Skip to content

Instantly share code, notes, and snippets.

@d1vious
d1vious / cloud_security_overview.xml
Created Mar 26, 2021
Cloud Security Overview Splunk Dashboard
View cloud_security_overview.xml
<form>
<label>Cloud Security Overview</label>
<description>Overview of ALL Cloud Providers security posture</description>
<search id="cs_suite">
<query>source="/home/ubuntu/cs-suite/cs-audit.log"</query>
</search>
<fieldset submitButton="true" autoRun="false">
<input type="time" token="field1">
<label></label>
<default>
@d1vious
d1vious / ubuntu_attack_range_deploy.sh
Last active Jan 16, 2021
ubuntu attack range deployment script
View ubuntu_attack_range_deploy.sh
#!/bin/bash
sudo apt-get update
sudo apt-get install -y python3-dev git unzip python3-pip awscli
pip3 install virtualenv
curl -s https://releases.hashicorp.com/terraform/0.14.4/terraform_0.14.4_linux_amd64.zip -o terraform.zip
unzip terraform.zip
sudo mv terraform /usr/local/bin/
git clone https://github.com/splunk/attack_range && cd attack_range
cd terraform/aws
terraform init
@d1vious
d1vious / attack_range_deploy.sh
Last active Jan 16, 2021
attack range deployment script
View attack_range_deploy.sh
#!/bin/bash
sudo apt-get update
sudo apt-get install -y python3-dev git unzip python3-pip awscli
pip3 install virtualenv
curl -s https://releases.hashicorp.com/terraform/0.14.4/terraform_0.14.4_linux_amd64.zip -o terraform.zip
unzip terraform.zip
sudo mv terraform /usr/local/bin/
git clone https://github.com/splunk/attack_range && cd attack_range
cd terraform/aws
terraform init
@d1vious
d1vious / content-update.py
Created Jan 28, 2020
automatically update ESCU
View content-update.py
#!/usr/bin/python
import requests
import argparse
import json
import os
import base64
import tarfile
import sys
import splunklib.client as client
@d1vious
d1vious / topurls.py
Last active Aug 23, 2019
top scanned urls reported by greynoise.io slackhook
View topurls.py
#!/usr/bin/python
import json
import argparse
import requests
def get_topurls(apitoken):
headers = {"key": apitoken}
response = requests.get("https://api.greynoise.io/v2/research/stats/top/http/path", headers=headers)
topurls = response.content
@d1vious
d1vious / config.toml
Created May 28, 2019
josehelps.com hugo configuration file
View config.toml
baseURL = "https://www.josehelps.com"
languageCode = "en-US"
title = "Jose Hernandez"
tags = ["cyber", "security", "diving", "make", "hardware", "projects"]
theme = "mediumish"
paginate = 10
disqusShortname = "" #Disqus shortname
summaryLength = 25
enableEmoji = true
copyright = "Jose Hernandez - All rights reserved"
View modified_poc_CVE-2019-6340
#!/usr/bin/env python3
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza
# Technical details for this exploit is available at:
# https://www.drupal.org/sa-core-2019-003
# https://www.ambionics.io/blog/drupal8-rce
# https://twitter.com/jcran/status/1099206271901798400
@d1vious
d1vious / CVE-2019-6340 Modsec Rule
Created Mar 1, 2019
Drupal Restful service module un-authenticated RCE
View CVE-2019-6340 Modsec Rule
# CVE-2019-6340
SecRule REQUEST_METHOD "@rx ^GET" \
"id:99999,\
phase:2,\
block,\
msg:'CVE-2019-6340 Drupal Restful module RCE',\
logdata:'Matched Data: CVE-2019-6340 Drupal Restful module RCE found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
View validate circleci
circleci config validate .circleci/config.yml
View tagging
git tag v1.0
git push --tags