Skip to content

Instantly share code, notes, and snippets.

View kmcquade's full-sized avatar

Kinnaird McQuade kmcquade

337 followers · 286 following
View GitHub Profile
@kmcquade
kmcquade / get_aws_profile_keys.py
Created December 6, 2018 16:03
Simple python script to grab profile-specific keys from aws credentials file for environment variables export
#!/usr/bin/python2.7
import ConfigParser
import os
import sys
from os.path import expanduser
config = ConfigParser.RawConfigParser()
# credentials_file: The file where this script will grab the temp creds
credentials_file = '/.aws/credentials'
@kmcquade
kmcquade / ecr-registry-enforcement.json
Last active May 29, 2022 17:13
The Policy below prevents the account from self-managing container images. Users and Roles in the account cannot upload any container images unless the registry is owned by an approved ECR account ID.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PreventSelfManagedImages",
"Action": [
"ecr:BatchDeleteImage",
"ecr:CompleteLayerUpload",
"ecr:Create*",
"ecr:Delete*",
@kmcquade
kmcquade / install-firing-range.sh
Created May 12, 2022 19:15 — forked from ianmuscat/install-firing-range.sh
#!/bin/bash
# Clone the Firing Range Repository
git clone https://github.com/google/firing-range.git
# Change to 'firing-range' directory
cd firing-range
# Download the AppEngine SDK
wget https://storage.googleapis.com/appengine-sdks/featured/appengine-java-sdk-1.9.23.zip
@kmcquade
kmcquade / zap-template-question.yaml
Created May 28, 2021 18:00
--- # OWASP ZAP automation configuration file, for more details see https://www.zaproxy.com/docs/(TBA)
env: # The environment, mandatory
contexts: # List of 1 or more contexts, mandatory
- name: context 1 # Name to be used to refer to this context in other jobs, mandatory
url: http://demo.testfire.net/ # The top level url, mandatory, everything under this will be included
includePaths: # TBA: An optional list of regexes to include
excludePaths: # TBA: An optional list of regexes to exclude
authentication: # TBA: In time to cover all auth configs
parameters:
failOnError: true # If set exit on an error
@kmcquade
kmcquade / risky-actions-example.yml
Created December 10, 2021 18:06
Explanation for a vendor on a potential way to represent risky action combinations for their product via yaml
###
# Format is below
#
# risk-name:
# target-name: # AND logic
# - service:actionName
# - service:act*
#
####
# List of high priority resource exposure actions here: https://gist.github.com/kmcquade/3161a6737285dc0508a9fa3446e22090
@kmcquade
kmcquade / Resource Exposure Actions.md
Last active December 2, 2021 20:49

IAM Actions that can expose resources via Resource Based Policies

ACM Private CAs:

CloudWatch Logs:

  • logs:PutResourcePolicy: Creates or updates a resource policy allowing other AWS services to put log events to this account
  • logs:DeleteResourcePolicy: Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account.
@kmcquade
kmcquade / PreventMarketplaceImages.json
Last active October 27, 2021 14:19
Testing this out with AWS
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*::image/ami-*",
"Condition": {
"StringNotEquals": {
@kmcquade
kmcquade / sensitive-aws-api-calls.json
Created April 23, 2021 20:21
{
"Statement": [
{
"Action": [
"appsync:ListApiKeys",
"chatbot:*",
"codecommit:GetFile",
"codecommit:GetCommit",
"codecommit:GetDifferences",
"codepipeline:PollForJobs",
@kmcquade
kmcquade / jetbrains-live-templates.md
Last active September 22, 2021 19:14
My Intellij Live Templates || VSCode Code snippets for Terraform
@kmcquade
kmcquade / requirements.txt
Created September 20, 2021 18:01
Run Terraform get recursively using python-terraform
python_terraform==0.10.1