SyeedHasan

{
  "schemaVersion": "1.0",
  "description": "Document to hold regional settings for Session Manager",
  "sessionType": "Standard_Stream",
  "inputs": {
    "s3BucketName": "DOC-EXAMPLE-BUCKET",
    "s3KeyPrefix": "MyBucketPrefix",
    "s3EncryptionEnabled": true,
    "cloudWatchLogGroupName": "MyLogGroupName",
    "cloudWatchEncryptionEnabled": true,

SyeedHasan

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel",

SyeedHasan

Generic Commands

Checking Kernel release: uname -r

Checking Kernel version: uname -v

Commands to Acquire Memory

Here's a list of commands which you may execute to acquire memory from a *UNIX system:\

---

SyeedHasan

Splitting a PCAP

To divide a PCAP into chunks of 200MB:
tcpdump -r inputPcap.pcap -w outputPcap.pcap -C 200

Wireshark Helpers

capinfos.exe: This prints information about trace files
dumpcap.exe: This captures packets and saves to a libpcap format file
editcap.exe: This splits a trace file, alters timestamps, and removes duplicate packets
mergecap.exe: This merges two or more packet files into one file
rawshark.exe: This reads a stream of packets and prints field descriptions\

SyeedHasan

Acquiring TLS Certificates from Shodan

1. Head to the Raw Version of the report
2. Go to the SSL section
   2A. Use the 'cert' section to retrieve fingerprints of the certificate (SHA1/MD5 of the certificate in DER format)
   2B. Use the 'chain' section to retrieve the certificate in PEM (might require some form of cleaning before its usable)

Creation of an X509 Certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Decode Certificate to Text

SyeedHasan

Winlogbeat Custom Template Naming

Steps

1. Update the 'index' field in output.elasticsearch [e.g. win-host-%{yyyy-mm-dd}]
2. Update the 'setup.template.name' and 'setup.template.pattern' accordingly [e.g., win- and win-*]
3. Disable ILM because custom template naming won't work if this is enabled i.e., setup.ilm.enabled: false
4. Load the custom template: .\winlogbeat.exe setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=["192.168.18.110:1337"]'
5. Restart the winlogbeat service

SyeedHasan

Display all mounted folders [VMWare]

sudo vmhgfs-fuse .host:/ /mnt/hgfs/ -o allow_other -o uid=1000

Source: https://askubuntu.com/questions/74825/why-dont-shared-files-show-up-in-hgfs

SyeedHasan

Github Flavored Markdown (GFMD) is based on Markdown Syntax Guide with some overwriting as described at Github Flavored Markdown

Text Writing

It is easy to write in GFMD. Just write simply like text and use the below simple "tagging" to mark the text and you are good to go!

To specify a paragraph, leave 2 spaces at the end of the line

Headings

SyeedHasan

Importing Dashboards in ELK

1. Visit 'Stack Management'
2. Head to 'Saved Objects'
3. Import the NDJSON file for the objects/dashboard you wish to add
4. Confirm the import

'Requested Entity Too Large' During Imports

Max upload size is restricted in Kibana or a reverse proxy (if you have any). Head to Kibana's configuration and increase the 'maxPayloadSize' key to a larger value. Similarly, if you use Nginx, add the following line to your configuration file to increase the max body size:

SyeedHasan

#!/usr/bin/env python

"""
2020 update:
- More iterators, fewer lists
- Python 3 compatible
- Processes files in parallel
(one thread per CPU, but that's not really how it works)

"""