Luis luis261

## retry_main.py
def decorate_msg(msg, width, str_fmtmeth):
    msg = "[" + msg + "]" if str_fmtmeth is None else f"[{getattr(str, str_fmtmeth)(msg)}]"
    return msg.center(width, "*")

def emit_sectioned_stdout(
    *msg_payloads,
    header="attention", footer="", fmt_meth="upper", width=70,
    **print_kwargs
):
    print(decorate_msg(header, width, fmt_meth))

## print_response_request.py
def emit_debug_info(response):
    print(f"The response was caused by requesting {response.request.url} with HTTP method {response.request.method}")
    print(f"These were your headers: {response.request.headers}")
    print("Below comes the body:")
    print(response.request.body)
    print("-" * 50)

## dir_observer.py
import hashlib
import os
import shutil
import warnings


# some useful defaults
diff_hash = lambda bytez : hashlib.md5(bytez, usedforsecurity=False).hexdigest()
diff_size = lambda bytez : str(len(bytez))

## __init__.py
from .common import VHandlingError as ValHandlingError
from .boundary import VHandlingIn as ValHandlingInterface
from .core import EnhancedDictFactory
from .proto_factory import ProtoFactory


__all__ = [
    "ValHandlingInterface",
    EnhancedDictFactory.__name__
]

## extract_between.py
def extract_between(src: str, start_delim: str, end_delim=None, fallback=None) -> str:
    if end_delim is not None and src.count(start_delim) != src.count(end_delim):
        raise ValueError("Unbalanced delimiters detected: \"" + src + "\"")
    if src.count(start_delim) > 2 or src.count(start_delim) > 1 and (start_delim != end_delim):
        raise ValueError("Duplicate delimiters detected: \"" + src + "\"")

    delimit_front = lambda x : x[x.index(start_delim)+1:]
    try:
        if end_delim is None:
            return delimit_front(src)

## spherical_metric_discrepancy_example.ipynb

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                luis261
                / spherical_metric_discrepancy_example.ipynb
            
            
              Last active
              March 23, 2024 21:16
            
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## cautious_auth_preserver.py
import requests
import warnings


class AuthPreservingSession(requests.Session):
    trusted_host = requests.utils.urlparse("https://your.api.could.go.here").hostname

    def rebuild_auth(self, prepared_request, response):
        target_host = requests.utils.urlparse(prepared_request.url).hostname
        if target_host is None or not target_host.endswith(self.trusted_host):

## splunk_es_search_collection.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                luis261
                / splunk_es_search_collection.md
            
            
              Last active
              June 4, 2024 12:27
            
              
                A handful of SPL snippets I've accumulated to help with analyses 🔬 in Splunk Enterprise Security. I tried to keep the assumptions a given search makes about the environment to a minimum to ensure general applicability.
              
          
    Important
The 2/3 meta notable event searches below are mainly meant to prevent duplicate analyst work. If they come back without results for a given input, that doesn't mean the value you searched for is "clean", since it doesn't have associated events (e.g. when filtering for a hash/E-Mail address/company asset/external host/user etc). It just means that there aren't any investigation steps that you might consider skipping to avoid duplicated effort because there already exists an associated verdict history. There might still have been other, possibly malicious events in the notable index, that have not (yet) been reviewed/triaged for actual investigation by an analyst. Such events wouldn't show up here since we're filtering for output that is useful for our investigation by providing additional context via past analyst comments. Instead, no events showing up perhaps should be a flag for you to perform your investigation with extra diligence, since your working with an occurence not observed/anal


## describe_kerberos_ticket_options.py
# examples and descriptions taken from: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768

# put the options you want described in here
option_inquiries = [
    "0x40810010",
    "0x40810000",
    "0x60810010"
]

descriptions = [
	def decorate_msg(msg, width, str_fmtmeth):
	msg = "[" + msg + "]" if str_fmtmeth is None else f"[{getattr(str, str_fmtmeth)(msg)}]"
	return msg.center(width, "*")

	def emit_sectioned_stdout(
	*msg_payloads,
	header="attention", footer="", fmt_meth="upper", width=70,
	**print_kwargs
	):
	print(decorate_msg(header, width, fmt_meth))
	def emit_debug_info(response):
	print(f"The response was caused by requesting {response.request.url} with HTTP method {response.request.method}")
	print(f"These were your headers: {response.request.headers}")
	print("Below comes the body:")
	print(response.request.body)
	print("-" * 50)
	import hashlib
	import os
	import shutil
	import warnings


	# some useful defaults
	diff_hash = lambda bytez : hashlib.md5(bytez, usedforsecurity=False).hexdigest()
	diff_size = lambda bytez : str(len(bytez))
	from .common import VHandlingError as ValHandlingError
	from .boundary import VHandlingIn as ValHandlingInterface
	from .core import EnhancedDictFactory
	from .proto_factory import ProtoFactory


	__all__ = [
	"ValHandlingInterface",
	EnhancedDictFactory.__name__
	]
	def extract_between(src: str, start_delim: str, end_delim=None, fallback=None) -> str:
	if end_delim is not None and src.count(start_delim) != src.count(end_delim):
	raise ValueError("Unbalanced delimiters detected: \"" + src + "\"")
	if src.count(start_delim) > 2 or src.count(start_delim) > 1 and (start_delim != end_delim):
	raise ValueError("Duplicate delimiters detected: \"" + src + "\"")

	delimit_front = lambda x : x[x.index(start_delim)+1:]
	try:
	if end_delim is None:
	return delimit_front(src)
	import requests
	import warnings


	class AuthPreservingSession(requests.Session):
	trusted_host = requests.utils.urlparse("https://your.api.could.go.here").hostname

	def rebuild_auth(self, prepared_request, response):
	target_host = requests.utils.urlparse(prepared_request.url).hostname
	if target_host is None or not target_host.endswith(self.trusted_host):
	# examples and descriptions taken from: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768

	# put the options you want described in here
	option_inquiries = [
	"0x40810010",
	"0x40810000",
	"0x60810010"
	]

	descriptions = [