c3rberus c3rberus

## CreateDateDimensionWithFiscals.sql
BEGIN TRY
    DROP TABLE [Dim].[Date]
END TRY

BEGIN CATCH
    /*No Action*/
END CATCH

CREATE TABLE [Dim].[Date]
(

## winlogbeats.yml
# A retired winlogbeats config maintained by the Recon InfoSec SOC
# contains most the higher value events needed for detection and response
# should be tuned for your specific environment and log volume tolerance

winlogbeat.event_logs: # Global Event Logs Config
  - name: Security
    ignore_older: 24h
    processors:
      - script:
          when.equals.winlog.channel: Security

## windows_hardening.cmd
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:

## asr-log-parser.ps1
$ASRGuidMatrix = @{'56a863a9-875e-4185-98a7-b882c64b5ce5' ='Block abuse of exploited vulnerable signed drivers';
'7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' = 'Block Adobe Reader from creating child processes';
'd4f940ab-401b-4efc-aadc-ad5f3c50688a' = 'Block all Office applications from creating child processes';
'9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' = 'Block credential stealing from the Windows local security authority subsystem (lsass.exe)';
'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' = 'Block executable content from email client and webmail';
'01443614-cd74-433a-b99e-2ecdc07bfc25' = 'Block executable files from running unless they meet a prevalence, age, or trusted list criterion';
'5beb7efe-fd9a-4556-801d-275e5ffc04cc'='Block execution of potentially obfuscated scripts';
'd3e037e1-3eb8-44c8-a917-57927947596d'='Block JavaScript or VBScript from launching downloaded executable content';
'3b576869-a4ec-4529-8536-b80a7769e899'='Block Office applications from creating executable content';
'75668c1f-73b5-4cf0-bb93-3ecf5

## runas.ps1
runas /user:acme\administrator "cmd.exe /C powershell.exe"'

## robocopy.ps1
#To do a mirror operation and properly copy the file and folder permissions, use the /sec and /secfix commands. The /sec command will copy the file security over for changed files, while the /secfix command will update the security for unchanged files.
#By combining these commands with /mir you will effectively mirror all of the files, folders, and permissions from a source directory to a destination.
robocopy D:\Source\ D:\Destination /mir /sec /secfix /v /log:copy.log

## nps_event_logs.ps1
auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                c3rberus
                / keybase.md
            
            
              Created
              October 30, 2022 02:38
            
          
    Keybase proof

I hereby claim:

I am c3rberus on github.
I am c3rberus (https://keybase.io/c3rberus) on keybase.
I have a public key ASDGQHTuKzJP-3ynJ2wRGKQpcp0sFH1R8CgsmlkSbb0f4Ao

To claim this, I am signing this object:

  
## Resize virtual machine partition.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                c3rberus
                / Resize virtual machine partition.md
            
            
              Created
              November 10, 2020 19:23
                — forked from HugoPoi/Resize virtual machine partition.md
            
              
                How to resize virtual machine partition after extend the disk
              
          
    Resize a VM system disk

Introduction


You have a VM with small disk
You have GPT partition table
You NOT USE LVM (you should)
You need to extend a partition on the main drive
You use Debian 8.x aka Jessie

Extend the disk


## CreateDateDimensionWithFiscals.sql
BEGIN TRY
    DROP TABLE [Dim].[Date]
END TRY

BEGIN CATCH
    /*No Action*/
END CATCH

CREATE TABLE [Dim].[Date]
(
	BEGIN TRY
	DROP TABLE [Dim].[Date]
	END TRY

	BEGIN CATCH
	/No Action/
	END CATCH

	CREATE TABLE [Dim].[Date]
	(
	# A retired winlogbeats config maintained by the Recon InfoSec SOC
	# contains most the higher value events needed for detection and response
	# should be tuned for your specific environment and log volume tolerance

	winlogbeat.event_logs: # Global Event Logs Config
	- name: Security
	ignore_older: 24h
	processors:
	- script:
	when.equals.winlog.channel: Security
	:: Windows 10 Hardening Script
	:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
	:: Obligatory 'views are my own'. :)
	:: Thank you @jaredhaight for the Win Firewall config recommendations!
	:: Thank you @ricardojba for the DLL Safe Order Search reg key!
	:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
	:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
	:
	$ASRGuidMatrix = @{'56a863a9-875e-4185-98a7-b882c64b5ce5' ='Block abuse of exploited vulnerable signed drivers';
	'7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' = 'Block Adobe Reader from creating child processes';
	'd4f940ab-401b-4efc-aadc-ad5f3c50688a' = 'Block all Office applications from creating child processes';
	'9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' = 'Block credential stealing from the Windows local security authority subsystem (lsass.exe)';
	'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' = 'Block executable content from email client and webmail';
	'01443614-cd74-433a-b99e-2ecdc07bfc25' = 'Block executable files from running unless they meet a prevalence, age, or trusted list criterion';
	'5beb7efe-fd9a-4556-801d-275e5ffc04cc'='Block execution of potentially obfuscated scripts';
	'd3e037e1-3eb8-44c8-a917-57927947596d'='Block JavaScript or VBScript from launching downloaded executable content';
	'3b576869-a4ec-4529-8536-b80a7769e899'='Block Office applications from creating executable content';
	'75668c1f-73b5-4cf0-bb93-3ecf5
	#To do a mirror operation and properly copy the file and folder permissions, use the /sec and /secfix commands. The /sec command will copy the file security over for changed files, while the /secfix command will update the security for unchanged files.
	#By combining these commands with /mir you will effectively mirror all of the files, folders, and permissions from a source directory to a destination.
	robocopy D:\Source\ D:\Destination /mir /sec /secfix /v /log:copy.log