Skip to content

Instantly share code, notes, and snippets.

View evoxco's full-sized avatar

evoxco evoxco

9 followers · 6 following
View GitHub Profile
@evoxco
evoxco / MacOSx Delete Ugly Certificates
Created October 28, 2016 15:35
Ugly Certificates
I just dont like the names ! You have to disable System Integrity Protection (CMD-r/csrutil disable/reboot)
fsck:~ $ sudo security delete-certificate -Z 1B4B396126276B6491A2686DD70243212D1F1D96 /System/Library/Keychains/SystemRootCertificates.keychain
fsck:~ $ sudo security delete-certificate -Z F17F6FB631DC99E3A3C87FFE1CF1811088D96033 /System/Library/Keychains/SystemRootCertificates.keychain
fsck:~ $ sudo security delete-certificate -Z 8C941B34EA1EA6ED9AE2BC54CF687252B4C9B561 /System/Library/Keychains/SystemRootCertificates.keychain
fsck:~ $ sudo security delete-certificate -Z 2E14DAEC28F0FA1E8E389A4EABEB26C00AD383C3 /System/Library/Keychains/SystemRootCertificates.keychain
fsck:~ $ sudo security delete-certificate -Z 9D70BB01A5A4A018112EF71C01B932C534E788A8 /System/Library/Keychains/SystemRootCertificates.keychain
fsck:~ $ sudo security delete-certificate -Z 6E3A55A4190C195C93843CC0DB722E313061F0B1 /System/Library/Keychains/SystemRootCertificates.keychain
fsck:~ $ sudo security delete-certificate -Z 786A7
@evoxco
evoxco / checkthreatfeed.py
Created October 11, 2016 20:03
Open source Threat intel check via C1fApp API
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
usage:
cat something_withIPs | python checkthreatfeed.py
www.c1fapp.com
'''
import sys
@evoxco
evoxco / start_nprobe
Created September 8, 2015 17:42
Nprobe command line with ElasticSearch logging
/usr/local/bin/nprobe -b 0 -i eth1 --json-labels -t 60 --elastic "nProbe;nprobe;http://127.0.0.1:9200/_bulk" -T "%IPV4_SRC_ADDR %L4_SRC_PORT %IPV4_DST_ADDR %L4_DST_PORT %PROTOCOL %IN_BYTES %OUT_BYTES %FIRST_SWITCHED %LAST_SWITCHED %IN_PKTS %OUT_PKTS %IP_PROTOCOL_VERSION %APPLICATION_ID %L7_PROTO_NAME %ICMP_TYPE %SRC_IP_COUNTRY %DST_IP_COUNTRY %APPL_LATENCY_MS %HTTP_URL %HTTP_RET_CODE %HTTP_REFERER %HTTP_UA %HTTP_MIME %HTTP_HOST %HTTP_FBOOK_CHAT %HTTP_SITE %HTTP_METHOD" -G 2>/tmp/log
@evoxco
evoxco / default-site
Created September 8, 2015 17:41
NginX configuration for Kibana/ElasticSearch
server {
listen *:443;
ssl on;
ssl_certificate /etc/ssl/certs/cacert.pem;
ssl_certificate_key /etc/ssl/private/privkey.pem;
server_name nsm01;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
@evoxco
evoxco / extract-files.bro
Last active April 25, 2017 03:48
Bro Ids Extract files
Enable file extraction (Prior to 2.4.1)
---------------
sudo vi /mnt/data/bro/share/bro/site/local.bro
@load misc/extract-files
vi /mnt/data/bro/share/bro/policy/misc/extract-files.bro
global ext_map: table[string] of string = {
["application/x-dosexec"] = "exe",
["application/pdf"] = "pdf",
@evoxco
evoxco / nprobe-mapping-template
Last active October 6, 2015 07:13
Nprobe ElasticSearch Mapping Template
{
"template": "nprobe*",
"mappings": {
"_default_": {
"_timestamp": {
"enabled": true,
"store": true
}
},
"nProbe": {
@evoxco
evoxco / Nprobe flow Qbana HTTP
Created August 4, 2015 11:06
Nprobe flow Qbana Dahsboard HTTP
{
"index": {
"default": "_all",
"pattern": "[nprobe-]YYYY.MM.DD",
"warm_fields": true,
"interval": "day"
},
"style": "light",
"rows": [
{
@evoxco
evoxco / Nprobe flow Qbana
Last active September 8, 2015 17:35
Nprobe flow Qbana Dashboard
{
"index": {
"default": "_all",
"pattern": "[nprobe-]YYYY.MM.DD",
"warm_fields": true,
"interval": "day"
},
"style": "light",
"rows": [
{
@evoxco
evoxco / Bro ids Elastic template
Last active April 25, 2017 03:48
Bro Ids Elastic template to avoid analyse of fields
{
"template": "bro*",
"mappings": {
"_default_": {
"_timestamp": {
"enabled": true,
"store": true
}
},
"ssl": {
@evoxco
evoxco / Bro Ids C1fApp threat intel
Created August 4, 2015 10:59
Bro Ids C1fApp threat intel (generic intel template)
{
"title": "Broids-C1fApp Intel",
"services": {
"query": {
"list": {
"0": {
"id": 0,
"color": "#7EB26D",
"alias": "All Connections",
"pin": true,