Skip to content

Instantly share code, notes, and snippets.

Avatar

Kinnaird McQuade kmcquade

View GitHub Profile
View zap-template.yaml
--- # OWASP ZAP automation configuration file, for more details see https://www.zaproxy.com/docs/(TBA)
env: # The environment, mandatory
contexts: # List of 1 or more contexts, mandatory
- name: context 1 # Name to be used to refer to this context in other jobs, mandatory
url: http://demo.testfire.net # The top level url, mandatory, everything under this will be included
includePaths: # TBA: An optional list of regexes to include
excludePaths: # TBA: An optional list of regexes to exclude
authentication: # TBA: In time to cover all auth configs
parameters:
failOnError: true # If set exit on an error
View zap-template-question.yaml
--- # OWASP ZAP automation configuration file, for more details see https://www.zaproxy.com/docs/(TBA)
env: # The environment, mandatory
contexts: # List of 1 or more contexts, mandatory
- name: context 1 # Name to be used to refer to this context in other jobs, mandatory
url: http://demo.testfire.net/ # The top level url, mandatory, everything under this will be included
includePaths: # TBA: An optional list of regexes to include
excludePaths: # TBA: An optional list of regexes to exclude
authentication: # TBA: In time to cover all auth configs
parameters:
failOnError: true # If set exit on an error
@kmcquade
kmcquade / original.conf
Last active May 15, 2021
ZAP Full scan config
View original.conf
# zap-full-scan rule configuration file
# Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches
# Active scan rules set to IGNORE will not be run which will speed up the scan
# Only the rule identifiers are used - the names are just for info
# You can add your own messages to each rule by appending them after a tab on each line.
0 WARN (Directory Browsing - Active/release)
10003 WARN (Vulnerable JS Library - Passive/release)
10010 WARN (Cookie No HttpOnly Flag - Passive/release)
10011 WARN (Cookie Without Secure Flag - Passive/release)
10015 WARN (Incomplete or No Cache-control Header Set - Passive/release)
View nuke-azure.tf
resource "null_resource" "nuke" {
# Because we set this to timestamp, it *always* runs :D
triggers = {
party_like_its_jan_1_1970 = timestamp()
}
provisioner "local-exec" {
command = <<EOF
for sub in `az account list | jq -r '.[].id'`; do \
for rg in `az group list --subscription $sub | jq -r '.[].name'`; do \
View nuke-azure.sh
#!/usr/bin/env bash
for sub in `az account list | jq -r '.[].id'`; do \
for rg in `az group list --subscription $sub | jq -r '.[].name'`; do \
az group delete --name ${rg} --subscription $sub --no-wait --yes; \
done; done;
View sensitive-aws-api-calls.json
{
"Statement": [
{
"Action": [
"appsync:ListApiKeys",
"chatbot:*",
"codecommit:GetFile",
"codecommit:GetCommit",
"codecommit:GetDifferences",
"codepipeline:PollForJobs",
View chatbot-iam-policy.json
{
"Statement": [
{
"Action": [
"appsync:ListApiKeys",
"chatbot:*",
"codecommit:GetFile",
"codecommit:GetCommit",
"codecommit:GetDifferences",
"cognito-idp:*",
@kmcquade
kmcquade / open-jira-ticket-v2.py
Created Mar 14, 2021
Revised script for Kittoh
View open-jira-ticket-v2.py
from jira import JIRA
import click
import getpass
ISSUE_SUMMARY = "Overly permissive AWS IAM Policies in use"
ISSUE_DESCRIPTION = """As part of our security assessment, our team ran Cloudsplaining on your AWS account.
Cloudsplaining maps out the IAM risk landscape in a report, identifies where resource ARN constraints are not used, and
identifies other risks in IAM policies like Privilege Escalation, Data Exfiltration, and Resource Exposure.
View resume.json
{
"basics": {
"email": "kinnairdm@gmail.com",
"image": "https://avatars.githubusercontent.com/u/3422255?s=400\u0026u=3aa6c1944134c93d3eb1500028e54826ce561f7f\u0026v=4",
"label": "Lead Security Engineer",
"location": {
"city": "San Francisco",
"countryCode": "US",
"region": "California"
},
View iam-role-enumeration.md

This only works when you have the victim account ID. For this example, let's say that the victim account ID is 999988887777.

Create a test role

First, create a role that we can use for this demo. This role is in your own account.

aws iam create-role --role-name test-enumeration \
    --assume-role-policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": "ec2.amazonaws.com"},"Action": "sts:AssumeRole"}]}'