Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Christopher Ashby ashbyca

🎯
Focusing
View GitHub Profile
View Keybase.md

Keybase proof

I hereby claim:

  • I am ashbyca on github.
  • I am ashby (https://keybase.io/ashby) on keybase.
  • I have a public key whose fingerprint is B966 BDF6 C4FE DDCF BE6B 6F93 AD9B DB92 3F8C 42BD

To claim this, I am signing this object:

View 00-header
#!/bin/sh
#
# 00-header - create the header of the MOTD
# Copyright (c) 2013 Nick Charlton
# Copyright (c) 2009-2010 Canonical Ltd.
#
# Authors: Nick Charlton <hello@nickcharlton.net>
# Dustin Kirkland <kirkland@canonical.com>
#
# This program is free software; you can redistribute it and/or modify
View 90-footer
@ashbyca
ashbyca / 10-sysinfo
Last active Sep 10, 2019
10-sysinfo
View 10-sysinfo
#!/bin/bash
#
# 10-sysinfo - generate the system information
# Copyright (c) 2013 Nick Charlton
#
# Authors: Nick Charlton <hello@nickcharlton.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
View ip-context-menu.xml
<?xml version="1.0" encoding="UTF-8"?>
<contextMenu>
<menuEntry name="Domain Crawler Query" url="http://www.domaincrawler.com/ip/view/%IP%" />
<menuEntry name="DomainTools Query" url="https://whois.domaintools.com/%IP%" />
<menuEntry name="Exposure Lookup" url="http://exposure.iseclab.org/detection/ip?ip=%IP%" />
<menuEntry name="Fortiguard Threat Research" url="http://www.fortiguard.com/ip_rep/index.php?data=%IP%&amp;lookup=Lookup" />
<menuEntry name="Google SafeBrowsing Report" url="http://www.google.com/safebrowsing/diagnostic?site=%IP%" />
<menuEntry name="HoneyNet Project Lookup" url="http://www.projecthoneypot.org/ip_%IP%" />
<menuEntry name="IPVoid Query" url="http://www.ipvoid.com/scan/%IP%" />
<menuEntry name="IsitAPT" url="http://isitapt.com/%IP%" />
View System Setup - Not Sure
System Setup
# Install Python PIP and Dependencies
sudo apt-get install python3-dev python3-pip python3-setuptools libyaml-dev wget libreadline7 libreadline-dev git python-dnspython python-mechanize python-slowaes python-xlsxwriter python-jsonrpclib python-lxml lsb-release figlet update-motd libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev -y
# Setup and configure Dynamic MOTD
# Remove the current directory
sudo rm -r /etc/update-motd.d/
# Create new directory
View fstab.txt
LABEL=cloudimg-rootfs / ext4 defaults 0 0
https://dav.box.com/dav /box-storage davfs rw,user,noauto 0 0
View threat hunting notes
Event ID 1102 - Generated when event log is cleared
Event ID 4648 - Generated when a process attempts an account logon by explicitly specifying that accounts credentials.
Windows Dashboard
EID 1 (Process Create)
EID 4688 (A new Process)
EID 10 (Process Access)
EID 4624 (An account was successfully logged on)
EID 4648 (A logon was attempted using explicit credentials)
View osxsetup.sh
# Install Xcode Command Linke Tools
xcode-select --install
# Install Home-brew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
# Install Common Tools
Brew install wget
Brew install click
Brew install libmagic
View criticalstart.txt
{"searchproviders":[["-1","DuckDuck Go","https://duckduckgo.com/?q=TESTSEARCH",true,false,7,false,"",false,""],["-1","Twitter Term","https://twitter.com/search?f=realtime&q=TESTSEARCH&src=typd",true,false,7,false,"",false,""],["-1","Google Safe Browsing","http://www.google.com/safebrowsing/diagnostic?site=TESTSEARCH",true,false,3,false,"",false,""],["-1","RIPE","https://stat.ripe.net/TESTSEARCH#tabId=at-a-glance",true,false,3,false,"",false,""],["-1","ARIN","https://search.arin.net/rdap/?query=TESTSEARCH",true,false,3,false,"",false,""],["-1","Domain Tools","https://whois.domaintools.com/TESTSEARCH",true,false,3,false,"",false,""],["-1","AlienVault OTX Domain","https://otx.alienvault.com/indicator/domain/TESTSEARCH",true,false,2,false,"",false,""],["-1","VirusTotal Domain Info","https://www.virustotal.com/en/domain/%s/information/",true,false,2,false,"",false,""],["-1","WhoIS DNS Info","http://who.is/whois/TESTSEARCH",true,false,2,false,"",false,""],["-1","McAfee TI","http://www.mcafee.com/threat-intelligence
You can’t perform that action at this time.