| Name/Link | Description/Purpose | Tags |
|---|---|---|
| beagle | Transforms data sources and logs into graphs. | fireeye:hx, win:evtx |
Glenn hiddenillusion
hiddenillusion
/ simple.yara
Created
April 14, 2021 21:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule test_yara_rule | |
| { | |
| strings: | |
| $0 = "Command" nocase wide ascii | |
| $1 = "Windows" nocase wide ascii | |
| condition: | |
| any of them | |
| } |
hiddenillusion
/ BreakingBad_Analysis.md
Last active
July 1, 2020 13:30
hiddenillusion
/ calc_percent.md
Last active
January 16, 2020 20:32
TOTAL_EXPECTED_FILES=$1
INGESTED=`find /path/to/logs -type f | wc -l`
PERCENTAGE=`echo $INGESTED/$TOTAL_EXPECTED_FILES*100 | bc -l`
echo $INGESTED" / "$TOTAL_EXPECTED_FILES" ( "$PERCENTAGE"% )"
CLI:
hiddenillusion
/ O365_appIds.md
Created
July 16, 2019 13:20
Application IDs withing the UAL
| Application Name | ID |
|---|---|
| Global PowerShell | 1b730954-1685-4b74-9bfd-dac224a7b894 |
| Microsoft.Azure.ActiveDirectory | 00000002-0000-0000-c000-000000000000 |
| Microsoft.Azure.AnalysisServices | 00000009-0000-0000-c000-000000000000 |
| Microsoft.Azure.Workflow | 00000005-0000-0000-c000-000000000000 |
| Microsoft Office Client Service | 0f698dd4-f011-4d23-a33e-b36416dcb1e6 |
| Microsoft.Exchange | 00000002-0000-0ff1-ce00-000000000000 |
hiddenillusion
/ O365-Roles.md
Created
May 4, 2018 13:59
If you have an Office 365 E3 or E5 business subscription, it includes security and compliance tools. In that case, you have access to these additional roles: Compliance administrator, eDiscovery Manager, Organization management, Reviewer, Security Administrator, Security Reader, Service Assurance User, Supervisory Review.
hiddenillusion
/ needles.md
Created
May 2, 2018 11:51
hiddenillusion
/ o365-kb.md
Last active
September 26, 2021 04:47
| Term | Description | Link(s) |
|---|---|---|
| Alias | Another email address that people can use to email | |
| App Password | An app password is a password that is created within the Azure portal and that allows the user to bypass MFA and continue to use their application. | |
| Alternate email address | Required for admins to receive important notifications, or resetting the admin password which cannot be modified by the end users | |
| AuditAdmin | ||
| AuditDelegate | ||
| Delegate | An account with assigned permissions to a mailbox. | |
| Display Name | Name that appears in the Address Book & on the TO and From lines on an email. | |
| EAC | "Exchange Admin Center" |
hiddenillusion
/ o365.md
Last active
May 29, 2019 10:22
- https://github.com/CherryHealth/Systems/blob/03d565b9f5c9dc89789158233e1bbf0ed3293830/Office365/LoginOlderThan30Days.ps1
- https://github.com/rorican4040/AllTheScripts/blob/f312f10b7d61837ec4d973d3ce7860becb247308/GetSharedMailboxes.ps1
- https://github.com/dmali777/DailyUse-PowershellScripts/blob/df50e3f0d0e32cc373d6d721f8692b33aa5eaed7/GetInboxRules.ps1
- https://github.com/seth2000/PSGetUserLogonTimeFromAD/blob/718cda33e88b3e692f660449f82604451f48f1e2/PSGetUserLogonTimeFromAD/Get%20a%20list%20of%20Mailboxes%20with%20sizes%20and%20sorted%20by%20size.ps1
- https://github.com/rravenhill/exchangescripts/blob/d1179d52b5be09c40edb99a2ce0c62ce409e90dd/export-forwards.ps1
- https://support.microsoft.com/en-us/help/4021960/how-to-use-mailbox-audit-logs-in-office-365
hiddenillusion
/ XWF.md
Created
February 21, 2018 13:13
- https://www.x-ways.net/forensics/x-tensions/api.html
- https://github.com/chadgough/x-tensions
- http://www.4discovery.com/our-tools/
- https://www.gaijin.at/en/xtmultifilefinder.php
- https://gist.github.com/danzek/deb2760e345bbd0a2404
- https://github.com/jp-slackspace/x-tension-c-sharp
- https://github.com/forensenellanebbia/xways-forensics
- https://github.com/Ogni75/XWFHashExport
hiddenillusion
/ CloudLife.md
Created
October 12, 2017 12:38
- No U2F available
- AWS Organizations | Notes on configuring aws organizations
Term | Meaning | Notes
NewerOlder