Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Andrew Pease peasead

🏠
Working from home
View GitHub Profile
View quick-zeek-container
If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".
# Fire up the Docker container, mapping the directory with your pcap
## If pcap in your current directory
docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
## If pcap is somewhere else
docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash
# If you have to build your own for some reason
# This can be skipped if the `docker run...` worked above
View salt-exploit-testing
# Both master and minion
yum install epel-release
yum install python3 python3-devel yum-utils gcc
curl -OL https://github.com/saltstack/salt/releases/download/v3000/salt-3000.tar.gz
tar zxf salt-3000.tar.gz
rm salt-3000.tar.gz
cd salt-3000
mkdir -p /usr/local/lib/python3.6/site-packages
sudo python3 setup.py install
View pull multiple Docker images
make a file called "images" with all of the docker images listed, 1 per line
while read i; do sudo docker pull "$i"; done < images
@peasead
peasead / startup-stop.sh
Last active Mar 9, 2020
ROCKNSM Startup & Shutdown
View startup-stop.sh
# For creating NSM data from targeted pcaps, trying to get minimal noise
# This is for VirtualBox, but would likely work elsewhere
# startup.sh
#!/bin/bash
sudo -u suricata suricata-update
sudo ip link set dev [mon-int] mtu 16110
sudo ifup [mon-interface]
sleep 5
View catalina-cac.md

FINALLY figured out getting a CAC to work on Catalina when you've previously had some middleware installed.

Run

defaults read /Library/Preferences/com.apple.security.smartcard DisabledTokens

You shouldn’t have any responses and if you reboot you should get asked to Pair your CAC. If you get com.apple.CryptoTokenKit.pivtoken, run this

sudo defaults delete /Library/Preferences/com.apple.security.smartcard DisabledTokens Reboot

View keybase.md

Keybase proof

I hereby claim:

  • I am peasead on github.
  • I am variable (https://keybase.io/variable) on keybase.
  • I have a public key ASB24PAieecv2Kzl2W9jTJFFT7kgmjKOL7qL5QWGERc59go

To claim this, I am signing this object:

View nginx Proxy Redirect
#/etc/nginx/conf.d/webapp.conf
server {
listen 80;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
@peasead
peasead / gitupdater.sh
Created Jan 30, 2017
Update the local repositories.
View gitupdater.sh
find . -type d -depth 2 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \;
View Bash Profile
export PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ "
export CLICOLOR=1
export LSCOLORS=exFxBxDxCxegedabagacad
alias ls='ls -lGFh'
alias whois='whois -h 199.7.50.74'
alias usbtoserial=/dev/cu.usbserial
# Transfer.sh Profile Additions
transfer() { if [ $# -eq 0 ]; then echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"; return 1; fi
tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "https://transfer.sh/$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; }
View speedtest-cli-down-up-only
# Requires the speedtest-cli Python script available from https://github.com/sivel/speedtest-cli
# The idea is that you can exclude all the other data returned by the Python script, and just the up/down speeds
# python speedtest-cli | grep -E 'Download: [^d]{1,6} Mbit\/s|Upload: [^d]{1,6} Mbit\/s' <- without your IP address
python speedtest-cli | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}|Download: [^d]{1,6} Mbit\/s|Upload: [^d]{1,6} Mbit\/s'
You can’t perform that action at this time.