Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Christopher Ashby ashbyca

🎯
Focusing
View GitHub Profile
View Keybase.md

Keybase proof

I hereby claim:

  • I am ashbyca on github.
  • I am ashby (https://keybase.io/ashby) on keybase.
  • I have a public key whose fingerprint is B966 BDF6 C4FE DDCF BE6B 6F93 AD9B DB92 3F8C 42BD

To claim this, I am signing this object:

View 00-header
#!/bin/sh
#
# 00-header - create the header of the MOTD
# Copyright (c) 2013 Nick Charlton
# Copyright (c) 2009-2010 Canonical Ltd.
#
# Authors: Nick Charlton <hello@nickcharlton.net>
# Dustin Kirkland <kirkland@canonical.com>
#
# This program is free software; you can redistribute it and/or modify
@ashbyca
ashbyca / 10-sysinfo
Last active Sep 10, 2019
10-sysinfo
View 10-sysinfo
#!/bin/bash
#
# 10-sysinfo - generate the system information
# Copyright (c) 2013 Nick Charlton
#
# Authors: Nick Charlton <hello@nickcharlton.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
View 90-footer
View ip-context-menu.xml
<?xml version="1.0" encoding="UTF-8"?>
<contextMenu>
<menuEntry name="Domain Crawler Query" url="http://www.domaincrawler.com/ip/view/%IP%" />
<menuEntry name="DomainTools Query" url="https://whois.domaintools.com/%IP%" />
<menuEntry name="Exposure Lookup" url="http://exposure.iseclab.org/detection/ip?ip=%IP%" />
<menuEntry name="Fortiguard Threat Research" url="http://www.fortiguard.com/ip_rep/index.php?data=%IP%&amp;lookup=Lookup" />
<menuEntry name="Google SafeBrowsing Report" url="http://www.google.com/safebrowsing/diagnostic?site=%IP%" />
<menuEntry name="HoneyNet Project Lookup" url="http://www.projecthoneypot.org/ip_%IP%" />
<menuEntry name="IPVoid Query" url="http://www.ipvoid.com/scan/%IP%" />
<menuEntry name="IsitAPT" url="http://isitapt.com/%IP%" />
View System Setup - Not Sure
System Setup
# Install Python PIP and Dependencies
sudo apt-get install python3-dev python3-pip python3-setuptools libyaml-dev wget libreadline7 libreadline-dev git python-dnspython python-mechanize python-slowaes python-xlsxwriter python-jsonrpclib python-lxml lsb-release figlet update-motd libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev -y
# Setup and configure Dynamic MOTD
# Remove the current directory
sudo rm -r /etc/update-motd.d/
# Create new directory
View fstab.txt
LABEL=cloudimg-rootfs / ext4 defaults 0 0
https://dav.box.com/dav /box-storage davfs rw,user,noauto 0 0
View crontab
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
View osxsetup.sh
# Install Xcode Command Linke Tools
xcode-select --install
# Install Home-brew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
# Install Common Tools
Brew install wget
Brew install click
Brew install libmagic
View threat hunting notes
Event ID 1102 - Generated when event log is cleared
Event ID 4648 - Generated when a process attempts an account logon by explicitly specifying that accounts credentials.
Windows Dashboard
EID 1 (Process Create)
EID 4688 (A new Process)
EID 10 (Process Access)
EID 4624 (An account was successfully logged on)
EID 4648 (A logon was attempted using explicit credentials)
You can’t perform that action at this time.