Greg Foss gfoss
gfoss
/ happy-fam.py
Last active
May 24, 2022 14:40
Correlate Parent and Child Process Events via the Lacework Query Language (LQL)
View happy-fam.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Happy Fam | |
| # LQL-Driven Parent and Child Process Analyzer | |
| # Lacework Labs | |
| # v0.1 - May 2022 | |
| # greg.foss@lacework.net | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); |
View LQL-Runner.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # LQL Runner | |
| # Lacework Labs | |
| # v0.1 - February 2022 | |
| # greg.foss@lacework.net | |
| ##################################################################################### | |
| # usage: lql-runner.py [-h] [-e LW_ENV] [-q QUERY] [-t DAYS] [-c] [-j] [-o FILENAME] | |
| # |
gfoss
/ Greynoise IP Analysis
Last active
February 12, 2022 00:18
Quickly obtain reputation information for IP Addresses from Greynoise - for both single and bulk IP's
View Greynoise IP Analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Greynoise Community Edition - IP Check | |
| # v0.1 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
gfoss
/ VirusTotal Domain Analysis
Last active
February 5, 2022 02:11
Quickly obtain reputation information for Domains from VirusTotal - for both single and bulk Domains
View VirusTotal Domain Analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # VirusTotal DNS Check | |
| # v0.1 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
gfoss
/ VirusTotal Hash Analysis
Last active
February 3, 2022 20:55
Quickly obtain reputation information for Hashes from VirusTotal - for both single and bulk Hahes
View VirusTotal Hash Analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # VirusTotal Hash Check | |
| # v0.3 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
gfoss
/ VirusTotal IP Address Analysis
Last active
February 3, 2022 18:01
Quickly obtain reputation information for IP Addresses from VirusTotal - for both single and bulk IP addresses
View VirusTotal IP Address Analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # VirusTotal IP Check | |
| # v0.3 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
View gecko.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Coingecko - trending coin monitoring and alerting | |
| # v0.3 | |
| # March, 2021 | |
| # greg.foss[at]owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. |
gfoss
/ Enable-PSRemoting.ps1
Last active
November 6, 2019 18:17
quickly enable psremoting on Windows Hosts via PowerShell
View Enable-PSRemoting.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function enablePSRemoting { | |
| Enable-PSRemoting –force | |
| Set-Service WinRM -StartMode Automatic | |
| Get-WmiObject -Class win32_service | Where-Object {$_.name -like "WinRM"} | |
| Set-Item WSMan:localhost\client\trustedhosts -value * | |
| Get-Item WSMan:\localhost\Client\TrustedHosts | |
| } |
gfoss
/ auto-hydra.sh
Created
August 3, 2017 03:16
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
View auto-hydra.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # @heinzarelli | |
| # greg . foss [at] logrhythm . com | |
| # v0.1 - May 2017 | |
| # | |
| function usage { | |
| echo "" |
gfoss
/ Extract-WiFi-Creds.ps1
Last active
February 1, 2022 13:06
Simple script to extract locally-stored Wi-Fi Credentials
View Extract-WiFi-Creds.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #====================================# | |
| # Extract Wi-Fi Credentials # | |
| # greg . foss @ owasp . org # | |
| # v0.1 -- July, 2017 # | |
| #====================================# | |
| # Licensed under the MIT License | |
| <# |
NewerOlder