Jeff Geiger jeffgeiger

## local-mirrors.repo
# Add this file to /etc/yum.repos.d/local-mirrors.repo
# Change the IP below accordingly

[mirror-base]
name=Base mirror
baseurl=http://192.168.100.10/base
enabled=1
cost=500
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

## quick-zeek-container
If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".

# Fire up the Docker container, mapping the directory with your pcap
## If pcap in your current directory
docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
## If pcap is somewhere else
docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash

# If you have to build your own for some reason
# This can be skipped if the `docker run...` worked above

## rock_hardware.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                seven62
                / rock_hardware.md
            
            
              Last active
              February 14, 2020 08:51
                — forked from dcode/rock_hardware.adoc
            
          
    ROCK Sensor Hardware Options

This document is a list of hardware that has been used for development and home use as a ROCK sensor. The first option would be to repurpose a machine if possible (minimum specs below). If your budget permits you can build a powerful system in a small form factor for under $1000.
Some of the more important aspects to look for are IPMI for baremetal remote management, dual Intel NICs, quiet, and relatively low-power. You don't want to have to wear hearing protection while sitting next to your infrastructure.
Sensor Hardware Options

Repurposed Hardware


## create_users.ps1
Import-Module ActiveDirectory

$password = (Read-Host  -AsSecureString "AccountPassword")
$users = import-csv ".\users.csv"

foreach ($user in $users){
    New-ADUser `
    -SamAccountName ($user.GivenName + "." + $user.Surname).ToLower() `
    -UserPrincipalName (($user.GivenName + "." + $user.Surname).ToLower() + "@" + $env:USERDNSDOMAIN) `
    -DisplayName ($user.GivenName + " " + $user.Surname) `

## rock_hardware.adoc

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              5 stars
            
          
                dcode
                / rock_hardware.adoc
            
            
              Last active
              July 31, 2019 04:41
            
          
    ROCK Sensor Parts List


Below is the hardware I use for development and home use of my ROCK sensor. It’s an extremely powerful system in a small form factor, under $1000. The most important aspects to me were that I wanted IPMI for baremetal remote management, dual Intel NICs, quiet, and relatively low-power. I sit by this thing and work everyday and don’t want to wear hearing protection while I write code.


The prices reflect what I paid for them in March 2016. No doubt the prices will have changed and newer, better stuff is probably available. Things like RAM and SSDs go on sale all the time, so look for that if you’re a bargain shopper.


Sensor Hardware


Case

Antec ISK 300-150 Black Mini-ITX Desktop Computer Case 150 Watt Power Supply - $70.70

RAM

https://www.amazon.com/gp/product/B015YPB1NK/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1[CRUCIAL TECHNOLOGY 16GBx2 32GB Kit, DDR4 2133 MT/s DIMM 288 (CT2K16G4D


## Petya_ransomware.md

      
              1 file
            
          
              46 forks
            
          
              42 comments
            
          
              209 stars
            
          
                vulnersCom
                / Petya_ransomware.md
            
            
              Last active
              July 6, 2023 19:30
            
          
    #petya #petrWrap #notPetya

Win32/Diskcoder.Petya.C

Ransomware attack.

About

This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners.
We are grateful for the help of all those who sent us the data, links and information.
Together we can make this world a better place!
Gist updates


## slackmoji-voodoo.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              3 stars
            
          
                bndabbs
                / slackmoji-voodoo.md
            
            
              Last active
              June 13, 2020 14:09
            
          
    Grab the main page with all the links:

curl https://slackmojis.com/ > emoji
Open file in vim and run the following commands:
v/src=/d
%s/^.*https:/https:/g"
%s/?.*$//g


## ROCKNSM-BETA0.adoc

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              1 star
            
          
                dcode
                / ROCKNSM-BETA0.adoc
            
            
              Created
              December 14, 2016 05:32
            
          
    ROCK NSM Beta 0 Notes


## anonymous
#!/bin/bash

#
# Raspberry Pi3 - CentOS 7 - Wi-Fi configuration
#

# Usage: ./wifi-setup.sh [SSID] [PSK]

if [ -z "$1" ]; then
    echo "Enter WAP SSID:";

## 01-migrate-bro-data.sh
# Move index names from bro-YYYY.MM.DD to bro-v1-YYYY.MM.DD
for item in $(curl -s -n  -XGET localhost:9200/_cat/indices | awk '/bro-/ { split($3,a,"-"); print a[2] }'); do
cat <<EOF | curl -s -n -XPOST localhost:9200/_reindex -d @- >/dev/null
{ "source": {"index": "bro-${item}"}, "dest": {"index": "bro.v1-${item}"} }
EOF
echo -e "\nCloned data from bro-${item} to bro.v1-${item}"
done
	# Add this file to /etc/yum.repos.d/local-mirrors.repo
	# Change the IP below accordingly

	[mirror-base]
	name=Base mirror
	baseurl=http://192.168.100.10/base
	enabled=1
	cost=500
	gpgcheck=1
	gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
	If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".

	# Fire up the Docker container, mapping the directory with your pcap
	## If pcap in your current directory
	docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
	## If pcap is somewhere else
	docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash

	# If you have to build your own for some reason
	# This can be skipped if the `docker run...` worked above
	Import-Module ActiveDirectory

	$password = (Read-Host -AsSecureString "AccountPassword")
	$users = import-csv ".\users.csv"

	foreach ($user in $users){
	New-ADUser `
	-SamAccountName ($user.GivenName + "." + $user.Surname).ToLower() `
	-UserPrincipalName (($user.GivenName + "." + $user.Surname).ToLower() + "@" + $env:USERDNSDOMAIN) `
	-DisplayName ($user.GivenName + " " + $user.Surname) `
	#!/bin/bash

	#
	# Raspberry Pi3 - CentOS 7 - Wi-Fi configuration
	#

	# Usage: ./wifi-setup.sh [SSID] [PSK]

	if [ -z "$1" ]; then
	echo "Enter WAP SSID:";
	# Move index names from bro-YYYY.MM.DD to bro-v1-YYYY.MM.DD
	for item in $(curl -s -n -XGET localhost:9200/_cat/indices \| awk '/bro-/ { split($3,a,"-"); print a[2] }'); do
	cat <<EOF \| curl -s -n -XPOST localhost:9200/_reindex -d @- >/dev/null
	{ "source": {"index": "bro-${item}"}, "dest": {"index": "bro.v1-${item}"} }
	EOF
	echo -e "\nCloned data from bro-${item} to bro.v1-${item}"
	done