The Domain Name System (DNS) protocol is an important part of the web's infrastructure, serving as the Internet's phone book: every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they start loading, so your computer may be performing hundreds of lookups a day.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from re import ( | |
sub as regex_sub, | |
match as regex_match) | |
from binascii import a2b_hex as ascii_hex_to_binary | |
def asciiHexToBuffer(inbuf, | |
skip_bin_encode=False, | |
is_xxd=False, | |
is_od=False, | |
is_tcpdump=False, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<QueryList> | |
<Query Id="0" Path="Security"> | |
<Select Path="Security"> | |
*[EventData[Data[@Name='ObjectName'] and (Data='C:\Users\Public\Documents\new-login-information.txt')]] | |
and | |
*[System[(EventID='4663')]] | |
</Select> | |
</Query> | |
</QueryList> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define ROOT C:\Program Files\nxlog | |
define ROOT C:\Program Files (x86)\nxlog | |
Moduledir %ROOT%\modules | |
CacheDir %ROOT%\data | |
Pidfile %ROOT%\data\nxlog.pid | |
SpoolDir %ROOT%\data | |
LogFile %ROOT%\data\nxlog.log | |
<Extension _json> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define ROOT C:\Program Files\nxlog | |
define ROOT C:\Program Files (x86)\nxlog | |
Moduledir %ROOT%\modules | |
CacheDir %ROOT%\data | |
Pidfile %ROOT%\data\nxlog.pid | |
SpoolDir %ROOT%\data | |
LogFile %ROOT%\data\nxlog.log | |
<Extension _json> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filter { | |
if "winlog" in [tags] and [SourceName] == "wineventlog" { | |
# Begin translate block - this adds a new field to enrich the event with a description based on the event_id value | |
translate { | |
field => "EventID" | |
destination => "EventDesc" | |
override => true | |
fallback => "no match" | |
# https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx | |
# Whip it into shape with sed/awk or use Python (4-5 lines cleans it up) |
HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window
My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.
Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Add Event ID descriptions to Event Log messages from Logstash | |
# | |
# This isn't perfact, but it will get the job done with *minimal* false descriptions.. | |
# It takes an Event ID and create a new field with a description of that Event ID | |
# | |
# BTW, logstash supports storing the dictionary in an external file, which is kind of cool... | |
# | |
filter { | |
if "winlog" in [tags] and [SourceName] == "wineventlog" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Palo Alto (annoingly) emits logs that have fields like this | |
# | |
# cn1Label: Session | |
# cn1: 12345 | |
# cn2Label: Direction | |
# cn2: Out | |
# ... | |
# | |
# The following config for logstash is a way to fix it into: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
riftfile /var/lib/ntp/ntp.drift | |
statsdir /var/log/ntpstats/ | |
restrict default ignore | |
restrict 127.0.0.1 | |
restrict 127.127.1.0 | |
restrict -6 ::1 | |
# You only want to allow a class 24 and two specific hosts to query your server for time |
OlderNewer