Skip to content

Instantly share code, notes, and snippets.

View jermdw's full-sized avatar
😺

jermdw jermdw

😺
33 followers · 147 following
View GitHub Profile
@jermdw
jermdw / tanium_hunting_questions.md
Last active January 2, 2024 18:50
Tanium Hunting Questions

Tanium Hunting Questions

Initial Infection

New Scripts in Webroot Paths

Get "Trace File Operations[unlimited, 1488479715768|1488483314768, 1, 0, 0, 10, .*\\wwwroot\\.*\.(asp|aspx|cfm|jsp|php), CreateNewFile, , , ]" from all machines
@jermdw
jermdw / b64_2_pcap.py
Created January 9, 2018 18:30
Convert Base64 encoded packet capture from Suricata IDS into a binary PCAP file for analysis.
#!/usr/bin/env python2
import base64, struct, sys
if len(sys.argv) > 1:
try:
binary = base64.decodestring(sys.argv[1])
#File header
sys.stdout.write(struct.pack("IHHIIII",
0xa1b2c3d4, # Magic
@jermdw
jermdw / sysctl.conf
Created December 21, 2017 00:59
Hardened /etc/sysctl.conf
# Enable syn flood protection
net.ipv4.tcp_syncookies = 1
# Ignore source-routed packets
net.ipv4.conf.all.accept_source_route = 0
# Ignore source-routed packets
net.ipv4.conf.default.accept_source_route = 0
# Ignore ICMP redirects
@jermdw
jermdw / file_types.php
Created October 14, 2017 18:00 — forked from xeoncross/file_types.php
<?php
$compressed = array(
".0" => "Hacha Split Archive File",
".000" => "DoubleSpace Compressed File",
".7z" => "7-Zip Compressed File",
".7z.001" => "7-Zip Split Archive Part 1 File",
".7z.002" => "7-Zip Split Archive Part 2 File",
".a00" => "ALZip Second Split Archive File",
".a01" => "ALZip Third Split Archive File",
@jermdw
jermdw / install_sift.sh
Created January 25, 2018 03:41
Install SIFT Workstation Tools
#!/usr/bin/env bash
# Install SIFT Workstation Tools - tested to work on Ubuntu 16.04
# j3rmbadger
# Snag the binaries - https://github.com/sans-dfir/sift-cli
wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux
wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux.sha256.asc1
# Validate signature file
gpg --keyserver pgp.mit.edu --recv-keys 22598A94
@jermdw
jermdw / docker-compose.yml
Created October 31, 2018 01:50
Nextcloud Docker Compose manifest
version: '2'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
restart: always
@jermdw
jermdw / checker.json
Created October 30, 2018 03:23
Checker JSON Configuration
{
"checkers": [{
"type": "http",
"endpoint_name": "Website",
"endpoint_url": "http://www.example.com",
"attempts": 5
}],
"storage": {
"provider": "s3",
"access_key_id": "<yours>",
@jermdw
jermdw / install_docker.ps1
Last active September 4, 2018 00:43
Install Docker on Windows
Invoke-WebRequest
-UseBasicParsing
-Method GET
-Uri "https://master.dockerproject.org/windows/x86_64/docker.zip"
-OutFile "$env:TEMP\docker.zip"
Expand-Archive -Path "$env:TEMP\docker.zip"
-DestinationPath $env:ProgramFiles
$env:path += ";c:\program files\docker"
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";
C:\Program Files\Docker", [EnvironmentVariableTarget]::Machine)
@jermdw
jermdw / join_domain.ps1
Created August 28, 2018 14:45
Join AD Domain
# Join AD Domain Powershell Script
# j3rmbadger
Add-computer –domainname lab.local -Credential LAB1\netsecadmin -restart –force
@jermdw
jermdw / 10-static-en.network
Last active August 26, 2018 17:01
Photon-OS Static IP Configuration
cat > /etc/systemd/network/10-static-en.network << "EOF"
[Match]
Name=eth0
[Network]
Address=192.168.1.12/24
Gateway=192.168.1.1
DNS=192.168.1.5
EOF