Skip to content

Instantly share code, notes, and snippets.

View christian-taillon's full-sized avatar
{"input":"coffe","output":"solutions"}

christian christian-taillon

{"input":"coffe","output":"solutions"}
View GitHub Profile
@christian-taillon
christian-taillon / C-00000291-00000000-00000032.sys
Created July 19, 2024 18:39
Crowdstrike BSOD System Driver Bug
@christian-taillon
christian-taillon / vCISO-GPT-Actions.json
Created February 12, 2024 04:14
Current actions vCISO Get Cyber News Function
{
"openapi": "3.1.0",
"info": {
"title": "ZDNet | Zero Day RSS Feed",
"description": "Fetches the latest cybersecurity news from ZDNet's Zero Day blog.",
"version": "1.0.0"
},
"servers": [
{
"url": "https://www.zdnet.com"
# Suricata Rulesets URLs
- Corelight Labs Suricata Rules: [https://feed.corelight.com/corelight.rules](https://feed.corelight.com/corelight.rules)
- ET/Open: [https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz](https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz)
- ET/Pro: [https://rules.emergingthreatspro.com/<insert-et-pro-key-here>/suricata-6.0/etpro.rules.tar.gz](https://rules.emergingthreatspro.com/<insert-et-pro-key-here>/suricata-6.0/etpro.rules.tar.gz)
- etnetera/aggressive: [https://security.etnetera.cz/feeds/etn_aggressive.rules](https://security.etnetera.cz/feeds/etn_aggressive.rules)
- malsilo: [https://malsilo.gitlab.io/feeds/dumps/malsilo.rules.tar.gz](https://malsilo.gitlab.io/feeds/dumps/malsilo.rules.tar.gz)
- oisf/trafficid rules: [https://openinfosecfoundation.org/rules/trafficid/trafficid](https://openinfosecfoundation.org/rules/trafficid/trafficid)
- ptresearch/attackdetection: [https://raw.githubusercontent.com/ptresearch/AttackDetection/mast
@christian-taillon
christian-taillon / ioc-extract-cyberchef-recipe.txt
Created June 20, 2023 05:07
URL that acts as portable recipe for IOC Extraction
https://gchq.github.io/CyberChef/#recipe=Extract_domains(false,true,true)Extract_URLs(false,true,true/disabled)Extract_email_addresses(false,true,true/disabled)Extract_IP_addresses(true,true,false,false,false,false/disabled)Defang_URL(true,true,true,'Valid%20domains%20and%20full%20URLs')Defang_IP_Addresses()
@christian-taillon
christian-taillon / network-Malicious Labyrinth Chollima DNS Beacon Query.yaml
Last active April 5, 2023 23:37
Detects a program that invoked suspicious DNS queries known from Labyrinth Chollima's C3X beacons
title: Malicious Labyrinth Chollima DNS Beacon Query - DNS Client
id: 35c355a3-8c9d-4772-bbbc-327434770e4a
status: test
description: Detects a program that invoked suspicious DNS queries known from Labyrinth Chollima's C3X beacons
references:
- https://www.crowdstrike.com/adversaries/labyrinth-chollima/
- https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
- https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp
- https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
- https://www.3cx.com/community/threads/crowdstrike-endpoint-security-detection-re-3cx-desktop-app.119934/page-2#post-558898
@christian-taillon
christian-taillon / SCCM Deployment
Created April 5, 2023 00:11
Quick guide, because I forget.
Creating the actual deployment
1. SCCM Console
2. Software Library
3. App Management
4. Applications -> Server Software
5. Create Application
6. If it's an MSI installer so a lot of the info is prepopulated just plug in your install string
7. Populate what info you see fit / relevant
8. Finish
9. Distribute the content to the software group
#1A1D21 #121016 #2C2C2C #FB8C00 #FB8C00 #FFB05C #2BAC76 #FB8C00 #2C2C2C #FFB05C
@christian-taillon
christian-taillon / Splunk Template View
Created March 28, 2023 22:10
I frequently find my self trying to remember what is required for a new view creation.
<form theme="dark">
<label>Splunk Template View</label>
<description>I frequently find my self trying to remember what is required for a new view creation.</description>
<fieldset autoRun="true" submitButton="true">
<input type="time" token="time">
<label>Time</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
smbpasswd -U $user$ -r `nslookup _ldap._tcp.dc._msdcs.$domain$ | awk '{print $2;exit;}'`
@christian-taillon
christian-taillon / DirtyCleanup.sh
Created March 10, 2023 23:09
Very unintelligent method of cleaning and organizing files. I have problems with my Downloads dir.
## Dumb Quick and Dirty File Organizer
## Author to Blame: Christian Taillon
## Bad Idea Date: 03-10-2023
IFS=$'\n' # make newlines the only separator
set -f # disable globbing
echo "starting misc"
for f in $(find ~/Downloads/ -name '*' -type f ); do
date=$(date +%F -r "$f")