Axel botlabsDev

## poc_ask_gandalf.py
import argparse
import json
import time
from pathlib import Path
from typing import Iterable

import requests
from openai import OpenAI

"""

## ms_threat_actor_taxonomy_to_misp_format.py
import uuid
from pprint import pprint

import requests


# https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
# https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/


## new_microsoft_threat_actor_naming_taxonomy.py
from pprint import pprint

import requests

# https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
# https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/

URL = "https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/ThreatActorNaming/MicrosoftMapping.json"


## ip_to_asn_history.py
# Twitter: @botlabsDev
# $ python3 ip_to_asn_history.py 8.8.8.8 --day 2019-01-01
# alternative online tool: https://stat.ripe.net/widget/routing-history


import argparse
import datetime
import ipaddress
import tarfile
from dataclasses import dataclass

## simple_tls_sinkhole.py
import asyncio
import ssl
import logging
import socket

logging.basicConfig(filename='tls_logs.log', level=logging.INFO)
#socket.setdefaulttimeout(2)

class TlsSinkholeServer(asyncio.Protocol):
    peername = None

## simple_tcp_sinkhole.py
# sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 23:65535 -j DNAT --to-destination :5555
# sudo python3 fake_tcp_server.py
# sudo tcpdump -i eth0 port not 22 -C 100000 -w dump

### fake_tcp_server.py

import asyncio


class TcpSinkhole(asyncio.Protocol):

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                botlabsDev
                / keybase.md
            
            
              Created
              March 23, 2022 18:14
            
          
    Keybase proof

I hereby claim:

I am botlabsdev on github.
I am botlabsdev (https://keybase.io/botlabsdev) on keybase.
I have a public key ASBn2VqCK1itTxy5RRpPlR7nAnGjpf98dbSrzhrOw_BRPQo

To claim this, I am signing this object:

  
## extract_emails_from_git_events.py
import datetime
import logging
from time import sleep
import requests as requests

logging.basicConfig(level=logging.INFO, filename="git_emails.log")

API_URL = "https://api.github.com/events?per_page=1000"
DENY_LIST = ["example.com", "github.com"]

## mount_shared_folder.sh
#!/bin/bash

mkdir -p $HOME/sharedFolder
/usr/bin/vmhgfs-fuse .host:/ /home/$USER/sharedFolder -o subtype=vmhgfs-fuse

## Vagrantfile
Vagrant.configure("2") do |config|
  config.vm.box = "peru/ubuntu-20.04-desktop-amd64"
  config.vm.box_version = "20210701.01"

  config.vm.provider "virtualbox" do |vb|
        vb.customize ["modifyvm", :id, "--nictrace1", "on"]
        vb.customize ["modifyvm", :id, "--nictracefile1", "#{File.dirname(__FILE__)}/trace1.pcap"]
  end
end
	import argparse
	import json
	import time
	from pathlib import Path
	from typing import Iterable

	import requests
	from openai import OpenAI

	"""
	import uuid
	from pprint import pprint

	import requests


	# https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
	# https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/
	# Twitter: @botlabsDev
	# $ python3 ip_to_asn_history.py 8.8.8.8 --day 2019-01-01
	# alternative online tool: https://stat.ripe.net/widget/routing-history


	import argparse
	import datetime
	import ipaddress
	import tarfile
	from dataclasses import dataclass
	import asyncio
	import ssl
	import logging
	import socket

	logging.basicConfig(filename='tls_logs.log', level=logging.INFO)
	#socket.setdefaulttimeout(2)

	class TlsSinkholeServer(asyncio.Protocol):
	peername = None
	# sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 23:65535 -j DNAT --to-destination :5555
	# sudo python3 fake_tcp_server.py
	# sudo tcpdump -i eth0 port not 22 -C 100000 -w dump

	### fake_tcp_server.py

	import asyncio


	class TcpSinkhole(asyncio.Protocol):
	import datetime
	import logging
	from time import sleep
	import requests as requests

	logging.basicConfig(level=logging.INFO, filename="git_emails.log")

	API_URL = "https://api.github.com/events?per_page=1000"
	DENY_LIST = ["example.com", "github.com"]
	#!/bin/bash

	mkdir -p $HOME/sharedFolder
	/usr/bin/vmhgfs-fuse .host:/ /home/$USER/sharedFolder -o subtype=vmhgfs-fuse
	Vagrant.configure("2") do \|config\|
	config.vm.box = "peru/ubuntu-20.04-desktop-amd64"
	config.vm.box_version = "20210701.01"

	config.vm.provider "virtualbox" do \|vb\|
	vb.customize ["modifyvm", :id, "--nictrace1", "on"]
	vb.customize ["modifyvm", :id, "--nictracefile1", "#{File.dirname(__FILE__)}/trace1.pcap"]
	end
	end