Skip to content

Instantly share code, notes, and snippets.

Working from home

Andrew Pease peasead

Working from home
View GitHub Profile
View quick-zeek-container
If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".
# Fire up the Docker container, mapping the directory with your pcap
## If pcap in your current directory
docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
## If pcap is somewhere else
docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash
# If you have to build your own for some reason
# This can be skipped if the `docker run...` worked above
View salt-exploit-testing
# Both master and minion
yum install epel-release
yum install python3 python3-devel yum-utils gcc
curl -OL
tar zxf salt-3000.tar.gz
rm salt-3000.tar.gz
cd salt-3000
mkdir -p /usr/local/lib/python3.6/site-packages
sudo python3 install
View pull multiple Docker images
make a file called "images" with all of the docker images listed, 1 per line
while read i; do sudo docker pull "$i"; done < images
peasead /
Last active Mar 9, 2020
ROCKNSM Startup & Shutdown
# For creating NSM data from targeted pcaps, trying to get minimal noise
# This is for VirtualBox, but would likely work elsewhere
sudo -u suricata suricata-update
sudo ip link set dev [mon-int] mtu 16110
sudo ifup [mon-interface]
sleep 5

FINALLY figured out getting a CAC to work on Catalina when you've previously had some middleware installed.


defaults read /Library/Preferences/ DisabledTokens

You shouldn’t have any responses and if you reboot you should get asked to Pair your CAC. If you get, run this

sudo defaults delete /Library/Preferences/ DisabledTokens Reboot


Keybase proof

I hereby claim:

  • I am peasead on github.
  • I am variable ( on keybase.
  • I have a public key ASB24PAieecv2Kzl2W9jTJFFT7kgmjKOL7qL5QWGERc59go

To claim this, I am signing this object:

View nginx Proxy Redirect
server {
listen 80;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
peasead /
Created Jan 30, 2017
Update the local repositories.
find . -type d -depth 2 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \;
View Bash Profile
export PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ "
export CLICOLOR=1
export LSCOLORS=exFxBxDxCxegedabagacad
alias ls='ls -lGFh'
alias whois='whois -h'
alias usbtoserial=/dev/cu.usbserial
# Profile Additions
transfer() { if [ $# -eq 0 ]; then echo "No arguments specified. Usage:\necho transfer /tmp/\ncat /tmp/ | transfer"; return 1; fi
tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; }
View speedtest-cli-down-up-only
# Requires the speedtest-cli Python script available from
# The idea is that you can exclude all the other data returned by the Python script, and just the up/down speeds
# python speedtest-cli | grep -E 'Download: [^d]{1,6} Mbit\/s|Upload: [^d]{1,6} Mbit\/s' <- without your IP address
python speedtest-cli | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}|Download: [^d]{1,6} Mbit\/s|Upload: [^d]{1,6} Mbit\/s'
You can’t perform that action at this time.