Josh joshnck

## Cyber-Audiobooks.md

      
              1 file
            
          
              1 fork
            
          
                0 comments
              
            
              2 stars
            
          
                joshnck
                / Cyber-Audiobooks.md
            
            
              Last active
              November 26, 2024 15:54
            
          
    Rating System:

| 😡 - Awful | 😠 - Bad | 😐 - Fine | 😃 - Good | 😁 - Exceptional |
---------------------------------------------------------------------------------------------------------------

books listed in chronological order from last read to first read

😐 - Surveillance State - Josh Chin, Liza Lin
😁 - Dark Wire - Joseph Cox
😁 - Means of Control - Byron Tau
😃 - Surveillance Valley - Yasha Levine
😃 - The Ransomware Hunting Team - Renee Dudley and Daniel Golden
😠 - CRACK99 - David Locke Hall


## Regex_Capstone
There comes a time in every engineer's life when they ask themselves "should I use regex for this?". As often as possible, I try to answer that question with "no" and sometimes "No! Absolutely not!". Today is one of those days where I went against my better judgement, and attempted to parse Sysmon logs using Regex instead of just using the built-in `Splunk for Windows` app.

The Data:
```
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Sysmon' Guid='{5770385f-c22a-43e0-bf4c-06f5698ffbd9}'/><EventID>1</EventID><Version>5</Version><Level>4</Level><Task>1</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2023-07-04T00:32:35.4466929Z'/><EventRecordID>6695055</EventRecordID><Correlation/><Execution ProcessID='4528' ThreadID='5312'/><Channel>Microsoft-Windows-Sysmon/Operational</Channel><Computer>HillarysEmails</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='RuleName'>-</Data><Data Name='UtcTi
	There comes a time in every engineer's life when they ask themselves "should I use regex for this?". As often as possible, I try to answer that question with "no" and sometimes "No! Absolutely not!". Today is one of those days where I went against my better judgement, and attempted to parse Sysmon logs using Regex instead of just using the built-in `Splunk for Windows` app.

	The Data:
	```
	<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Sysmon' Guid='{5770385f-c22a-43e0-bf4c-06f5698ffbd9}'/><EventID>1</EventID><Version>5</Version><Level>4</Level><Task>1</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2023-07-04T00:32:35.4466929Z'/><EventRecordID>6695055</EventRecordID><Correlation/><Execution ProcessID='4528' ThreadID='5312'/><Channel>Microsoft-Windows-Sysmon/Operational</Channel><Computer>HillarysEmails</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='RuleName'>-</Data><Data Name='UtcTi