Skip to content

Instantly share code, notes, and snippets.

@githubfoam
githubfoam / rogue dhcp detection cheat sheet
Last active August 20, 2025 13:24
rogue dhcp detection cheat sheet
#====================================================================
#one log file per day
#script rotates daily by filename (rogue_dhcp_discover_warning_YYYY-MM-DD.log)
#Hourly cron job → appends to today’s log file.
#Next day → new file automatically created.
#Old logs (>30 days) are auto-deleted.
#!/bin/bash
# rogue_dhcp_monitor.sh
# Purpose: Detect multiple DHCP servers and log warnings or info
@githubfoam
githubfoam / nagios_core_container_experience
Last active August 15, 2025 14:06
nagios_core_container_experience
--------------------------------------------------------------------------------------------------
# Check if container is running
docker-compose -f docker-compose.yml.ubuntu ps
Check the container is running
docker ps
Look for your Nagios container, something like:
nagios_core 0.0.0.0:8080->80/tcp Up nagios:4.5.9
@githubfoam
githubfoam / wayback maschine cheat sheet
Last active August 1, 2025 10:52
wayback maschine cheat sheet
#====================================================================
Nginx config
Why search:
Nginx server configuration.
Nginx is a popular web server, and its configuration files (nginx.conf) control
how the server processes requests, handles proxies, and serves content. An exposed
config file can reveal server secrets and misconfigurations.
@githubfoam
githubfoam / kill-chain model
Last active July 25, 2025 13:09
kill-chain model
============================================================================
The kill-chain model, originally developed by Lockheed Martin as the Cyber Kill Chain, is a framework that helps Security Operations Center (SOC) engineers analyze cyberattacks in a structured way. It breaks down an attack into stages, allowing SOC engineers to understand, detect, and respond effectively.
How a SOC Engineer Uses the Kill-Chain Model
SOC engineers use the kill-chain model to:
Detect Threats Earlier: By recognizing attack patterns at different stages, they can stop an attack before it progresses.
Improve Incident Response: Helps prioritize threats based on their progression within the chain.
@githubfoam
githubfoam / falco detection cheat sheet
Created May 29, 2025 12:03
falco detection cheat sheet
#======================================================================
Simulated Detection Scenarios
Falco – Chmod 777
Scenario: Attacker gives full permissions to a sensitive file.
Simulate:
touch /tmp/test.sh && chmod 777 /tmp/test.sh
@githubfoam
githubfoam / wazuh cheat sheet
Created May 29, 2025 12:02
wazuh cheat sheet
#======================================================================
Part 2: Simulated Detection Scenarios
✅ Wazuh – File Integrity Monitoring
Scenario: Someone modifies /etc/passwd.
Simulate:
echo "#TEST123" >> /etc/passwd
@githubfoam
githubfoam / xdr cheat sheet
Last active August 13, 2025 01:27
xdr cheat sheet
#======================================================================
To make an informed decision on purchasing an XDR product, you need a structured approach to evaluating vendors and ensuring the solution meets your security needs. Here's how you can organize the process effectively:
1. Define Evaluation Goals & Success Criteria
Establish clear objectives for adopting an XDR solution (e.g., better threat detection, improved response automation).
Identify key security gaps that need addressing.
Define measurable success criteria for the evaluation (e.g., ease of integration, accuracy of threat detection, response time).
@githubfoam
githubfoam / PAM - privilleged access management cheat sheet
Last active May 23, 2025 11:09
PAM - privilleged access management cheat sheet
#===================================================================================================================================
What does a Holistic Approach in PAM involve?
Comprehensive User Access Control
Not only managing privileged users, but also regular employees, third-party contractors, and automated system accounts.
Example: Instead of just securing admin accounts, PAM also tracks access for interns, vendors, and service accounts across all systems
Integration with Other Systems
@githubfoam
githubfoam / eduroam cheat sheet
Created May 22, 2025 06:59
eduroam cheat sheet
To uninstall the CAT (Configuration Assistant Tool) installer from eduroam on Windows 10
PS:
The CAT installer itself usually configures the network and installs certificates but does not stay as a running application, so it often doesn’t show up in Programs
Remove eduroam from Windows
https://servicedesk.msstate.edu/TDClient/45/Portal/KB/ArticleDet?ID=1625
Method 1: Using Windows Settings (Recommended)
Uninstalling the eduroam CAT Installer Configuration
@githubfoam
githubfoam / base 64 detection cheat sheet
Created April 16, 2025 16:11
base 64 detection cheat sheet
#===================================================================================================================================
Base64-Encoded C2 Domain: Explanation & Examples
What is Base64 Encoding?
Base64 is a method of encoding binary data into ASCII text, often used to obfuscate malicious commands, URLs, or payloads to evade detection.
Why Do Attackers Use Base64 for C2 Communication?
Evasion: Many security tools scan for known malicious domains in plaintext.
Obfuscation: Makes malicious traffic harder to identify in logs.