Matthias Vallentin mavam
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am mavam on github. | |
| * I am mavam (https://keybase.io/mavam) on keybase. | |
| * I have a public key whose fingerprint is 8A3B 1323 B469 CCBA 54D3 3BCC D5E7 8DF5 9C8D 4B41 | |
| To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| library(dplyr) | |
| library(tidyr) | |
| library(ggplot2) | |
| parse_measurement_filename <- function(path) { | |
| filename <- strsplit(basename(path), "\\.")[[1]][1] | |
| s <- strsplit(filename, "_")[[1]] | |
| list(Cores=as.factor(s[1]), Run=as.factor(s[3]), Type=as.factor(s[5])) | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Plots GOES-13 Proton Flux for particles >= 10 Mev. | |
| # | |
| # Data source: ftp://ftp.swpc.noaa.gov/pub/lists/particle/ | |
| # | |
| # Check out http://stuffin.space to see where GOES-13 flies. | |
| library(dplyr) | |
| library(tidyr) | |
| library(lubridate) | |
| library(ggplot2) |
mavam
/ dns-txt-lookup.bro
Created
November 2, 2012 22:50
DNS TXT lookup in Bro using the function lookup_hostname_txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: count, chain_len: count, der_cert: string) | |
| { | |
| local domain = "%s.notary.icsi.berkeley.edu"; | |
| when ( local str = lookup_hostname_txt(fmt(domain, sha1_hash(der_cert))) ) | |
| { | |
| print str; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! | |
| ##! A Facebook analysis script. | |
| ##! | |
| ##! The script parses the HTTP body of Facebook JSON messages and reconstructs | |
| ##! a stream of chat messages from it. | |
| ##! | |
| ##! Since Facebook switched to HTTPS only, this script no longer works. You may | |
| ##! use it for inspiration or instructional purposes. | |
| ##! | |
| ##! For details, see my blog post: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @load base/frameworks/notice | |
| module Malware; | |
| export { | |
| redef enum Notice::Type += { | |
| ## Miniduke C&C activity. | |
| Miniduke_CC_Activity | |
| }; | |
| } |
mavam
/ install-bro.sh
Last active
December 14, 2015 23:29
Shell script that installs Bro including dependencies, also adding broctl crontab entry and improving OS capture performance.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Installs Bro on Redhat or Debian Linux. | |
| if [ "$(id -u)" -ne "0" ] ; then | |
| echo "must be root to install Bro" | |
| fi | |
| # Defaults | |
| flavor=redhat | |
| prefix=/opt/bro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| library(ggplot2) | |
| library(reshape) | |
| library(scales) | |
| # Computes the number of kB a basic bloom filter requires. | |
| # n: the number of elements to store | |
| # fp: the desired false positive rate | |
| space = function(n, fp) { -n * log(fp) / log(2)^2 / 8 / 1024 } | |
| N = 10^(1:9) |
mavam
/ range-facade.cc
Last active
December 28, 2015 16:59
Factored new-style ranges based on ideas from Eric Niebler. See http://ericniebler.com/2013/11/07/input-iterators-vs-input-ranges/ for details.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <vector> | |
| #include "vast/util/range.h" | |
| namespace util { | |
| template <typename Derived> | |
| class range | |
| { | |
| Derived& derived() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # California data breach analysis | |
| # | |
| # Author: Matthias Vallentin <vallentin@icir.org> | |
| # Copyright (c) 2016 | |
| # | |
| # To reproduce, please contact me. | |
| library(dplyr) | |
| library(ggplot2) | |
| library(lubridate) |
OlderNewer