Skip to content

Instantly share code, notes, and snippets.

View manasmbellani's full-sized avatar

Manas Bellani manasmbellani

19 followers · 2 following
View GitHub Profile
@manasmbellani
manasmbellani / .aws-lambda-layers
Last active December 6, 2023 16:14
aws-lambda-layers: Example code for the aws lambda layer
Please review the `README.md` file.
@manasmbellani
manasmbellani / sample-sysmon-config.xml
Last active October 28, 2023 05:29
Sample sysmon config file for windows that works with old versions of sysmon in sysinternals from 2017
<!--
sysmon-config | A Sysmon configuration focused on default high-quality event tracing and easy customization by the community
Source version: 74 | Date: 2021-07-08
Source project: https://github.com/SwiftOnSecurity/sysmon-config
Source license: Creative Commons Attribution 4.0 | You may privatize, fork, edit, teach, publish, or deploy for commercial use - with attribution in the text.
Fork version: <N/A>
Fork author: <N/A>
Fork project: <N/A>
Fork license: <N/A>
@manasmbellani
manasmbellani / mimikatz.xsl
Created May 5, 2018 16:23
mimikatz.xsl
This file has been truncated, but you can view the full file.
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:vb="urn:the-xml-files:xslt-vb" xmlns:user="placeholder" version="1.0">
<!-- Copyright (c) Microsoft Corporation. All rights reserved. -->
<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>
<xsl:strip-space elements="*" />
<ms:script implements-prefix="user" language="JScript">
<![CDATA[
@manasmbellani
manasmbellani / !splunkappsdoco.md
Last active June 10, 2023 09:34
splunkawssecuritymon - Alerts built in AWS Security Monitoring App for Splunk

README

This gist contains information about various splunk apps pertaining to detection engineering that have been released on Splunkbase.

Usage

Review the files on gist.github.com OR consider cloning this and opening it in a Markdown editor such as Typora to obtain a navigational outline

@manasmbellani
manasmbellani / .cent.yaml
Last active April 26, 2023 19:18
My cent nuclei templates file
# Directories to exclude
exclude-dirs:
- SOMETHING
# Files to exclude
exclude-files:
- README.md
- .gitignore
- .pre-commit-config.yaml
- LICENSE
@manasmbellani
manasmbellani / inputs.conf
Last active March 29, 2023 21:54
Splunk Universal Forwarder inputs.conf file for collecting data from Window Servers / PCs
# Version 9.0.1
# these here just override and disable stuff that in system/default.
################################
# Data thru parsingQueue always
################################
[splunktcp]
route=has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
@manasmbellani
manasmbellani / splunk-app-deployment-steps.md
Created November 26, 2022 01:44
Practical tips/steps to consider prior to deploying and updating apps in Splunk

Steps to build new alerts in Splunk

To build new alerts, perform the following steps:

  • Ensure that the correct app is selected via the Apps menu option in Splunk UI
  • Leverage an existing search macro that has been recently built and update it to meet the search query for detection
  • Test if the alert works
  • Use MITRE Attack Framework to add relevant fields from the Matrix here if applicable
  • Create a new search macro with updated permissions. Search macro should be prefixed with appropriate keyword e.g. gcp_detect_ or sysmon_detect
  • Update the search macro permissions to be publicly readable, and admin writable
@manasmbellani
manasmbellani / flatten_dict_to_csv.py
Created August 21, 2022 04:48
flatten_dict_to_csv.py - Flattens a Dictionary into a single dictionary that can be written to a CSV file
#!/usr/bin/env python3
import json
dictionary = {
'duration': 720,
'language': 'sv',
'link': 'https://vimeo.com/neweuropefilmsale/incidentbyabank',
'name': 'INCIDENT BY A BANK',
'test': {
'test2': {
@manasmbellani
manasmbellani / ffmpeg_extract_audio_between_times.sh
Last active April 22, 2022 04:55
ffmpeg_extract_audio_between_times.sh - Extract audio/video between times via ffmpeg
#!/bin/bash
if [ $# -lt 3 ]; then
echo "[-] $0 $action <in-video-audio-file> <start-time-as-HH:MM:SS> <end-time-as-HH:MM:SS/num_seconds> [out-file]"
exit
fi
in_audio_file="$1"
start_time="$2"
end_time_num_seconds="$3"
if [ -z "$out_file" ]; then
@manasmbellani
manasmbellani / subdomaincheck.py
Last active March 3, 2022 01:20
Subdomaincheck.py - A script to detect subdomain takeover possibilities given a list of domains.
#!/usr/bin/python
from argparse import ArgumentParser, RawTextHelpFormatter
import subprocess
import shlex
import requests
USER_AGENT_STR = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"