Skip to content

Instantly share code, notes, and snippets.

View FakeApate's full-sized avatar

Sam Imboden FakeApate

  • Switzerland
View GitHub Profile
@FakeApate
FakeApate / install_tor.sh
Last active July 19, 2025 08:45
#!/usr/bin/env bash
# install_tor.sh — Install Tor from the official Tor Project repository
set -euo pipefail
IFS=$'\n\t'
# Ensure we're running as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root (e.g. sudo $0)"
exit 1
@FakeApate
FakeApate / iris-sentinel.md
Last active May 14, 2025 20:21

Get incident

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}?api-version=2025-03-01

Reference: https://learn.microsoft.com/en-us/rest/api/securityinsights/incidents/get?view=rest-securityinsights-2025-03-01

Iris hooks

https://docs.dfir-iris.org/development/hooks/

  • on_postload_case_create: Triggered upon user action
  • on_manual_trigger_case: Triggered on case creation, after commit in DB
@FakeApate
FakeApate / irp.txt
Last active May 13, 2025 20:47
https://winreg-kb.readthedocs.io/en/latest/index.html
https://www.incidentresponse.com/mini-sites/playbooks/
https://github.com/certsocietegenerale/IRM/tree/main/EN
https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan
https://addons.mozilla.org/en-US/firefox/addon/soc-multi-tool/
https://ericzimmerman.github.io/#!index.md
https://csrc.nist.gov/pubs/sp/800/61/r3/final