Bill Smartt bsmartt13

## example.log
2014-02-13T16:30:48-0800 ninja.local ty[example_analyzeplist]: ty_name="plist" keepalive="{'SuccessfulExit': None}"hash="29f062b5a12277e48f323c03c5e882c40506fd62"date="Thu, 13 Feb 2014 16:32:29"name="/System/Library/LaunchDaemons/com.apple.awacsd.plist"

2014-02-14T15:56:49-0800 ninja.local ty[example_analyzeplist]: ty_name="plist" name="/Users/bsmartt/Library/Preferences/ByHost/com.apple.identityservices.idstatuscache.D285B31B-51C2-50FF-8434-8F5E42C601AE.plist" changed_entry="true" hash="37705f72ba62d13e79ebdc78223fc3ff184e8587" hash_old="c9cda73684b65d7fcee80188d3ad4dfaec28f4b2" hash_last_updated="Fri, 14 Feb 2014 15:56:50" hash_diff_added="c9cda7684b65dee808d3addfac2f4b2" hash_diff_removed=“705f72ba62d13e79ebdc782233ff587"

2014-02-18T23:06:40-0800 ninja.local ty[example_analyzeplist]: ty_name="plist" removed_entry="true" name="com.vmware.vmioplug.10.1.26" date="Tue, 18 Feb 2014 20:56:44"

## Setting up MIDAS as a daemon
# Move the file to system wide LaunchDaemons.  This location instructs the system to run it as root (required for MIDAS).
ninja:MIDAS bsmartt$ sudo cp alienvault_integration/com.labs.alienvault.midas.cron.plist /System/Library/LaunchDaemons/
# Load the plist file
ninja:MIDAS bsmartt$ sudo launchctl load /System/Library/LaunchDaemons/com.labs.alienvault.midas.cron.plist
# To uninstall:
ninja:MIDAS bsmartt$ sudo launchctl unload /System/Library/LaunchDaemons/com.labs.alienvault.midas.cron.plist
ninja:MIDAS bsmartt$ sudo rm -rf  /System/Library/LaunchDaemons/com.labs.alienvault.midas.cron.plist

## converting a plist from xml to binary and back
ninja:tmp bsmartt$ plutil -convert binary1 -o binary.com.labs.alienvault.midas.cron.plist com.labs.alienvault.midas.cron.plist
ninja:tmp bsmartt$ plutil -convert xml1 -o xml.binary.com.labs.alienvault.midas.cron.plist binary.com.labs.alienvault.midas.cron.plist
ninja:tmp bsmartt$ file *.plist
    binary.com.labs.alienvault.midas.cron.plist:     Apple binary property list
    com.labs.alienvault.midas.cron.plist:            XML  document text
    xml.binary.com.labs.alienvault.midas.cron.plist: XML  document text
ninja:tmp bsmartt$ md5 com.labs.alienvault.midas.cron.plist xml.binary.com.labs.alienvault.midas.cron.plist
    MD5 (com.labs.alienvault.midas.cron.plist) = 256d573901f860e7c9471cc28374b2e3
    MD5 (xml.binary.com.labs.alienvault.midas.cron.plist) = 256d573901f860e7c9471cc28374b2e3

## gist:9897291
response.set_cookie('cookie_name', value, max_age=None, path='/', domain='.alienvault.com')
request.COOKIES['cookie_name'] = value

## tldextract.out
ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://blogspot.com"
{"domain": "", "subdomain": "", "suffix": "blogspot.com", "tld": "blogspot.com"}
ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://www.blogspot.com"
{"domain": "www", "subdomain": "", "suffix": "blogspot.com", "tld": "blogspot.com"}
ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://herokuapp.com"
{"domain": "", "subdomain": "", "suffix": "herokuapp.com", "tld": "herokuapp.com"}
ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://herokuapp.com"
{"domain": "", "subdomain": "", "suffix": "herokuapp.com", "tld": "herokuapp.com"}
ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://www.herokuapp.com"
{"domain": "www", "subdomain": "", "suffix": "herokuapp.com", "tld": "herokuapp.com"}

## gist:d7415714d4d3b3dcf0e8

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                bsmartt13
                / gist:d7415714d4d3b3dcf0e8
            
            
              Created
              June 19, 2014 03:15
            
              
                keybase.md
              
          
    Keybase proof

I hereby claim:

I am bsmartt13 on github.
I am billsmartt (https://keybase.io/billsmartt) on keybase.
I have a public key whose fingerprint is 583B E0F0 0281 2C0D 6A1D  22CE 10B3 4431 7229 50C4

To claim this, I am signing this object:

  
## gist:efa02c40ea12c09d9c3a
https://reputation.alienvault.com/reputation.generic.gz
https://reputation.alienvault.com/reputation.generic
https://reputation.alienvault.com/reputation.data
https://reputation.alienvault.com/reputation.snort.gz
https://reputation.alienvault.com/reputation.snort
https://reputation.alienvault.com/reputation.iptables.gz
https://reputation.alienvault.com/reputation.iptables
https://reputation.alienvault.com/reputation.squid.gz
https://reputation.alienvault.com/reputation.squid
https://reputation.alienvault.com/reputation.unix.gz

## gist:ed500d6c4e069720f358
GISTY YO

https://www.virustotal.com/
https://malwr.com/
https://www.alienvault.com/
http://malware-traffic-analysis.net/
http://www.malwaredomainlist.com/
http://www.malwareurl.com/


## gist:d6a0ebdeca25fd29faeb
### Keybase proof

I hereby claim:

  * I am bsmartt13 on github.
  * I am billsmartt (https://keybase.io/billsmartt) on keybase.
  * I have a public key whose fingerprint is 6263 996F 18FC 59C6 4554  D65E F56D F5CF 4CF6 84E3

