Skip to content

Instantly share code, notes, and snippets.

View MSAdministrator's full-sized avatar
💭
Building Thangs

Josh Rickard MSAdministrator

💭
Building Thangs
View GitHub Profile
@MSAdministrator
MSAdministrator / README.md
Created July 6, 2023 16:11
Go ETL Code Review

Go ETL Code Review

The goal of this exercise is to have the candidate call out issues with a simulated pull request creating a new ETL application.

A good code review reference: https://www.morling.dev/blog/the-code-review-pyramid/

Functional Requirements

  • Continuously receive messages from an at-least-once delivery message queue
$methods = @('Get-AttckTool', 'Get-AttckTechnique', 'Get-AttckTactic', 'Get-AttckMitigation', 'Get-AttckMalware', 'Get-AttckActor')
foreach ($method in $methods){
$properties = @('Name', 'Id')
foreach ($prop in $properties){
${"($method)NameScriptBlock"} = {
param($commandName, $parameterName, $wordToComplete, $commandAst, $fakeBoundParameters)
(& $method)."$prop".ForEach({
@MSAdministrator
MSAdministrator / download_malware_samples.py
Created January 7, 2022 02:33
Download Malicious Files from malware-traffic-analysis.net
import os
import requests
from bs4 import BeautifulSoup
import time
import re
import io
from zipfile import ZipFile
EXTENSION_LIST = [
@MSAdministrator
MSAdministrator / Phishing.md
Last active September 22, 2020 01:56
Night Time Readings of Phishing Emails
@MSAdministrator
MSAdministrator / mitre_att&ck_json_data_format_explanation.md
Created March 1, 2020 03:53
Explanation of the MITRE ATT&CK Data Format

MITRE ATT&CK Data Format

The MITRE ATT&CK JSON file is a flat JSON structure which is difficult to parse. To parse this JSON file, there are several different approaches but the type key is the, well, key!

The types within this JSON are the following (as well as the common wording used for this type):

  • attack-pattern (Techniques)
  • relationship (This is a unique type that contains relationships between types)
  • course-of-action (Mitigations)
  • identity (unused)
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active December 6, 2024 08:14
Iranian APT Groups & Possible Commands Used By These Groups

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@MSAdministrator
MSAdministrator / Confirm-DateTimeFormatPattern.ps1
Created February 11, 2018 20:12
Confirm if a date time format pattern is valid or not
<#
.Synopsis
Confirm if a date time format pattern is valid or not
.DESCRIPTION
Confirm if a date time format pattern is valid or not
based on the current culture on the machine that this function
is being ran on
.EXAMPLE 1
@MSAdministrator
MSAdministrator / Get-TargetedWinEvent.ps1
Created January 10, 2018 18:00 — forked from jasonadsit/Get-TargetedWinEvent.ps1
Get-TargetedWinEvent.ps1
function Get-TargetedWinEvent {
<#
.SYNOPSIS
Searches Windows logs for events related to specific Event IDs or EventData.Data values
.DESCRIPTION
Searches Windows logs for events related to specific Event IDs or EventData.Data values
Supports searching offline/exported evt/evtx files as well as online machines
.PARAMETER SearchTerm
EventData.Data property value to search for
@MSAdministrator
MSAdministrator / Convert-SabaToCampus.ps1
Created September 1, 2017 13:31
Convert-SabaToCampus Script
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE
@MSAdministrator
MSAdministrator / Convert-SabaToCampus2ndIssue.ps1
Created July 22, 2017 20:51
Convert-SabaToCampus2ndIssue
<#
.Synopsis
This function will convert a Saba CSV for University Campus
.DESCRIPTION
This function will import a CSV, modify the values, and export it to a new CSV.
We rename the following headers:
Person EMPID to EMPID
Completed Courses (Transcript) Ended/Completed On Date to Completed On Date
Course Course ID to Course ID
.EXAMPLE