Skip to content

Instantly share code, notes, and snippets.

View krmaxwell's full-sized avatar

Kyle Maxwell krmaxwell

459 followers · 166 following
View GitHub Profile
@krmaxwell
krmaxwell / Graph1.graphml
Created August 29, 2012 16:58
GraphML extracted from Maltego Casefile
<?xml version="1.1" encoding="UTF-8" standalone="no"?>
<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
<VersionInfo createdBy="Maltego CaseFile Community" subtitle="" version="1.0.1.2483"/>
<key for="graphml" id="d0" yfiles.type="resources"/>
<key for="port" id="d1" yfiles.type="portgraphics"/>
<key for="port" id="d2" yfiles.type="portgeometry"/>
<key for="port" id="d3" yfiles.type="portuserdata"/>
<key attr.name="MaltegoEntity" for="node" id="d4"/>
<key for="node" id="d5" yfiles.type="nodegraphics"/>
@krmaxwell
krmaxwell / output.xml
Created September 6, 2012 15:27
Maltego-CIF troubleshooting
When I run my test script (https://github.com/technoskald/maltegoxforms/blob/master/cif-maltego.py) against a test IP address, I get the appropriate JSON back from my API call and then use the MaltegoTransform.py library from Andrew MacPherson to create and return the entities. output.xml above shows the XML from the Debug tab in the Output pane, but the Transform Output tab says "Transform CIF lookup returned with 0 entities."
@krmaxwell
krmaxwell / parsing.py
Created September 20, 2012 15:25
Meta tags and BeautifulSoup
from bs4 import BeautifulSoup
soup = BeautifulSoup(response)
metatags = soup.find_all('meta',attrs={'name':'generator'})
for tag in metatags:
print tag
@krmaxwell
krmaxwell / gist:4588898
Created January 21, 2013 20:15
Syscan RE challenge
As a field, reverse engineering has undergone a rapid change in recent years:
a rise in importance and visibility has led to a rapidly growing community of
reverse engineers. More people are doing reverse engineering, better tools are
developed, and it has mutated from a "dark art" to an almost-mainstream
endeavor.
However, as the community grows, the most visible parts remain unchanged.
While there are female reverse engineers in the field, they are still under-
represented in absolute numbers and visibility of their work in conference
attendance and presentations.
@krmaxwell
krmaxwell / gist:4658123
Created January 28, 2013 19:05
Errors building pyv8
running build_py
running build_ext
building '_PyV8' extension
gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -DBOOST_PYTHON_STATIC_LIB -DV8_NATIVE_REGEXP -DENABLE_LOGGING_AND_PROFILING -DENABLE_VMSTATE_TRACKING -DENABLE_DEBUGGER_SUPPORT -DV8_FAST_TLS -DV8_TARGET_ARCH_X64 -I/opt/pyv8/build/v8/include -I/opt/pyv8/build/v8 -I/opt/pyv8/build/v8/src -I/usr/local/include -I/usr/include/python2.7 -c src/Utils.cpp -o build/temp.linux-x86_64-2.7/src/Utils.o -Wno-write-strings
cc1plus: warning: command line option ‘-Wstrict-prototypes’ is valid for Ada/C/ObjC but not for C++ [enabled by default]
gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -DBOOST_PYTHON_STATIC_LIB -DV8_NATIVE_REGEXP -DENABLE_LOGGING_AND_PROFILING -DENABLE_VMSTATE_TRACKING -DENABLE_DEBUGGER_SUPPORT -DV8_FAST_TLS -DV8_TARGET_ARCH_X64 -I/opt/pyv8/build/v8/include -I/opt/pyv8/build/v8 -I/opt/pyv8/build/v8/src -I/usr/local/include -I/usr/include/python2.7 -c src/Excepti
@krmaxwell
krmaxwell / code
Created March 27, 2013 03:21
Incident stuff for verisweet
incident={"incident_id": "incident_id", "confidence": "high", "notes": "analyst notes", "security_compromise": "confirmed", "source_id": "source_id", "summary": "summary test" }
incident['victim']=list()
incident['victim'].append(dict(country='usa',victim_id='somecorp', revenue=dict(amount=10,iso_currency_code='USD')))
@krmaxwell
krmaxwell / preprocessor_fun.h
Created August 15, 2013 21:11 — forked from aras-p/preprocessor_fun.h
// Just before switching jobs:
// Add one of these.
// Preferably into the same commit where you do a large merge.
//
// This started as a tweet with a joke of "C++ pro-tip: #define private public",
// and then it quickly escalated into more and more evil suggestions.
// I've tried to capture interesting suggestions here.
//
// Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_,
// @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant,
@krmaxwell
krmaxwell / gist:6373845
Created August 29, 2013 03:07
Statement from John Cornyn on NSA
Thank you for contacting me regarding the National Security Agency (NSA) and related intelligence activities of the U.S. government. I recognize the time and effort that you are dedicating to actively participate in the democratic process, and I appreciate that you and other concerned citizens have provided me the benefit of your comments on this important matter.
As you know, various laws provide law enforcement and intelligence officials with tools to investigate spies, terrorists, and foreign-based enemies of the United States. At the same time, the Fourth Amendment to our Constitution guarantees privacy by protecting our homes, persons, and property from unreasonable government searches and seizures. It is sometimes necessary to balance privacy interests against other important values, such as national security. Though these questions are often difficult, members of Congress must always respect and obey the Constitution.
Privacy is an essential part of the freedom that makes America great. It
@krmaxwell
krmaxwell / gist:6431994
Last active September 23, 2016 13:54
Hunting Trips: network traffic log analysis

originally written in Dec 2011, needs updating

Log analysis has always struck me as one of those things that gets too much superficial attention without enough attention to detail. That is, we know that we need to do it, but we don’t talk about how we need to do it. At best, we talk about making sure we collect and archive logs. Analysis plays second fiddle, even though in reality logs without analysis provide almost no value to an organization. And you’ll find greatest value in discovery of the earliest stages of an incident rather than in hindsight to understand what went wrong. Unfortunately, less than 1% of data breach investigations in the 2011 Verizon DBIR started with log analysis and review!

The analysis ideas I present below don’t even begin to represent a comprehensive view. And of course every network is different, so you will need to think about your specific needs. But this may get

@krmaxwell
krmaxwell / gist:6552931
Last active December 23, 2015 00:19
Statement from Pete Sessions on Syria

Thank you for contacting me regarding the recently reported mass casualty chemical weapons attack in Syria and President Obama's request for congressional authorization for a potential military strike on Syria. I appreciate you taking the time to share with me your thoughts on this very important issue.

Over the last two years, more than 100,000 people have died in a ruthless and complex civil war in Syria. The situation accelerated on August 21, when more than 1,400 people were killed by a chemical weapons attack perpetrated by Syrian forces loyal to President Bashar al-Assad in the rebel-controlled suburbs of Damascus. After this attack, the Obama Administration announced its desire to launch a limited and proportional strike on military targets in Syria in response.

The President and his Cabinet have the authority and responsibility to conduct foreign policy on behalf of the United States. Unfortunately, the policy approach taken by President Obama, former Secretary of State Hillary Clinton, and cu