I hereby claim:
To claim this, I am signing this object:
| --- | |
| url: bolt://localhost:7687 | |
| username: neo4j | |
| password: trevorforget |
| --- | |
| regimes: | |
| - name: 'meetup' | |
| description: 'meetup regime' | |
| document: | |
| source: '' | |
| parsable: 'data/regimes/private/meetup.tsv' | |
| baseline: | |
| regime_name: 'meetup' | |
| baseline_name: 'meetup baseline' |
| Count SORT ID Family ID Control Name Description Parameters Guidance FedRAMP Parameter | |
| 1 AC-01 ACCESS CONTROL AC-1 ACCESS CONTROL POLICY AND PROCEDURES The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the access control policy and associated access controls; and b. Reviews and updates the current: 1. Access control policy [Assignment: organization-defined frequency]; and 2. Access control procedures [Assignment: organization-defined frequency]. Supplemental Guidance: This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the AC family. Policy and procedures reflect applicable federal laws, Executive Orders, dir |
| #!/usr/bin/env python | |
| import json | |
| import os | |
| import sys | |
| from elasticsearch import Elasticsearch | |
| def main(argv): |
| #!/usr/bin/env python3 | |
| import numpy as np | |
| import scipy.stats as stats | |
| import sys | |
| import pylab as pl | |
| # to make afCc.txt | |
| # find ctl-results/fedora/27 -type f -exec grep afCc {} \; | grep -v null | awk '{print $2}' | sed -e 's/,$//' > afCc.txt |
Following reproduced verbatim from Mudge and Sarah Zatko's [Def Con 24 presentation][0].
| Value | Static Analysis Feature |
|---|---|
| -5 | No 64 bit version of application available |
| -20 | Each missing application armoring feature. This includes ASLR, DEP, Heap Protection, and Stack Guards. |
| -5 | Source code is not fortified at all. |
| +5 | Source code is entirely fortified. If source was a mix of fortified and unfortified functions, then source did not change at all. |
| -25 | Ick functions are present in the code. |
| -15 | Bad functions are present in the code. If there are only randomness functions in this category, such as rand or srand, then the penalty is 7.5 instead. |
| $ r2 /home/jason/.config/google-chrome/Default/Extensions/fahmaaghhglfmonjliepjlchgpgfmobi/1.381.0_0/_platform_specific/x86-64/libid3lib.so | |
| -- Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command. | |
| [0x0000b080]> aa | |
| [Cannot find function 'entry0' at 0x0000b080 entry0 (aa) | |
| [x] Analyze all flags starting with sym. and entry0 (aa) | |
| [0x0000b080]> afl | |
| [0x0000b080]> v | |
| [0x0000b080 4% 1456 /home/jason/.config/google-chrome/Default/Extensions/fahmaa | |
| - offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF comment | |
| 0x0000b080 ffff ffff ffff ffff ffff ffff ffff ffff ................ ; section 3 va=0x0000b080 pa=0x0001b080 sz=348032 vsz=348032 rwx=--r-x .text |
| #!/bin/python | |
| import boto.ec2 | |
| whitelist = ["id1", "id2", "id3"] | |
| conn = boto.ec2.connect_to_region("us-east-1", | |
| aws_access_key_id="redacted", | |
| aws_secret_access_key="redacted") |
| import time | |
| from github import Github | |
| # We have pre-fab issues in my_issues.py that I generated from the spreadsheet. | |
| # TODO: make this automatic | |
| from my_issues import * | |
| ''' | |
| my_issues.py example: | |
| i = {} |