Skip to content

Instantly share code, notes, and snippets.

View jfstenuit's full-sized avatar

jfstenuit

1 follower · 0 following
View GitHub Profile
@jfstenuit
jfstenuit / test-ms365-sasl.md
Created March 20, 2024 16:14
Test MS365 SASL authenticated SMTP sending from linux

In order to troubleshoot the low-level communication of sending e-mail through Exchange Online using SASL authenticated SMTP, you can user this script :

#!/usr/bin/perl

use strict;
use warnings;
use Net::SMTP;
use Authen::SASL;
@jfstenuit
jfstenuit / easy-opendkim.md
Created August 2, 2023 07:40
Easily add domains to OpenDKIM

Configure a new domain in OpenDKIM

#!/bin/bash

DOMAIN="$1"
SELECTOR="mail"

if [ -z "${DOMAIN}" ]; then
 echo "Usage: $0 domain.name"
@jfstenuit
jfstenuit / headless-kvm-notes.md
Last active February 3, 2023 08:05
Quick reference for KVM on headless linux 
apt install qemu-kvm libvirt-daemon-system libvirt-clients virtinst cpu-checker libguestfs-tools libosinfo-bin
virsh console deb-elastic
virsh destroy <name>
virsh domifaddr <name>
virsh dominfo <name>
virsh dumpxml <name> | grep "mac address" | awk -F\' '{ print $2}'
@jfstenuit
jfstenuit / iisfilebeat.md
Created July 27, 2022 07:09
Configuring Filebeat to ship IIS logs
@jfstenuit
jfstenuit / simple-netfilter-ulogd-mysql.md
Last active March 18, 2022 13:07
Simple Netfilter MySQL logging via ulogd

In the netfilter configuration

    chain forward {
            type filter hook forward priority filter; policy accept;
            log prefix "FORWARD" group 0
    }

The Group ID is important and is used in ulogd2 config below

Ulogd2 configuration

@jfstenuit
jfstenuit / threathunting.md
Last active April 5, 2022 06:22
Threat hunting shortcuts
@jfstenuit
jfstenuit / depack javascript.md
Last active November 23, 2021 15:03
How to unpack/unobfuscate <script>eval(function(p,a,c,k,e,d) ...

So you have an HTML file that starts with <script>eval(function(p,a,c,k,e,d) ...

This is quite heasy to de-obfuscate

Just replace the <script>eval( part with the following HTML code :

<!DOCTYPE html>
<html>
<head><title>debug</title>
@jfstenuit
jfstenuit / dynIpOpenVpnServer.md
Last active June 23, 2021 14:44
OpenVPN server on a machine with a dynamic IP

The need

You want to run an OpenVPN server on a debian-like system with a dynamic IP address (f.i. behind a consumer cable modem access)

The problem

You need to provide a fixed IP address in the openvpn configuration

The solution

Ensure the OpenVPN configuration is updated with each IP address change and reload the server

In order to run an application upon IP address change, you need to create a hook inside /etc/dhcp/dhclient-exit-hooks.d .

@jfstenuit
jfstenuit / nginx_rtmp_reference.md
Last active May 16, 2021 11:10
NginX RTMP reference

Core

rtmp

syntax: rtmp { … }

context: root

The block which holds all RTMP settings

server

@jfstenuit
jfstenuit / Plaso forensics on Debian.md
Last active October 27, 2020 08:48
Plaso forensics on Debian Buster

The need

You need to extract a timeline from NTFS MFT and UserJrnl from a disk image on your standard linux workstation

The issue

Either the tools are outdated (analyseMFT, log2timeline.pl, ...), or the up-to-date tools are not compatible with the python libraries installed by default on Debian.

The solution