Skip to content

Instantly share code, notes, and snippets.

View mbrownnycnyc's full-sized avatar

mbrownnycnyc

13 followers · 51 following
View GitHub Profile
@mbrownnycnyc
mbrownnycnyc / youtube.md
Last active April 9, 2024 12:12
youtube channels that are worth watching. I would be disappointed if they stopped putting out content. (note that I specifically am not posting anything related to software development, cybersec or AI)

travel/cultures/experiences/self help/philosophy

@mbrownnycnyc
mbrownnycnyc / less-awesome-ai.md
Last active March 23, 2024 22:58
less awesome ai. a practical take on gen ai for normal people.
@mbrownnycnyc
mbrownnycnyc / nterr.h (errors)
Created February 24, 2017 19:47
NT errors with descriptions (hooray!)
Error Code Error Code NT Status Description
0x00000000 0x00000000 NT_STATUS_OK “The operation completed successfully.”
0xC0000001 0x0000001f NT_STATUS_UNSUCCESSFUL “A device attached to the system is not functioning.”
0xC0000002 0x00000001 NT_STATUS_NOT_IMPLEMENTED “Incorrect function.”
0xC0000003 0x00000057 NT_STATUS_INVALID_INFO_CLASS “The parameter is incorrect.”
0xC0000004 0x00000018 NT_STATUS_INFO_LENGTH_MISMATCH “The program issued a command but the command length is incorrect.”
0xC0000005 0x000003e6 NT_STATUS_ACCESS_VIOLATION “Invalid access to memory location.”
0xC0000006 0x000003e7 NT_STATUS_IN_PAGE_ERROR “Error performing inpage operation.”
0xC0000007 0x000005ae NT_STATUS_PAGEFILE_QUOTA “Insufficient quota to complete the requested service.”
@mbrownnycnyc
mbrownnycnyc / splk_backpressure.md
Last active August 28, 2023 23:56
info on backpressure mechanism for splunk forwarders. You should _NOT_ be changing these settings usually, but may consider it when dealing with extremely high volume data sources (such as a UF on a syslog server).

https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Protectagainstlossofin-flightdata

How can data loss be avoided?

The architecture is such that the UDP data sources must be converted to TCP backed by reliable delivery. Additionally, the forwarders and indexers may be configured to send application level ACKs back to sending forwarders.

splunkd delivery of packets is as follows:

  • data is sent in chunks of 64KB.
  • By default the forwarder is not looking for, nor is the indexer signaled to send, ACKs upon block receipt.
@mbrownnycnyc
mbrownnycnyc / nsclient_update.sh
Created May 24, 2013 15:41
script for use with `nsupdate` to update linux client DNS on a DNS server... in this instance, I am targeting a Windows Server DNS server 2003/2008/2012+. I have manually created the PTR and A records once, and granted the Everyone ACE the "Write" permission in the DACL of the PTR and A records.
#!/bin/sh
#original from http://community.spiceworks.com/topic/262635-linux-does-not-register-on-the-windows-ad-dns
# reply of Phil6196 Oct 1, 2012 at 12:41 AM (EDT)
ADDR=`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e s/.*://`
HOST=`hostname`
echo "update delete $HOST A" > /var/nsupdate.txt
echo "update add $HOST 86400 A $ADDR" >> /var/nsupdate.txt
echo "update delete $HOST PTR" > /var/nsupdate.txt
echo "update add $HOST 86400 PTR $ADDR" >> /var/nsupdate.txt
nsupdate /var/nsupdate.txt
@mbrownnycnyc
mbrownnycnyc / sense_api_powershell_examples.ps1
Created July 21, 2017 15:12
beginnings of sense home energy monitor undocumented API dive
### sense api powershell examples
# with reference:
# https://www.jokecamp.com/blog/invoke-restmethod-powershell-examples/
# https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.utility/invoke-restmethod
## enter your email address and password (will use securestring later)
$emailAddress = "email@contoso.corp"
$password = "insertpassword"
@mbrownnycnyc
mbrownnycnyc / disable_android_notification_info.txt
Last active April 13, 2023 13:06
Disabling heads up notifications on android per app. Requires root access. This will simply hide: "sim card is not from verizon wireless"
#you can do the below if you have root.
# if you don't have root, you can uninstall the Samsung Setup Wizard. Not sure if this is at all valuable, as you can configure APNs manually worst case. Best case, it has no affect on OTA activations (which I truly don't think it does):
# adb shell
# pm uninstall -k --user 0 com.sec.android.app.setupwizard
# cycle airplane mode and you'll see you don't get the notification.
"sim card is not from verizon wireless"
@mbrownnycnyc
mbrownnycnyc / android_apk_cert_pinning_mitm.txt
Last active March 18, 2023 03:32
Android APK cert pinning removal and MiTM - focusing on Sense Home Energy Monitor APK
https://dl.google.com/android/repository/tools_r25.2.3-windows.zip
https://medium.com/@felipecsl/bypassing-certificate-pinning-on-android-for-fun-and-profit-1b0d14beab2b#.pnph846be
http://www.security-assessment.com/files/documents/whitepapers/Bypassing%20SSL%20Pinning%20on%20Android%20via%20Reverse%20Engineering.pdf
https://stackoverflow.com/questions/64364407/app-not-installing-in-android-11-but-works-on-previous-versions
1) download apktool and the build tools (http://androidsdkoffline.blogspot.com/p/android-sdk-build-tools.html) and platform tools (https://developer.android.com/studio/releases/platform-tools.html)
"C:\Users\mbrown\Desktop\Sense APK\apktool" d base.apk
@mbrownnycnyc
mbrownnycnyc / generate-att&ckjson.ps1
Created February 8, 2023 21:22
quick way to produce att&ck navigator layers
#baseline_layer.json is exported layer from the navigator... there certainly is a way to create the json from scratch reviewing specs, but it was very fsat to just do this.
$sourcefile = ".attack nav layers\baseline_layer.json"
$offtechoutfile = ".\attack nav layers\offensive_techs.json"
$deftechoutfile = ".\attack nav layers\defensive_techs.json"
#goal here is to:
# define two att&ck navigator layer json files
# one is for offensive techniques
@mbrownnycnyc
mbrownnycnyc / get-chokepointtechniques.ps1
Last active January 19, 2023 19:08
Process ATT&CK and D3FEND data to indicate likelihood an ATT&CK technique is a choke point as defined in this article (https://medium.com/mitre-engenuity/where-to-begin-prioritizing-att-ck-techniques-c535b50983f4). This theory considers the following conjecture: MITRE will assign research hours to align with prioritization of offensive technique…
# summary:
# Process ATT&CK and D3FEND data to indicate likelihood an ATT&CK technique is a choke point as defined in this article (https://medium.com/mitre-engenuity/where-to-begin-prioritizing-att-ck-techniques-c535b50983f4). This theory considers the following conjecture: MITRE will assign research hours to align with prioritization of offensive technique (resulting severity, frequency of observation, etc). This theory considers the following facts: ATT&CK procedure examples are well documented, D3FEND offensive blast radius is well documented.
# Remember to see "Limitations and future work" section of the above blog post/article.
# also see "BIASES WHEN MAPPING TO MITRE ATT&CK" section of (https://www.cisa.gov/uscert/sites/default/files/publications/Best%20Practices%20for%20MITRE%20ATTCK%20Mapping.pdf)
# this covers the following biases: Novelty bias, Visibility bias, Producer bias, Victim bias, Availability bias...
# you won't ever be able to eliminate these, either within yourself, on your team, o