md
Last active Jul 2, 2020
Chef Kameel's, of Aviva by Kameel, Hummus Recipe
View HummusByChefKameel.md
@infamousjoeg
infamousjoeg / samlAuthn.ps1
Last active Oct 27, 2020
An example of how to authenticate CyberArk PAS REST API using SAML **CUSTOMER CONTRIBUTED & UNTESTED**
View samlAuthn.ps1
try {
$webresp = Invoke-WebRequest "https://pvwa.example.com/PasswordVault/auth/saml/" -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing
} catch {
$_.Exception.Response.StatusCode.Value__
}
try {
$samlresp = Invoke-WebRequest -Uri ($webresp.links.href) -MaximumRedirection 1 -UseDefaultCredentials -UseBasicParsing
} catch {
$_.Exception.Response.StatusCode.Value__
}
View gist:c9c16c2a98c5142cdcc42677b1c88740

Homebrew Formula for a Go app

These are quick notes from making my own Formula and Tap.

Add go build script to your Git repo

gobuild.sh

#!/bin/bash
@infamousjoeg
infamousjoeg / enableTLS.ps1
Created Apr 14, 2020
Force PowerShell to permanently use TLS and not SSL by "Enabling Strong Cryptography"
View enableTLS.ps1
# Open PowerShell as Administrator and check the current enabled protocols
[Net.ServicePointManager]::SecurityProtocol
# When I ran this, my output was:
# sslv2, tls
# Set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
# Set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
@infamousjoeg
infamousjoeg / backup.sh
Last active Apr 7, 2020
CyberArk Conjur Shell Scripts used by Security Services
View backup.sh
#!/bin/bash
RETENTION_DAYS=30
if [[ "$(curl -k https://localhost/info)" == *"\"role\": \"master\""* ]];then
# delete backups older than 30 days
find /opt/conjur/backup -maxdepth 1 -type f -mtime +$RETENTION_DAYS -print | grep Z.tar.xz.gpg | xargs /bin/rm -f
# run the backup
docker exec dap evoke backup
fi
@infamousjoeg
infamousjoeg / setgetsecret.sh
Created Apr 1, 2020
Script to Set/Get secret variables in CyberArk Conjur & DAP - By: @jodyhuntatx
View setgetsecret.sh
#!/bin/bash
# Authenticates as a user and gets or sets value of a specified variable.
# If you set the environment variables AUTHN_USERNAME and AUTHN_PASSWORD
# to appropriate values, you can avoid having to enter the admin username
# and password every time this script runs.
# Note that 'set' does not correctly handle values containing whitespace.
CONJUR_APPLIANCE_URL=""
CONJUR_ACCOUNT=""
@infamousjoeg
infamousjoeg / AAMCP-GetPassword.cs
Created Jan 17, 2020
CyberArk AAM Credential Provider - Using CLIPasswordSDK.exe in .NET Core
View AAMCP-GetPassword.cs
public class ValuesController : ControllerBase
{
public ActionResult<string> Get()
{
using (var process = new Process())
{
process.StartInfo.FileName = @"C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe";
process.StartInfo.Arguments = @"GetPassword /p AppDescs.AppID=""AppId"" /p Query=""Safe=SafeName;Username=Username"" /p RequiredProps=* /o Address,Username";
process.StartInfo.CreateNoWindow = true;
process.StartInfo.UseShellExecute = false;
You can’t perform that action at this time.