Skip to content

Instantly share code, notes, and snippets.

🦠
I'm really good at keeping secrets quarantined.

Joe Garcia infamousjoeg

🦠
I'm really good at keeping secrets quarantined.
View GitHub Profile
@infamousjoeg
infamousjoeg / HummusByChefKameel.md
Last active Jul 2, 2020
Chef Kameel's, of Aviva by Kameel, Hummus Recipe
View HummusByChefKameel.md
@infamousjoeg
infamousjoeg / CYBRAutomation.md
Last active Jun 9, 2020
CyberArk Automation - Greatest Hits!
View CYBRAutomation.md
@infamousjoeg
infamousjoeg / samlAuthn.ps1
Last active Jun 9, 2020
How to authenticate CyberArk PAS REST API using SAML
View samlAuthn.ps1
$webresp = Invoke-WebRequest "https://pvwa.example.com/PasswordVault/auth/saml/" -MaximumRedirection 0 -ErrorAction SilentlyContinue -UseBasicParsing
$samlresp = Invoke-WebRequest -Uri ($webresp.links.href) -MaximumRedirection 1 -UseDefaultCredentials -UseBasicParsing
If ($samlresp.InputFields[0].name -eq "SAMLResponse"){
$SamlToken = $samlresp.InputFields[0].value
Write-Host $SamlToken
## This Base64-encoded SamlToken is what to place as SAMLResponse URL parameter value in
## https://pvwa.example.com/PasswordVault/api/auth/saml/logon?concurrentSession=false&apiUse=true&SAMLResponse={SAMLToken}
## API Documentation: https://cybr.rocks/RESTAPI#e5e62e2a-b68b-48ad-ab08-245bb68e5764
@infamousjoeg
infamousjoeg / ccp-bash.sh
Last active May 28, 2020
AIM CCP REST - Bash Example
View ccp-bash.sh
#!/bin/bash
BASEURL="https://pvwa.cyberark.local"
APPID="RESTExamples"
SAFE="T-APP-CYBR-RESTAPI"
FOLDER="Root"
OBJECTNAME="Database-MicrosoftSQLServer-sql01.cyberark.local-Svc_BambooHR"
PASSWORD = wget --quiet \
--method GET \
@infamousjoeg
infamousjoeg / awxinstallopenshift.sh
Created May 2, 2018
Install Ansible AWX in OpenShift
View awxinstallopenshift.sh
mkdir Tower
cd Tower/
git clone https://github.com/ansible/awx.git
cd awx
cd installer/
#vi inventory
-# openshift_host=127.0.0.1:8443
-# awx_openshift_project=awx
-# openshift_user=developer
View gist:c9c16c2a98c5142cdcc42677b1c88740

Homebrew Formula for a Go app

These are quick notes from making my own Formula and Tap.

Add go build script to your Git repo

gobuild.sh

#!/bin/bash
@infamousjoeg
infamousjoeg / enableTLS.ps1
Created Apr 14, 2020
Force PowerShell to permanently use TLS and not SSL by "Enabling Strong Cryptography"
View enableTLS.ps1
# Open PowerShell as Administrator and check the current enabled protocols
[Net.ServicePointManager]::SecurityProtocol
# When I ran this, my output was:
# sslv2, tls
# Set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
# Set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
@infamousjoeg
infamousjoeg / backup.sh
Last active Apr 7, 2020
CyberArk Conjur Shell Scripts used by Security Services
View backup.sh
#!/bin/bash
RETENTION_DAYS=30
if [[ "$(curl -k https://localhost/info)" == *"\"role\": \"master\""* ]];then
# delete backups older than 30 days
find /opt/conjur/backup -maxdepth 1 -type f -mtime +$RETENTION_DAYS -print | grep Z.tar.xz.gpg | xargs /bin/rm -f
# run the backup
docker exec dap evoke backup
fi
@infamousjoeg
infamousjoeg / setgetsecret.sh
Created Apr 1, 2020
Script to Set/Get secret variables in CyberArk Conjur & DAP - By: @jodyhuntatx
View setgetsecret.sh
#!/bin/bash
# Authenticates as a user and gets or sets value of a specified variable.
# If you set the environment variables AUTHN_USERNAME and AUTHN_PASSWORD
# to appropriate values, you can avoid having to enter the admin username
# and password every time this script runs.
# Note that 'set' does not correctly handle values containing whitespace.
CONJUR_APPLIANCE_URL=""
CONJUR_ACCOUNT=""
@infamousjoeg
infamousjoeg / protectCredential.ps1
Last active Feb 5, 2020
Protecting Credentials Retrieved using @cyberark AAM Credential Providers in PowerShell Scripts [Recommended Best Practice]
View protectCredential.ps1
# Import the modules to be used
Import-Module psPAS # https://github.com/pspete/psPAS
Import-Module CredentialRetriever # https://github.com/pspete/CredentialRetriever
# Before login, we'll request the credentials from AAM and immediately pass the PSCredential object for secure login
New-PASSession -BaseURI https://pvwa.joegarcia.dev -Credential $(Get-CCPCredential -URL https://pvwa.joegarcia.dev -AppID ApplicationID -Safe SafeName -UserName ServiceManagerUser).ToCredential() -type LDAP
# Do stuff here...
# Finally,
You can’t perform that action at this time.