Skip to content

Instantly share code, notes, and snippets.

View himynamesdave's full-sized avatar

David G himynamesdave

52 followers · 0 following
View GitHub Profile
@himynamesdave
himynamesdave / disarm-bundle.json
Created May 21, 2024 07:38
disarm-bundle.json
{
"type": "bundle",
"id": "bundle--0e62e126-f982-5be7-88d0-0d5366d37092",
"objects": [
{
"type": "x-mitre-tactic",
"spec_version": "2.1",
"id": "x-mitre-tactic--b977ad29-eb0c-5f09-bb2f-6d3f23e2a175",
"created_by_ref": "identity--8700e156-6ce9-5090-8589-f9d0aef7bdb7",
"created": "2024-03-13T00:00:00.000Z",
@himynamesdave
himynamesdave / attack-workbench-swagger.json
Created March 1, 2024 10:01
This file has been truncated, but you can view the full file.
{
"openapi": "3.0.3",
"info": {
"title": "ATT&CK Workbench REST API",
"version": "1.0.0"
},
"servers": [{
"url": "{protocol}://{hostname}:{port}/",
"variables": {
"protocol": {
@himynamesdave
himynamesdave / capec-attack-data.csv
Created January 24, 2024 09:38
capec-attack-data.csv
id count of objects containing this ref id attck id is linked to this many attck object expected SROs arango_cti_processor_products
T1001.002 1 T1001.002 1 1
T1003 1 T1003 2 2
T1005 4 T1005 2 8
T1007 1 T1007 2 2
T1012 1 T1012 2 2
T1014 1 T1014 2 2
T1016 1 T1016 2 2
T1018 1 T1018 2 2
T1021 1 T1021 1 1
@himynamesdave
himynamesdave / capec-attack-data.csv
Created January 23, 2024 14:09
capec-attack-data.csv
capec id count of objects containing this ref attck id is linked to this many attck object count expected SROs arango_cti_processor_products
T1001.002 1 T1001.002 1 1
T1003 1 T1003 2 2
T1005 4 T1005 2 8
T1007 1 T1007 2 2
T1012 1 T1012 2 2
T1014 1 T1014 2 2
T1016 1 T1016 2 2
T1018 1 T1018 2 2
T1021 1 T1021 1 1
@himynamesdave
himynamesdave / gist:e3245abb79fd6150ec96e3f5b05a6a89
Created December 29, 2023 11:35
{
"id": "10296991-439b-4202-90a3-e38812613ad5",
"name": "Signals Corps",
"description": "Just some demo content",
"created": "2022-05-24T14:00:00.188Z",
"modified": "2022-05-24T14:00:00.188000+00:00",
"collections": [
{
"id": "x-mitre-collection--402e24b4-436e-4936-b19b-2038648f90",
"created": "2022-05-24T14:00:00.188Z",
@himynamesdave
himynamesdave / bundle--2c73efd0-2b59-4234-b3dc-2961f4b2e8e6.json
Created December 29, 2023 11:33
{
"type": "bundle",
"id": "bundle--2c73efd0-2b59-4234-b3dc-2961f4b2e8e6",
"objects": [
{
"x_mitre_domains": [],
"object_marking_refs": [],
"type": "x-mitre-collection",
"id": "x-mitre-collection--e302a053-8f05-4992-8b11-3432b8894600",
"created": "2022-07-02T14:59:30.565Z",
@himynamesdave
himynamesdave / example-long-pattern-fix.py
Last active October 25, 2023 16:09
import sys
from stix2patterns.validator import run_validator
sys.setrecursionlimit(1500)
pattern = "([(software:cpe='cpe:2.3:o:hp:futuresmart_5:*:*:*:*:*:*:*:*') AND (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_49k98a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_6qn28a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_49l00a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_4y280a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_58m42a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_6qn33a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_49l00a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_4y280a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_58m42a:-:*:*:*:*:*:*:*') OR (software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_6qn33a:-:*:*:
@himynamesdave
himynamesdave / example-long-pattern.py
Created October 25, 2023 15:47
from stix2patterns.validator import run_validator
pattern = "[software:cpe='cpe:2.3:o:hp:futuresmart_5:*:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_49k98a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_5700_6qn28a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_49l00a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_4y280a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_58m42a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6700_6qn33a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_49l00a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_4y280a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_58m42a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:color_laserjet_enterprise_6701_6qn33a:-:*:*:*:*:*:*:*'] OR [software:cpe='cpe:2.3:h:hp:c
@himynamesdave
himynamesdave / APT28-Center-of-Storm-2017.txt
Created June 17, 2023 14:29
FIREEYE ISIGHT INTELLIGENCE
APT28:
AT THE CENTER
OF THE STORIE
RUSSIA STRATEGICALLY EVOLVES
ITS CYBER OPERATIONS :
SPECIAL REPORT / JANUARY 2017
@himynamesdave
himynamesdave / GS028542-exif.xml
Created November 22, 2022 11:07
This file has been truncated, but you can view the full file.
<?xml version='1.0' encoding='UTF-8'?>
<rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
<rdf:Description rdf:about='GS028542.mp4'
xmlns:et='http://ns.exiftool.org/1.0/' et:toolkit='Image::ExifTool 12.36'
xmlns:ExifTool='http://ns.exiftool.org/ExifTool/1.0/'
xmlns:System='http://ns.exiftool.org/File/System/1.0/'
xmlns:File='http://ns.exiftool.org/File/1.0/'
xmlns:QuickTime='http://ns.exiftool.org/QuickTime/QuickTime/1.0/'
xmlns:Track1='http://ns.exiftool.org/QuickTime/Track1/1.0/'