mzpqnxow

from re import (
    sub as regex_sub,
    match as regex_match)
from binascii import a2b_hex as ascii_hex_to_binary

def asciiHexToBuffer(inbuf,
                     skip_bin_encode=False,
                     is_xxd=False,
                     is_od=False,
                     is_tcpdump=False,

mzpqnxow

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security"> 
                 *[EventData[Data[@Name='ObjectName'] and (Data='C:\Users\Public\Documents\new-login-information.txt')]] 
                 and 
                 *[System[(EventID='4663')]] 
               </Select>
  </Query>
</QueryList>

mzpqnxow

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _json>

mzpqnxow

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _json>

mzpqnxow

filter {
    if "winlog" in [tags] and [SourceName] == "wineventlog" {
        # Begin translate block - this adds a new field to enrich the event with a description based on the event_id value
        translate {
            field => "EventID"
            destination => "EventDesc"
            override => true
            fallback => "no match"
            # https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx
            # Whip it into shape with sed/awk or use Python (4-5 lines cleans it up)

mzpqnxow

List of DNS Servers

'The following is a list of DNS Servers: both, Private and Public.'

Why does DNS matter?

The Domain Name System (DNS) protocol is an important part of the web's infrastructure, serving as the Internet's phone book: every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they start loading, so your computer may be performing hundreds of lookups a day.

List of Public DNS Servers

mzpqnxow

HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window

Overview

My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.

Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:

mzpqnxow

#
# Add Event ID descriptions to Event Log messages from Logstash
#
# This isn't perfact, but it will get the job done with *minimal* false descriptions.. 
# It takes an Event ID and create a new field with a description of that Event ID
#
# BTW, logstash supports storing the dictionary in an external file, which is kind of cool...
#
filter {
    if "winlog" in [tags] and [SourceName] == "wineventlog" {

mzpqnxow

#
# Palo Alto (annoingly) emits logs that have fields like this
#
# cn1Label: Session
# cn1: 12345
# cn2Label: Direction
# cn2: Out
# ...
#
# The following config for logstash is a way to fix it into:

mzpqnxow

riftfile        /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

restrict	default	ignore

restrict        127.0.0.1
restrict        127.127.1.0
restrict -6     ::1

# You only want to allow a class 24 and two specific hosts to query your server for time