| Type | Line Text |
|---|---|
| CCN | American Express: 378282246310005 |
| CCN | American Express: 371449635398431 |
| CCN | American Express Corporate: 378734493671000 |
| CCN | Australian BankCard: 5610591081018250 |
| CCN | Diners Club: 30569309025904 |
| CCN | Diners Club: 38520000023237 |
| CCN | Discover: 6011111111111117 |
| CCN | Discover: 6011000990139424 |
Glenn hiddenillusion
hiddenillusion
/ apache_file.conf
Created
February 24, 2014 04:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| start_position => "beginning" | |
| path => "/path/to/*.log" | |
| type => "apache" | |
| sincedb_path => "/dev/null" # causes to re-read everytime | |
| } | |
| } | |
| filter { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - [Maltrieve](https://registry.hub.docker.com/u/technoskald/maltrieve/) | |
| - [Combine](https://registry.hub.docker.com/u/technoskald/combine/) | |
| - [Scumblr](https://registry.hub.docker.com/u/bprodoehl/scumblr/) | |
| - [CRITs](https://registry.hub.docker.com/u/pnelson/crits/) | |
| - [MISP](https://registry.hub.docker.com/u/eg5846/misp-docker/) | |
| - [ELK](https://registry.hub.docker.com/u/qnib/elk/) | |
| - [Viper](https://registry.hub.docker.com/u/remnux/viper/) | |
| - [JSdetox] (https://registry.hub.docker.com/u/remnux/jsdetox/) | |
| - [PEscanner] (https://registry.hub.docker.com/u/remnux/pescanner/) | |
| - [Rekall] (https://registry.hub.docker.com/u/remnux/rekall/) |
hiddenillusion
/ event_logs_categorized.csv
Created
January 27, 2016 12:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Event Log Type | Category | Event Log Name | EID | Description/Message | |||
|---|---|---|---|---|---|---|---|
| evt | Logon/Logoff | Security | 528 | successful logon | |||
| evt | Logon/Logoff | Security | 538 | user logoff | |||
| evt | Security Controls | Security | 848 | FW policy active when started | |||
| evt | Security Controls | Security | 849 | app listed as an exception in FW | |||
| evt | Security Controls | Security | 851 | change made to FW app exception list | |||
| evt | Security Controls | Security | 852 | change made to FW port exception list | |||
| evt | Security Controls | Security | 857 | FW setting to allow remote admin has changed | |||
| evt | Security Controls | Security | 859 | FW group policy settings removed | |||
| evt | Security Controls | Security | 860 | FW switched active policy profile |
hiddenillusion
/ be_test_data.md
Created
May 3, 2016 21:59
hiddenillusion
/ all_be_filepaths.md
Last active
May 3, 2016 22:43
- be_pii_test_data/pii_test.7z
- be_pii_test_data/pii_test.7z/pii_test.csv
- be_pii_test_data/pii_test.7z/pii_test.doc
- be_pii_test_data/pii_test.7z/pii_test.docm
- be_pii_test_data/pii_test.7z/pii_test.docx
- be_pii_test_data/pii_test.7z/pii_test.pdf
- be_pii_test_data/pii_test.7z/pii_test.txt
- be_pii_test_data/pii_test.7z/pii_test.xlsm
- be_pii_test_data/pii_test.7z/pii_test.xlsx
- be_pii_test_data/pii_test.csv
hiddenillusion
/ extract_mft_strings.py
Created
October 20, 2016 12:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # created by Glenn P. Edwards Jr. | |
| # https://hiddenillusion.github.io | |
| # @hiddenillusion | |
| # Date: 2016-10-10 | |
| # (while at FireEye) | |
| ''' | |
| Based on https://github.com/williballenthin/INDXParse/blob/master/get_file_info.py |
hiddenillusion
/ timesketch_views.md
Last active
June 27, 2020 10:15
Note - view this file in RAW form since asterisks get markdown'ed
| View Template Name | Works With | Syntax |
|---|---|---|
| Microsoft Outlook - Only Email Folders | AutoDFIR | * AND NOT folder_name:(Journal OR Contacts OR Calendar OR Notes OR "Suggested Contacts" OR "RSS Feeds") |
| Report Details | AutoDFIR | parser:evtxstats |
| Privilege Escalation | Log2timeline | parser:selinux AND (/bin/sudo OR /bin/su) |
| Privilege Escalation - Command Executed | Log2timeline | (parser:selinux AND (/bin/sudo OR /bin/su)) OR (reporter:sudo AND message:COMMAND) |
| Shell Command History | Log2timeline | data_type:"shell:zsh:history" OR data_type:"shell:bash:history" |
| SSH Activity | Log2timeline | audit_type:("CRED_ACQ" OR "USER_LOGIN" OR "USER_START" OR "USER_END") AND NOT message:(addr=? AND hostname=?) -"usr/sbin/crond" |
hiddenillusion
/ From_scratch.md
Last active
November 7, 2023 04:50
| Name/Link | Description/Purpose | Tags |
|---|---|---|
| Uber's SSH CA | A pam module that will authenticate a user based on them having an ssh certificate in their ssh-agent signed by a specified ssh CA. | Linux |
| Netflix's BLESS | An SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH public keys. | AWS,Linux |
| SSH Cert Authority | An implementation of an SSH certificate authority/ | |
| Square's Sharkey | Sharkey is a service for managing certificates for use by OpenSSH | Linux |
| Google's IAP | Cloud Identity-Aware Proxy (Cloud IAP) controls access to your cloud applications running on Google Cloud Platform. Cloud IAP works by verifying a user’s identity and determining if that user should be allowed to access the application. | Google Cloud Platform |
hiddenillusion
/ BreakingBad_Linux.md
Last active
August 23, 2017 15:28
hiddenillusion
/ Useful_recommendations.md
Last active
June 27, 2020 10:09
| Technology | Rec. | Notes |
|---|---|---|
| Multi factor authentication | ||
| LAPS | Win | |
| Pass-the-hash | Win |
| Link | Notes |
|---|
OlderNewer