Skip to content

Instantly share code, notes, and snippets.

Russ McRee holisticinfosec

Block or report user

Report or block holisticinfosec

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@holisticinfosec
holisticinfosec / WaitList.dat.ps1
Created Sep 19, 2018
Barnaby Skeggs's WaitList.dat PowerShell enumerator
View WaitList.dat.ps1
Stop-Process -name "SearchIndexer" -force;Start-Sleep -m 500;Select-String -Path $env:USERPROFILE\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat -Encoding unicode -Pattern "password"
@holisticinfosec
holisticinfosec / Decomposition_Anomalized_Downloads.R
Last active Jun 3, 2018
Decomposition of Anomalized SERVER-549521 Downloads
View Decomposition_Anomalized_Downloads.R
# Created from Anomalize project, Matt Dancho
# https://github.com/business-science/anomalize
security_access_logs %>%
filter(server == "SERVER549521") %>%
ungroup() %>%
time_decompose(count) %>%
anomalize(remainder) %>%
plot_anomaly_decomposition() +
labs(title = "Decomposition of Anomalized SERVER-549521 Downloads")
@holisticinfosec
holisticinfosec / SERVER-549521_Anomalies_STL+IQR.R
Last active Jun 3, 2018
SERVER-549521 Anomalies STL + IQR Methods
View SERVER-549521_Anomalies_STL+IQR.R
# Created from Anomalize project, Matt Dancho
# https://github.com/business-science/anomalize
SERVER549521 %>%
# STL + IQR Anomaly Detection
time_decompose(count, method = "stl", trend = "4 months") %>%
anomalize(remainder, method = "iqr") %>%
time_recompose() %>%
# Anomaly Visualization
plot_anomalies(time_recomposed = TRUE) +
labs(title = "SERVER-549521 Anomalies", subtitle = "STL + IQR Methods")
@holisticinfosec
holisticinfosec / SERVER-549521_Anomalies_Twitter+GESD.R
Last active Jun 16, 2018
SERVER-549521 Anomalies Twitter + GESD Methods
View SERVER-549521_Anomalies_Twitter+GESD.R
# Created from Anomalize project, Matt Dancho
# https://github.com/business-science/anomalize
# Get only SERVER549521 access
SERVER549521 <- security_access_logs %>%
filter(server == "SERVER-549521") %>%
ungroup()
# Anomalize!!
SERVER549521 %>%
# Twitter + GESD
time_decompose(count, method = "twitter", trend = "4 months") %>%
View Security_Event_Log_Anomalies.R
# Created from Anomalize project, Matt Dancho
# https://github.com/business-science/anomalize
security_access_logs %>%
# Data Manipulation / Anomaly Detection
time_decompose(count, method = "stl") %>%
anomalize(remainder, method = "iqr") %>%
time_recompose() %>%
# Anomaly Visualization
plot_anomalies(time_recomposed = TRUE, ncol = 3, alpha_dots = 0.25) +
labs(title = "Security Event Log Anomalies", subtitle = "STL + IQR Methods")
@holisticinfosec
holisticinfosec / Server_Logon_Counts.R
Last active Jun 3, 2018
Server Logon Counts - Anomalize
View Server_Logon_Counts.R
# Created from Anomalize project, Matt Dancho
# https://github.com/business-science/anomalize
library(tidyverse)
library(anomalize)
security_access_logs %>%
ggplot(aes(date, count)) +
geom_point(color = "#2c3e50", alpha = 0.25) +
facet_wrap(~ server, scale = "free_y", ncol = 3) +
theme_minimal() +
theme(axis.text.x = element_text(angle = 30, hjust = 1)) +
View Security_Access_Logs_Function.R
# Created from Anomalize project, Matt Dancho
# https://github.com/business-science/anomalize
library(dplyr)
library(tibbletime)
setwd("C:/coding/R/anomalize/")
logs <- read_csv("log.csv")
security_access_logs <- logs %>%
group_by(server) %>%
as_tbl_time(date)
security_access_logs
View keybase.md

Keybase proof

I hereby claim:

  • I am holisticinfosec on github.
  • I am holisticinfosec (https://keybase.io/holisticinfosec) on keybase.
  • I have a public key ASAc1t0PISb-ZngqpjZbc97zLn6ThDLJZjGdRHLt6l3QCgo

To claim this, I am signing this object:

You can’t perform that action at this time.