This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Please insert the appropriate User and IP address values | |
## You may also need to edit the path to where your PCAPs | |
## exist on the remote system | |
echo ===== Pulling remote pcap data | |
rsync -a <USER>@<IP>:/data/rdp.*.pcap* /data/pcap/ | |
echo rsync exit code: $? | |
## This script is available at: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM adoptopenjdk/openjdk11:slim | |
RUN apt update &&\ | |
apt install -y curl nginx | |
# SETUP NGINX PROXY | |
COPY default.nginx.conf /etc/nginx/sites-available/default | |
# SETUP ELASTIC 7.5.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Tested on Debian 10 (Buster) | |
# Make a report folder | |
outdir=bro-`date +%FT%H-%M-%S` | |
mkdir $outdir | |
# Generate our reports with bro in the report folder | |
cd $outdir |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Homebrew, install at brew.sh | |
alias binfo='brew info' | |
alias bupdate='brew update' | |
alias bupgrade='brew upgrade' | |
alias bsearch='brew search' | |
# Git | |
alias gitu='git add -u' | |
alias gitc='git commit' | |
alias gits='git status -uno' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
"""Script to check the TrustRecords key for documents with enabled macros | |
Prior research/tools: | |
- http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html | |
- http://windowsir.blogspot.com/2012/07/links-and-updates. | |
Other tools support parsing this key (ie RegRipper plugin TrustRecords) though | |
it's always useful to have more options to parse an artifact. This is just | |
another take on extracting value from this registry key with the hope of |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"query_seconds": 0.114051, | |
"records": { | |
"13.52.4.25": { | |
"message": "", | |
"results": [ | |
{ | |
"cidr": "13.52.0.0/16", | |
"first_collected": "2017-09-08T16:27:01", | |
"last_collected": "2019-01-13T08:00:01", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ fgrep Invalid\ user auth.log | head -n 5 | awk '{ print $10 }' | ursort | |
3 180.211.137.8 | |
2 188.165.201.89 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alias usort='sort | uniq -c | sort -n' # Normal sort | |
alias ursort='sort | uniq -c | sort -rn' # Reverse sort |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ fgrep Invalid\ user auth.log | head -n 5 | awk '{ print $10 }' | sort | uniq -c | sort -rn | |
3 180.211.137.8 | |
2 188.165.201.89 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ fgrep Invalid\ user auth.log | head -n 5 | awk '{ print $10 }' 188.165.201.89 | |
180.211.137.8 | |
188.165.201.89 | |
180.211.137.8 | |
180.211.137.8 |
NewerOlder