Type | Line Text |
---|---|
CCN | American Express: 378282246310005 |
CCN | American Express: 371449635398431 |
CCN | American Express Corporate: 378734493671000 |
CCN | Australian BankCard: 5610591081018250 |
CCN | Diners Club: 30569309025904 |
CCN | Diners Club: 38520000023237 |
CCN | Discover: 6011111111111117 |
CCN | Discover: 6011000990139424 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
file { | |
start_position => "beginning" | |
path => "/path/to/*.log" | |
type => "apache" | |
sincedb_path => "/dev/null" # causes to re-read everytime | |
} | |
} | |
filter { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- [Maltrieve](https://registry.hub.docker.com/u/technoskald/maltrieve/) | |
- [Combine](https://registry.hub.docker.com/u/technoskald/combine/) | |
- [Scumblr](https://registry.hub.docker.com/u/bprodoehl/scumblr/) | |
- [CRITs](https://registry.hub.docker.com/u/pnelson/crits/) | |
- [MISP](https://registry.hub.docker.com/u/eg5846/misp-docker/) | |
- [ELK](https://registry.hub.docker.com/u/qnib/elk/) | |
- [Viper](https://registry.hub.docker.com/u/remnux/viper/) | |
- [JSdetox] (https://registry.hub.docker.com/u/remnux/jsdetox/) | |
- [PEscanner] (https://registry.hub.docker.com/u/remnux/pescanner/) | |
- [Rekall] (https://registry.hub.docker.com/u/remnux/rekall/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Event Log Type | Category | Event Log Name | EID | Description/Message | |||
---|---|---|---|---|---|---|---|
evt | Logon/Logoff | Security | 528 | successful logon | |||
evt | Logon/Logoff | Security | 538 | user logoff | |||
evt | Security Controls | Security | 848 | FW policy active when started | |||
evt | Security Controls | Security | 849 | app listed as an exception in FW | |||
evt | Security Controls | Security | 851 | change made to FW app exception list | |||
evt | Security Controls | Security | 852 | change made to FW port exception list | |||
evt | Security Controls | Security | 857 | FW setting to allow remote admin has changed | |||
evt | Security Controls | Security | 859 | FW group policy settings removed | |||
evt | Security Controls | Security | 860 | FW switched active policy profile |
- be_pii_test_data/pii_test.7z
- be_pii_test_data/pii_test.7z/pii_test.csv
- be_pii_test_data/pii_test.7z/pii_test.doc
- be_pii_test_data/pii_test.7z/pii_test.docm
- be_pii_test_data/pii_test.7z/pii_test.docx
- be_pii_test_data/pii_test.7z/pii_test.pdf
- be_pii_test_data/pii_test.7z/pii_test.txt
- be_pii_test_data/pii_test.7z/pii_test.xlsm
- be_pii_test_data/pii_test.7z/pii_test.xlsx
- be_pii_test_data/pii_test.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# created by Glenn P. Edwards Jr. | |
# https://hiddenillusion.github.io | |
# @hiddenillusion | |
# Date: 2016-10-10 | |
# (while at FireEye) | |
''' | |
Based on https://github.com/williballenthin/INDXParse/blob/master/get_file_info.py |
Note - view this file in RAW form since asterisks get markdown'ed
View Template Name | Works With | Syntax |
---|---|---|
Microsoft Outlook - Only Email Folders | AutoDFIR | * AND NOT folder_name:(Journal OR Contacts OR Calendar OR Notes OR "Suggested Contacts" OR "RSS Feeds") |
Report Details | AutoDFIR | parser:evtxstats |
Privilege Escalation | Log2timeline | parser:selinux AND (/bin/sudo OR /bin/su) |
Privilege Escalation - Command Executed | Log2timeline | (parser:selinux AND (/bin/sudo OR /bin/su)) OR (reporter:sudo AND message:COMMAND) |
Shell Command History | Log2timeline | data_type:"shell:zsh:history" OR data_type:"shell:bash:history" |
SSH Activity | Log2timeline | audit_type:("CRED_ACQ" OR "USER_LOGIN" OR "USER_START" OR "USER_END") AND NOT message:(addr=? AND hostname=?) -"usr/sbin/crond" |
Name/Link | Description/Purpose | Tags |
---|---|---|
Uber's SSH CA | A pam module that will authenticate a user based on them having an ssh certificate in their ssh-agent signed by a specified ssh CA. | Linux |
Netflix's BLESS | An SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH public keys. | AWS,Linux |
SSH Cert Authority | An implementation of an SSH certificate authority/ | |
Square's Sharkey | Sharkey is a service for managing certificates for use by OpenSSH | Linux |
Google's IAP | Cloud Identity-Aware Proxy (Cloud IAP) controls access to your cloud applications running on Google Cloud Platform. Cloud IAP works by verifying a user’s identity and determining if that user should be allowed to access the application. | Google Cloud Platform |
Technology | Rec. | Notes |
---|---|---|
Multi factor authentication | ||
LAPS | Win | |
Pass-the-hash | Win |
Link | Notes |
---|
OlderNewer