Chapin Bryce chapinb
chapinb
/ honeypot-to-moloch.sh
Created
February 15, 2020 12:40
Script to pull honeypot PCAP data into Moloch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## Please insert the appropriate User and IP address values | |
| ## You may also need to edit the path to where your PCAPs | |
| ## exist on the remote system | |
| echo ===== Pulling remote pcap data | |
| rsync -a <USER>@<IP>:/data/rdp.*.pcap* /data/pcap/ | |
| echo rsync exit code: $? | |
| ## This script is available at: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM adoptopenjdk/openjdk11:slim | |
| RUN apt update &&\ | |
| apt install -y curl nginx | |
| # SETUP NGINX PROXY | |
| COPY default.nginx.conf /etc/nginx/sites-available/default | |
| # SETUP ELASTIC 7.5.1 |
chapinb
/ prep-report.sh
Last active
November 23, 2019 20:52
Quick script to run bro against a pcap capturing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Tested on Debian 10 (Buster) | |
| # Make a report folder | |
| outdir=bro-`date +%FT%H-%M-%S` | |
| mkdir $outdir | |
| # Generate our reports with bro in the report folder | |
| cd $outdir |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Homebrew, install at brew.sh | |
| alias binfo='brew info' | |
| alias bupdate='brew update' | |
| alias bupgrade='brew upgrade' | |
| alias bsearch='brew search' | |
| # Git | |
| alias gitu='git add -u' | |
| alias gitc='git commit' | |
| alias gits='git status -uno' |
chapinb
/ ntuser_trustrecords.py
Created
July 3, 2019 21:24
Checking NTUSER.DAT files for documents with enabled macros
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| """Script to check the TrustRecords key for documents with enabled macros | |
| Prior research/tools: | |
| - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html | |
| - http://windowsir.blogspot.com/2012/07/links-and-updates. | |
| Other tools support parsing this key (ie RegRipper plugin TrustRecords) though | |
| it's always useful to have more options to parse an artifact. This is just | |
| another take on extracting value from this registry key with the hope of |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "query_seconds": 0.114051, | |
| "records": { | |
| "13.52.4.25": { | |
| "message": "", | |
| "results": [ | |
| { | |
| "cidr": "13.52.0.0/16", | |
| "first_collected": "2017-09-08T16:27:01", | |
| "last_collected": "2019-01-13T08:00:01", |
chapinb
/ gist:3982e4fe6edf7b18c2ff93be3f21e3bc
Created
January 19, 2019 02:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ fgrep Invalid\ user auth.log | head -n 5 | awk '{ print $10 }' | ursort | |
| 3 180.211.137.8 | |
| 2 188.165.201.89 |
chapinb
/ sort_alias.sh
Created
January 19, 2019 02:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alias usort='sort | uniq -c | sort -n' # Normal sort | |
| alias ursort='sort | uniq -c | sort -rn' # Reverse sort |
chapinb
/ gist:ad241ced48f3ce1f03d10f8c73e8d061
Created
January 19, 2019 02:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ fgrep Invalid\ user auth.log | head -n 5 | awk '{ print $10 }' | sort | uniq -c | sort -rn | |
| 3 180.211.137.8 | |
| 2 188.165.201.89 |
chapinb
/ gist:3e4d8a95c315414a53bad5369fdb6c5f
Created
January 19, 2019 02:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ fgrep Invalid\ user auth.log | head -n 5 | awk '{ print $10 }' 188.165.201.89 | |
| 180.211.137.8 | |
| 188.165.201.89 | |
| 180.211.137.8 | |
| 180.211.137.8 |
NewerOlder