A short survey of log collection options and why you picked the wrong one. 😜
I'm Steve Coffman and I work at Ithaka. We do JStor (academic journals) and other stuff. How big is it?
| Number | what it means |
|---|---|
| 101,332,633 | unique visitors in 2017 |
StevenACoffman
/ fluent-filebeat-comparison.md
Last active
April 2, 2024 22:34
Fluentd Fluent-bit FileBeat memory and cpu resources
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req -keyout privkey.pem | |
| openssl rsa -in privkey.pem -passin pass:abcd -out server.key | |
| openssl req -x509 -in server.req -text -key server.key -out server.crt | |
| chmod 600 server.key | |
| test $(uname -s) = Linux && chown 70 server.key | |
| docker run -d --name postgres -e POSTGRES_HOST_AUTH_METHOD=trust -v "$(pwd)/server.crt:/var/lib/postgresql/server.crt:ro" -v "$(pwd)/server.key:/var/lib/postgresql/server.key:ro" postgres:12-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key |
EdOverflow
/ github_bugbountyhunting.md
Last active
June 23, 2024 20:29
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
StevenACoffman
/ _MicroService Proxy Gateway Solutions.md
Last active
July 15, 2024 05:12
Microservice Proxy/Gateway Solutions
Kong, Traefik, Caddy, Linkerd, Fabio, Vulcand, and Netflix Zuul seem to be the most common in microservice proxy/gateway solutions. Kubernetes Ingress is often a simple Ngnix, which is difficult to separate the popularity from other things.
This is just a picture of this link from March 2, 2019
Originally, I had included some other solution
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
March 10, 2024 11:03
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
paragonie-scott
/ jose-security.md
Last active
June 12, 2020 11:32
Suggestions for a Secure JOSE Alternative (or Protocol Upgrade)
Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.
simonw
/ recover_source_code.md
Last active
June 21, 2024 00:11
How to recover lost Python source code if it's still resident in-memory
I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6
apt-get update && apt-get install gdb
mattifestation
/ CertificateSubjectToPEGrouping.ps1
Created
December 25, 2016 16:04
Can you trust everything that's signed on your host? This might help you begin to answer that question.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get-SystemDriver requires the ConfigCI module on Win10 Enterprise | |
| # This will collect all signer information for all PEs in C:\ | |
| # This will take a while!!! | |
| $Signers = Get-SystemDriver -ScanPath C:\ -UserPEs | |
| # Associate the subject name of each certificate to the file/signer info | |
| # so we can correlate the two. | |
| $CertSubjectMapping = $Signers | % { | |
| $Signer = $_ |
anonymous
/ gist:d0da355e5c21a122866808d37234cd5d
Created
October 23, 2016 00:12
PowerShell malware [posted by @JohnLaTwC]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //sample: 1554e74b935a61d446cb634f80d7d1e200e864bc | |
| //posted by @JohnLaTwC | |
| // Also see research by Sudeep Singh, Yin Hong Chang @ https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html | |
| ----------------------------------------------- macro ---------------------------------- | |
| Private Sub Workbook_Open() | |
| Call doom_Init | |
| Call doom_ShowHideSheets | |
| End Sub |
NewerOlder