I hereby claim:
- I am hiddenillusion on github.
- I am hiddenillusion (https://keybase.io/hiddenillusion) on keybase.
- I have a public key ASBDr5lF1rd1Ps8NbvLezlVDTljkbtFSEFcw3fgTeYU6iQo
To claim this, I am signing this object:
rule mutex_before_file | |
{ | |
strings: | |
$sA = "bad.gcc" nocase | |
$sZ = "mutex" nocase | |
condition: | |
(@sZ[1] < @sA[1]) | |
} |
I hereby claim:
To claim this, I am signing this object:
What | Notes | Linkage |
---|---|---|
Clair scanner | Docker containers vulnerability scan | https://github.com/arminc/clair-scanner |
docksan | A security vulnerability and audit scanner for Docker installations | https://github.com/kost/dockscan |
What | Where | Notes
Intel Type | Enrichment | Source |
---|---|---|
Virus Total | ||
PassiveTotal | ||
DomainTools | ||
WhoIs | ||
GeoIP | ||
Shadow Server | ||
Tor exit nodes | ||
VPN |
#!/usr/bin/env python | |
# created by Glenn P. Edwards Jr. | |
# https://hiddenillusion.github.io | |
# @hiddenillusion | |
# Date: 2017-07-08 | |
# (while at FireEye) | |
import cmd | |
import os |
python timesketch_query.py
This utility leverages the Timesketch API/Client to interact with one's instance in various ways.
Most commands (show_*|get_*) require a Sketch ID so the best command to start with is `list_sketches` .
(tsq) help
TimesketchQuery commands
========================
Get-ScheduledTask -TaskName 'XblGameSaveTaskLogon' | % { $_.Actions += New-ScheduledTaskAction -Execute 'calc.exe'; Set-ScheduledTask -TaskPath $_.TaskPath -TaskName $_.TaskName -Action $_.Actions } |
Technology | Rec. | Notes |
---|---|---|
Multi factor authentication | ||
LAPS | Win | |
Pass-the-hash | Win |
Link | Notes |
---|