To claim this, I am signing this object:

## tmux-cheatsheet.markdown

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                bsmartt13
                / tmux-cheatsheet.markdown
            
            
              Last active
              October 21, 2015 17:04
                — forked from MohamedAlaa/tmux-cheatsheet.markdown
            
              
                tmux shortcuts & cheatsheet
              
          
    tmux shortcuts & cheatsheet

start new:
tmux
tmux new -s myname
tmux ls

attach:
	2014-02-13T16:30:48-0800 ninja.local ty[example_analyzeplist]: ty_name="plist" keepalive="{'SuccessfulExit': None}"hash="29f062b5a12277e48f323c03c5e882c40506fd62"date="Thu, 13 Feb 2014 16:32:29"name="/System/Library/LaunchDaemons/com.apple.awacsd.plist"

	2014-02-14T15:56:49-0800 ninja.local ty[example_analyzeplist]: ty_name="plist" name="/Users/bsmartt/Library/Preferences/ByHost/com.apple.identityservices.idstatuscache.D285B31B-51C2-50FF-8434-8F5E42C601AE.plist" changed_entry="true" hash="37705f72ba62d13e79ebdc78223fc3ff184e8587" hash_old="c9cda73684b65d7fcee80188d3ad4dfaec28f4b2" hash_last_updated="Fri, 14 Feb 2014 15:56:50" hash_diff_added="c9cda7684b65dee808d3addfac2f4b2" hash_diff_removed=“705f72ba62d13e79ebdc782233ff587"

	2014-02-18T23:06:40-0800 ninja.local ty[example_analyzeplist]: ty_name="plist" removed_entry="true" name="com.vmware.vmioplug.10.1.26" date="Tue, 18 Feb 2014 20:56:44"
	# Move the file to system wide LaunchDaemons. This location instructs the system to run it as root (required for MIDAS).
	ninja:MIDAS bsmartt$ sudo cp alienvault_integration/com.labs.alienvault.midas.cron.plist /System/Library/LaunchDaemons/
	# Load the plist file
	ninja:MIDAS bsmartt$ sudo launchctl load /System/Library/LaunchDaemons/com.labs.alienvault.midas.cron.plist
	# To uninstall:
	ninja:MIDAS bsmartt$ sudo launchctl unload /System/Library/LaunchDaemons/com.labs.alienvault.midas.cron.plist
	ninja:MIDAS bsmartt$ sudo rm -rf /System/Library/LaunchDaemons/com.labs.alienvault.midas.cron.plist
	ninja:tmp bsmartt$ plutil -convert binary1 -o binary.com.labs.alienvault.midas.cron.plist com.labs.alienvault.midas.cron.plist
	ninja:tmp bsmartt$ plutil -convert xml1 -o xml.binary.com.labs.alienvault.midas.cron.plist binary.com.labs.alienvault.midas.cron.plist
	ninja:tmp bsmartt$ file *.plist
	binary.com.labs.alienvault.midas.cron.plist: Apple binary property list
	com.labs.alienvault.midas.cron.plist: XML document text
	xml.binary.com.labs.alienvault.midas.cron.plist: XML document text
	ninja:tmp bsmartt$ md5 com.labs.alienvault.midas.cron.plist xml.binary.com.labs.alienvault.midas.cron.plist
	MD5 (com.labs.alienvault.midas.cron.plist) = 256d573901f860e7c9471cc28374b2e3
	MD5 (xml.binary.com.labs.alienvault.midas.cron.plist) = 256d573901f860e7c9471cc28374b2e3
	response.set_cookie('cookie_name', value, max_age=None, path='/', domain='.alienvault.com')
	request.COOKIES['cookie_name'] = value
	ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://blogspot.com"
	{"domain": "", "subdomain": "", "suffix": "blogspot.com", "tld": "blogspot.com"}
	ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://www.blogspot.com"
	{"domain": "www", "subdomain": "", "suffix": "blogspot.com", "tld": "blogspot.com"}
	ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://herokuapp.com"
	{"domain": "", "subdomain": "", "suffix": "herokuapp.com", "tld": "herokuapp.com"}
	ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://herokuapp.com"
	{"domain": "", "subdomain": "", "suffix": "herokuapp.com", "tld": "herokuapp.com"}
	ninja:~ bsmartt$ curl "http://tldextract.appspot.com/api/extract?url=http://www.herokuapp.com"
	{"domain": "www", "subdomain": "", "suffix": "herokuapp.com", "tld": "herokuapp.com"}
	https://reputation.alienvault.com/reputation.generic.gz
	https://reputation.alienvault.com/reputation.generic
	https://reputation.alienvault.com/reputation.data
	https://reputation.alienvault.com/reputation.snort.gz
	https://reputation.alienvault.com/reputation.snort
	https://reputation.alienvault.com/reputation.iptables.gz
	https://reputation.alienvault.com/reputation.iptables
	https://reputation.alienvault.com/reputation.squid.gz
	https://reputation.alienvault.com/reputation.squid
	https://reputation.alienvault.com/reputation.unix.gz
	GISTY YO

	https://www.virustotal.com/
	https://malwr.com/
	https://www.alienvault.com/
	http://malware-traffic-analysis.net/
	http://www.malwaredomainlist.com/
	http://www.malwareurl.com/
	### Keybase proof

	I hereby claim:

	* I am bsmartt13 on github.
	* I am billsmartt (https://keybase.io/billsmartt) on keybase.
	* I have a public key whose fingerprint is 6263 996F 18FC 59C6 4554 D65E F56D F5CF 4CF6 84E3

	To claim this, I am signing this object: