Skip to content

Instantly share code, notes, and snippets.

Avatar
👨‍💻
Doing stuff

Alexandre Dulaunoy adulau

👨‍💻
Doing stuff
View GitHub Profile
@adulau
adulau / ms_threat_actor_taxonomy_to_misp_format.py
Last active April 20, 2023 15:05 — forked from botlabsDev/ms_threat_actor_taxonomy_to_misp_format.py
Microsoft threat actory taxonomy to misp format converter
View ms_threat_actor_taxonomy_to_misp_format.py
import uuid
from pprint import pprint
import json
import requests
# https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
# https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/
@adulau
adulau / bts-misp.md
Last active January 27, 2023 08:37
BTS MISP
View bts-misp.md

BTS - MISP and Threat Intelligence Introduction

From 9:30 to 12:00 CET (a small break is foreseen)

Short url: https://tinyurl.com/BTS-MISP2

Agenda

  • MISP Introduction and history
  • MISP data model
@adulau
adulau / time-to-query-api-nvd.md
Created January 1, 2023 10:34
Time to query the API v2.0 of NVD NIST
View time-to-query-api-nvd.md

Getting CPEs

adulau@maurer:~$ curl -w "@curl-format.txt" -o /dev/null -s "https://services.nvd.nist.gov/rest/json/cpes/2.0/?resultsPerPage=20&startIndex=0"
     time_namelookup:  0,120529s
        time_connect:  0,225630s
     time_appconnect:  0,386989s
    time_pretransfer:  0,387033s
       time_redirect:  0,000000s
 time_starttransfer: 5,810461s
View cornell-notes-template.tex
\documentclass[a4paper]{article}
\pagestyle{plain}
\usepackage{calc}
\usepackage[top=0.25in,bottom=0.75in,left=0.5in,right=0.5in]{geometry}
\usepackage{tikz}
\newlength{\wholeboxwd}
\setlength{\wholeboxwd}{0.99\textwidth}
\newlength{\wholeboxht}
\setlength{\wholeboxht}{0.95\textheight}
View keybase.md

Keybase proof

I hereby claim:

  • I am adulau on github.
  • I am adulau (https://keybase.io/adulau) on keybase.
  • I have a public key whose fingerprint is 6BB5 6353 1D99 F112 4C00 8C4F 815D 4786 1ECB 73D5

To claim this, I am signing this object:

View sample-dnstap-decoded.json
{
"identity": "recursive-5003",
"qname": "www.aboil.info.",
"rrtype": "A",
"query-ip": "127.0.0.1",
"query-port": 34882,
"response-ip": "127.0.0.1",
"response-port": 5003,
"latency": 0.027,
"message": "CLIENT_RESPONSE",
@adulau
adulau / commoncrawl.md
Created June 25, 2022 13:33
Notes for commoncrawl
View commoncrawl.md
@adulau
adulau / hockeypuck-key-removed.md
Created May 27, 2022 07:59
How to remove keys from Hockeypuck OpenPGP key server
View hockeypuck-key-removed.md

How to remove keys from Hockeypuck OpenPGP key server

  • First find the Hockeypuck hash of the key(s) to be removed via the web search of your key server instance;
  • On the index, copy the hash value (Hash=HASHVALUE) (it's the hex representation of MD5);
  • Connect to the PostgreSQL interface of your Hockeypuck server;
    • psql hkp
    • Find the corresponding keys from their hash value;
    • select rfingerprint from keys where md5 in ('HASHVALUE');
    • This will return the corresponding fingerprints;
  • Then delete the associated sub-keys;
@adulau
adulau / trackers.txt
Created February 20, 2022 15:42
Know trackers
View trackers.txt
http://95.107.48.115:80/announce
http://agusiq-torrents.pl:6969/announce
http://asnet.pw:2710/announce
http://fxtt.ru:80/announce
http://grifon.info:80/announce
http://mgtracker.org:2710/announce
http://mgtracker.org:6969/announce
http://ns349743.ip-91-121-106.eu:80/announce
http://open.acgnxtracker.com:80/announce
http://pt.lax.mx:80/announce
@adulau
adulau / tor2web-list.md
Created January 21, 2022 08:46
Tor2web and tor proxies public list
View tor2web-list.md

Tor2web and tor proxies public list

List of services which are giving access to Tor network and especially Tor hidden services via web interface. We keep track of potential injection or abuse from such service (the column Scam).

List

Url Status Domain Log Techno Scam
https://onion.re/ UP onion.re full custom no