Kinnaird McQuade kmcquade

## config.json
{
    "agent": {
        "metrics_collection_interval": 60
    },
    "logs": {
        "logs_collected": {
            "files": {
                "collect_list": [
                    {
                        "file_path": "/home/ec2-user/shared-volume/zap.log",

## app.yaml
# .github/workflows/app.yaml
name: My Python Project
on: push

jobs:
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 10

    services:

## clean_old_lambda_versions.py
from __future__ import absolute_import, print_function, unicode_literals
import boto3


def clean_old_lambda_versions():
    client = boto3.client('lambda')
    functions = client.list_functions()['Functions']
    for function in functions:
        versions = client.list_versions_by_function(FunctionName=function['FunctionArn'])['Versions']
        for version in versions:

## jellyfin-openapi-stable.json
{
  "openapi": "3.0.1",
  "info": {
    "title": "Jellyfin API",
    "version": "10.8.12",
    "x-jellyfin-version": "10.8.12"
  },
  "servers": [
    {
      "url": "http://localhost"

## dvws-node-swagger.json
{
  "openapi": "3.0.1",
  "info": {
    "title": "DVWS API",
    "description": "API Used for DVWS Application",
    "version": "0.1"
  },
  "servers": [
    {
      "url": "http://dvws.local"

## pw_example.py
"""
Gmail doesn't work using regular recording. It will only work if you run the recording script and then wrap the recorded script in this
"""

from playwright.sync_api import Playwright, sync_playwright, expect
from playwright._impl._api_types import Error as PlaywrightError


def run(pw: Playwright) -> None:
    args = [

## ldbdump.py
#!/usr/bin/python3

# ldbdump - dumps LevelDB keys/values
#
# a LevelDB is a dir with files such a these:
# 000050.ldb  000100.log  CURRENT  LOCK  LOG  MANIFEST-000099
#
# sources: https://github.com/tos-kamiya/levelobjdb dump()

import os

## install-firing-range.sh
#!/bin/bash

# Clone the Firing Range Repository
git clone https://github.com/google/firing-range.git

# Change to 'firing-range' directory
cd firing-range

# Download the AppEngine SDK
wget https://storage.googleapis.com/appengine-sdks/featured/appengine-java-sdk-1.9.23.zip

## risky-actions-example.yml
###
# Format is below
#
# risk-name:
#   target-name:  # AND logic
#     - service:actionName
#     - service:act*
#
####
# List of high priority resource exposure actions here: https://gist.github.com/kmcquade/3161a6737285dc0508a9fa3446e22090

## Resource Exposure Actions.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                kmcquade
                / Resource Exposure Actions.md
            
            
              Last active
              December 2, 2021 20:49
            
          
    IAM Actions that can expose resources via Resource Based Policies

ACM Private CAs:

acm-pca:PutPolicy: Puts a policy on an ACM Private CA.
acm-pca:DeletePolicy: Deletes the policy for an ACM Private CA.

CloudWatch Logs:

logs:PutResourcePolicy: Creates or updates a resource policy allowing other AWS services to put log events to this account
logs:DeleteResourcePolicy: Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account.
	{
	"agent": {
	"metrics_collection_interval": 60
	},
	"logs": {
	"logs_collected": {
	"files": {
	"collect_list": [
	{
	"file_path": "/home/ec2-user/shared-volume/zap.log",
	# .github/workflows/app.yaml
	name: My Python Project
	on: push

	jobs:
	test:
	runs-on: ubuntu-latest
	timeout-minutes: 10

	services:
	from __future__ import absolute_import, print_function, unicode_literals
	import boto3


	def clean_old_lambda_versions():
	client = boto3.client('lambda')
	functions = client.list_functions()['Functions']
	for function in functions:
	versions = client.list_versions_by_function(FunctionName=function['FunctionArn'])['Versions']
	for version in versions:
	{
	"openapi": "3.0.1",
	"info": {
	"title": "Jellyfin API",
	"version": "10.8.12",
	"x-jellyfin-version": "10.8.12"
	},
	"servers": [
	{
	"url": "http://localhost"
	{
	"openapi": "3.0.1",
	"info": {
	"title": "DVWS API",
	"description": "API Used for DVWS Application",
	"version": "0.1"
	},
	"servers": [
	{
	"url": "http://dvws.local"
	"""
	Gmail doesn't work using regular recording. It will only work if you run the recording script and then wrap the recorded script in this
	"""

	from playwright.sync_api import Playwright, sync_playwright, expect
	from playwright._impl._api_types import Error as PlaywrightError


	def run(pw: Playwright) -> None:
	args = [
	#!/usr/bin/python3

	# ldbdump - dumps LevelDB keys/values
	#
	# a LevelDB is a dir with files such a these:
	# 000050.ldb 000100.log CURRENT LOCK LOG MANIFEST-000099
	#
	# sources: https://github.com/tos-kamiya/levelobjdb dump()

	import os
	#!/bin/bash

	# Clone the Firing Range Repository
	git clone https://github.com/google/firing-range.git

	# Change to 'firing-range' directory
	cd firing-range

	# Download the AppEngine SDK
	wget https://storage.googleapis.com/appengine-sdks/featured/appengine-java-sdk-1.9.23.zip
	###
	# Format is below
	#
	# risk-name:
	# target-name: # AND logic
	# - service:actionName
	# - service:act*
	#
	####
	# List of high priority resource exposure actions here: https://gist.github.com/kmcquade/3161a6737285dc0508a9fa3446e22090