Skip to content

Instantly share code, notes, and snippets.

View christian-taillon's full-sized avatar
{"input":"coffe","output":"solutions"}

christian christian-taillon

{"input":"coffe","output":"solutions"}
View GitHub Profile
@christian-taillon
christian-taillon / anthropic_manifold_pipeline.py
Last active September 4, 2024 15:46
Improved Version to Handle Streaming Bug
"""
title: Anthropic Manifold Pipe v2
description: An enhanced implementation of the Anthropic API integration for Open WebUI,
featuring improved streaming performance, robust error handling, and optimized
response processing for both streaming and non-streaming requests.
version: 0.1.6
license: MIT
fork of: https://openwebui.com/f/justinrahb/anthropic/
@christian-taillon
christian-taillon / gui_attendedAccess_script.
Created July 26, 2024 04:11
Disable and reenable GUI and other options for a desktop that is used as a server. Applies to Gnome.
#!/bin/bash
# Function to disable GUI and power management
disable_gui_power() {
echo "Disabling GUI and power management..."
# Disable sleep and hibernate
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
# Disable GNOME power management
@christian-taillon
christian-taillon / C-00000291-00000000-00000032.sys
Created July 19, 2024 18:39
Crowdstrike BSOD System Driver Bug
@christian-taillon
christian-taillon / vCISO-GPT-Actions.json
Created February 12, 2024 04:14
Current actions vCISO Get Cyber News Function
{
"openapi": "3.1.0",
"info": {
"title": "ZDNet | Zero Day RSS Feed",
"description": "Fetches the latest cybersecurity news from ZDNet's Zero Day blog.",
"version": "1.0.0"
},
"servers": [
{
"url": "https://www.zdnet.com"
# Suricata Rulesets URLs
- Corelight Labs Suricata Rules: [https://feed.corelight.com/corelight.rules](https://feed.corelight.com/corelight.rules)
- ET/Open: [https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz](https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz)
- ET/Pro: [https://rules.emergingthreatspro.com/<insert-et-pro-key-here>/suricata-6.0/etpro.rules.tar.gz](https://rules.emergingthreatspro.com/<insert-et-pro-key-here>/suricata-6.0/etpro.rules.tar.gz)
- etnetera/aggressive: [https://security.etnetera.cz/feeds/etn_aggressive.rules](https://security.etnetera.cz/feeds/etn_aggressive.rules)
- malsilo: [https://malsilo.gitlab.io/feeds/dumps/malsilo.rules.tar.gz](https://malsilo.gitlab.io/feeds/dumps/malsilo.rules.tar.gz)
- oisf/trafficid rules: [https://openinfosecfoundation.org/rules/trafficid/trafficid](https://openinfosecfoundation.org/rules/trafficid/trafficid)
- ptresearch/attackdetection: [https://raw.githubusercontent.com/ptresearch/AttackDetection/mast
@christian-taillon
christian-taillon / ioc-extract-cyberchef-recipe.txt
Created June 20, 2023 05:07
URL that acts as portable recipe for IOC Extraction
https://gchq.github.io/CyberChef/#recipe=Extract_domains(false,true,true)Extract_URLs(false,true,true/disabled)Extract_email_addresses(false,true,true/disabled)Extract_IP_addresses(true,true,false,false,false,false/disabled)Defang_URL(true,true,true,'Valid%20domains%20and%20full%20URLs')Defang_IP_Addresses()
@christian-taillon
christian-taillon / follina.spl
Created June 9, 2022 00:42
Search to look for Follina Adversary activity. Written in SPL for Crowdstrike data; however, content can support queries in other products.
((((ParentBaseFileName IN ("*WINWORD.EXE" ,
"*EXCEL.EXE" ,
"*POWERPNT.EXE" ,
"*MSPUB.EXE" ,
"*VISIO.EXE" ,
"*OUTLOOK.EXE" ,
"*MSACCESS.EXE" ,
"*MSPROJECT.EXE" ,
"*ONENOTE.EXE"))
AND ((CommandHistory IN ("*msdt.exe*" ,
@christian-taillon
christian-taillon / network-Malicious Labyrinth Chollima DNS Beacon Query.yaml
Last active April 5, 2023 23:37
Detects a program that invoked suspicious DNS queries known from Labyrinth Chollima's C3X beacons
title: Malicious Labyrinth Chollima DNS Beacon Query - DNS Client
id: 35c355a3-8c9d-4772-bbbc-327434770e4a
status: test
description: Detects a program that invoked suspicious DNS queries known from Labyrinth Chollima's C3X beacons
references:
- https://www.crowdstrike.com/adversaries/labyrinth-chollima/
- https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
- https://www.cisa.gov/news-events/alerts/2023/03/30/supply-chain-attack-against-3cxdesktopapp
- https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
- https://www.3cx.com/community/threads/crowdstrike-endpoint-security-detection-re-3cx-desktop-app.119934/page-2#post-558898
@christian-taillon
christian-taillon / SCCM Deployment
Created April 5, 2023 00:11
Quick guide, because I forget.
Creating the actual deployment
1. SCCM Console
2. Software Library
3. App Management
4. Applications -> Server Software
5. Create Application
6. If it's an MSI installer so a lot of the info is prepopulated just plug in your install string
7. Populate what info you see fit / relevant
8. Finish
9. Distribute the content to the software group
#1A1D21 #121016 #2C2C2C #FB8C00 #FB8C00 #FFB05C #2BAC76 #FB8C00 #2C2C2C #FFB05C