Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View Neo23x0's full-sized avatar

Florian Roth Neo23x0

5.4k followers · 22 following
View GitHub Profile
@Neo23x0
Neo23x0 / thor-ts-converter.py
Created October 31, 2018 14:40
THOR Timestamp Injector (adds year to old SYSLOG format and create RFC3339 timestamp)
#!/bin/python3
import os
import sys
import argparse
import logging
import re
import platform
MONTHS = {
@Neo23x0
Neo23x0 / fix-sourcetree-git-secrets.sh
Created October 27, 2018 20:30
SourceTree git-secrets
#!/bin/bash
#
# Fixes error:
# git: 'secrets' is not a git command. See 'git --help'.
#
# 1. Go to SourceTree preferences > Git > Use System Git
# Select the system's git e.g. /usr/local/git/bin/git
# 2. Run this script
# Adust the path if your system's git is located in a different folder
# git-secrets must be linked in the same folder as the system's git binary
@Neo23x0
Neo23x0 / stringex.sh
Last active August 13, 2021 13:56
String Extraction / ASCII and Wide by @RobertHaist
Linux
(strings -a -td "$@" | sed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 A \2/' ; strings -a -td -el "$@" | sed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 W \2/') | sort -n
macOS
(gstrings -a -td "$@" | gsed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 A \2/' ; gstrings -a -td -el "$@" | gsed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 W \2/') | sort -n
@Neo23x0
Neo23x0 / fp-hashes.py
Last active March 10, 2020 14:25
Typical False Positive Hashes
# This GIST has been transformed into a Git repository and does not receive updates anymore
#
# Please visit the github repo to get a current list
# https://github.com/Neo23x0/ti-falsepositives/
# Hashes that are often included in IOC lists but are false positives
HASH_WHITELIST = [
# Empty file
'd41d8cd98f00b204e9800998ecf8427e',
'da39a3ee5e6b4b0d3255bfef95601890afd80709',
@Neo23x0
Neo23x0 / gist:4dffdbbc08595436f95a2d9dd06af6b2
Created June 19, 2018 14:36
Regex - Non-ASCII Characters
[^\x00-\x7E]
@Neo23x0
Neo23x0 / get_fs_type.go
Created June 14, 2018 17:29
Get File System Type
package main
import (
"fmt"
"os"
"syscall"
)
func main() {
if len(os.Args) != 2 {
@Neo23x0
Neo23x0 / vpnfilter-ua.rule
Last active May 19, 2019 03:14
Suricata rule - VPNFilter User Agent
alert http any any -> any any (msg:"VPNFilter malware User-Agent"; content:"Mozilla/6.1 (compatible|3B| MSIE 9.0|3B| Windows NT 5.3|3B| Trident/5.0)"; http_user_agent; sid:2; rev:1;)
@Neo23x0
Neo23x0 / send-logon-to-slack.sh
Last active January 9, 2018 14:47
Report user logons to a slack channel
#!/bin/bash
#
# Uses slack web hooks to report logons on SSH servers
# Webhooks: https://yourslack.slack.com/apps/A0F7XDUAZ-incoming-webhooks
# Add this script to /etc/profile or create a ~/.profile for a certain user
WEB_HOOK=your_slack_web_hook
hostname=$(hostname)
source=$(echo "$SSH_CONNECTION" | cut -d' ' -f 1)
geo=$(geoiplookup "$source")
@Neo23x0
Neo23x0 / OSX
Created December 12, 2017 18:25
Start Browsers Without Elliptic Curve Cipher Suites
open /Applications/Google\ Chrome.app --args --cipher-suite-blacklist=0x000a,0xc013,0xc014,0xc02b,0xc02c,0xc02f,0xc030,0xcca8,0xcca9
@Neo23x0
Neo23x0 / audit.rules
Last active January 13, 2024 14:12
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/