| layout | author | title | revision | version | description |
|---|---|---|---|---|---|
default |
mattmc3 |
Modern SQL Style Guide |
2019-01-17 |
1.0.1 |
A guide to writing clean, clear, and consistent SQL. |
Mehmet E. Cyb3r-Monk
Cyb3r-Monk
/ GraphPlotly.kql
Created
February 28, 2024 17:07
— forked from cosh/GraphPlotly.kql
A stored function that uses the evaluate python operator to execute a Python script that uses the plotly, networkx and pandas libraries to create a plotly viz object from the input tables. The function also adds some styling and annotations to the graph object, such as colors, sizes, hover texts, etc. It uses the replace_string function to inser…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .create-or-alter function with (skipvalidation = "true") VisualizeGraphPlotly( | |
| E:(sourceId:long,targetId:long), N:(nodeId:long), | |
| pLayout:string="spring_layout", pColorscale:string="Picnic", pTitle:string="Happy kraphing!") { | |
| let pythonCodeBlueprint = ``` | |
| import numpy as np | |
| import pandas as pd | |
| import plotly.graph_objects as go | |
| import networkx as nx | |
| G = nx.Graph() |
Cyb3r-Monk
/ bin2c.py
Created
October 29, 2022 20:28
— forked from OtterHacker/bin2c.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Transform a binary file into a C header file. | |
| The binary file is splitted into 16 char strings and rebuild at execution time. | |
| The function buildsc() must be called in your main to rebuild the binary file into the sc C variable. | |
| The length is set in the sc_length variable. | |
| Be carefull, try to avoid compiler code optimization as it will remove all these modifications in the final binary. | |
| """ |
Cyb3r-Monk
/ ExportOffice365user.ps1
Created
October 18, 2022 15:07
— forked from CCOSTAN/ExportOffice365user.ps1
Powershell commands for export Azure AD and import into local AD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import office 365 session | |
| $UserCredential = Get-Credential | |
| $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection | |
| Import-PSSession $Session | |
| #connect Azure AD | |
| Connect-MsolService -Credential $UserCredential | |
| #Random password generator | |
| Function random-password ($length = 8) |
Cyb3r-Monk
/ modern_sql_style_guide.md
Created
September 1, 2022 12:00
— forked from mattmc3/modern_sql_style_guide.md
Modern SQL Style Guide
Cyb3r-Monk
/ zipfs_law_threat_hunting.py
Created
August 30, 2022 11:52
— forked from dtrizna/zipfs_law_threat_hunting.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime, timedelta | |
| from os import path | |
| import sqlite3 | |
| import time | |
| import json | |
| # =================== | |
| # DATABASE OPERATIONS | |
| # =================== | |
| def sqlite_instantiate(dbconfig, table="hashes"): |
Cyb3r-Monk
/ KerberosCorrelation.ipynb
Created
July 18, 2022 13:55
— forked from jsecurity101/KerberosCorrelation.ipynb
Kerberos Detection/Investigation
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Cyb3r-Monk
/ log-forwarding-with-etw.ps1
Created
June 9, 2021 14:56
— forked from ajpc500/log-forwarding-with-etw.ps1
Quick-and-dirty PowerShell script to install Sysmon (SwiftOnSecurity config), SilkService and Winlogbeat, and forward logs to HELK based on IP set in environment variable "HELK_IP" (see Line 233).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $wc = New-Object System.Net.WebClient | |
| if (!(Test-Path "C:\Tools")) { | |
| New-Item -Path "C:\" -Name "Tools" -ItemType "directory" | |
| } | |
| # SYSMON | |
| # Download Sysmon | |
| $SysmonDirectory = "C:\Tools\Sysmon\" |
Cyb3r-Monk
/ folder-structure.md
Created
June 3, 2021 16:46
— forked from ryanflorence/folder-structure.md
While this gist has been shared and followed for years, I regret not giving more background. It was originally a gist for the engineering org I was in, not a "general suggestion" for any React app.
Typically I avoid folders altogether. Heck, I even avoid new files. If I can build an app with one 2000 line file I will. New files and folders are a pain.
Cyb3r-Monk
/ EventDiff.ps1
Created
May 31, 2021 15:10
— forked from mgraeber-rc/EventDiff.ps1
Display only new event log events - I refer to this as event log differential analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Log the time prior to executing the action. | |
| # This will be used as parth of an event log XPath filter. | |
| $DateTimeBefore = [Xml.XmlConvert]::ToString((Get-Date).ToUniversalTime(), [System.Xml.XmlDateTimeSerializationMode]::Utc) | |
| # Do the thing now that you want to see potential relevant events surface... | |
| $null = Mount-DiskImage -ImagePath "$PWD\FeelTheBurn.iso" -StorageType ISO -Access ReadOnly | |
| # Allow a moment to allow events to populate | |
| Start-Sleep -Seconds 5 |
Cyb3r-Monk
/ RespondRansom.ps1
Created
July 25, 2020 12:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#snipped section#> | |
| #get events related to the honeyfolder. this time we are using eventId 4656. | |
| $events=Get-WinEvent -FilterHashtable @{LogName="Security"; Id = 4656; StartTime = [datetime]::Now.AddMinutes(-5)} |Where-Object -Property Message -Match 'honeyfolder' | Where-Object -Property Message -Match ('Read|DELETE|WriteData') -ErrorAction Stop | |
| <#snipped section#> | |
| #process Id is in hex format in EventID 4656, need to convert it to integer using [int]. | |
| foreach ($event in $events) { | |
| #parse the process Id. | |
| $processId=[int][regex]::Match($event.message,'Process\sID\:\s+(0x.+)\s').captures.groups[1].Value |
NewerOlder