I hereby claim:
- I am hiddenillusion on github.
- I am hiddenillusion (https://keybase.io/hiddenillusion) on keybase.
- I have a public key ASBDr5lF1rd1Ps8NbvLezlVDTljkbtFSEFcw3fgTeYU6iQo
To claim this, I am signing this object:
Glenn hiddenillusion
hiddenillusion
/ order_rule.yara
Created
September 25, 2017 23:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule mutex_before_file | |
| { | |
| strings: | |
| $sA = "bad.gcc" nocase | |
| $sZ = "mutex" nocase | |
| condition: | |
| (@sZ[1] < @sA[1]) | |
| } |
hiddenillusion
/ keybase.md
Created
September 21, 2017 12:11
hiddenillusion
/ BreakingBad_Docker.md
Last active
June 27, 2020 09:31
| What | Notes | Linkage |
|---|---|---|
| Clair scanner | Docker containers vulnerability scan | https://github.com/arminc/clair-scanner |
| docksan | A security vulnerability and audit scanner for Docker installations | https://github.com/kost/dockscan |
What | Where | Notes
hiddenillusion
/ intel_reqs.md
Last active
June 27, 2020 10:06
| Intel Type | Enrichment | Source |
|---|---|---|
| Virus Total | ||
| PassiveTotal | ||
| DomainTools | ||
| WhoIs | ||
| GeoIP | ||
| Shadow Server | ||
| Tor exit nodes | ||
| VPN |
hiddenillusion
/ Travel_Securely.md
Last active
June 27, 2020 10:08
hiddenillusion
/ timesketch_query.py
Last active
May 29, 2019 10:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # created by Glenn P. Edwards Jr. | |
| # https://hiddenillusion.github.io | |
| # @hiddenillusion | |
| # Date: 2017-07-08 | |
| # (while at FireEye) | |
| import cmd | |
| import os |
hiddenillusion
/ TimesketchQuery.md
Created
July 12, 2017 19:30
python timesketch_query.py
This utility leverages the Timesketch API/Client to interact with one's instance in various ways.
Most commands (show_*|get_*) require a Sketch ID so the best command to start with is `list_sketches` .
(tsq) help
TimesketchQuery commands
========================
hiddenillusion
/ schtaskmod.ps1
Created
June 7, 2017 12:15
— forked from mubix/schtaskmod.ps1
Modify Scheduled Task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-ScheduledTask -TaskName 'XblGameSaveTaskLogon' | % { $_.Actions += New-ScheduledTaskAction -Execute 'calc.exe'; Set-ScheduledTask -TaskPath $_.TaskPath -TaskName $_.TaskName -Action $_.Actions } |
hiddenillusion
/ Useful_recommendations.md
Last active
June 27, 2020 10:09
| Technology | Rec. | Notes |
|---|---|---|
| Multi factor authentication | ||
| LAPS | Win | |
| Pass-the-hash | Win |
| Link | Notes |
|---|
hiddenillusion
/ BreakingBad_Linux.md
Last active
August 23, 2017 15:28