Skip to content

Instantly share code, notes, and snippets.

Working from home

Andrew Pease peasead

Working from home
View GitHub Profile
View gist:e9c06979cb3c2dfef383da05abd89bf9
# Update packetbeat.shutdown_timeout=20s to fit your time requirements
/usr/local/bin/packetbeat -I file.pcap -t -E packetbeat.shutdown_timeout=20s
peasead /
Last active Aug 13, 2020
Recursively update all git repositories
# Run from the parent directory with all of your git folders below
# find . searches the current directory
# -type d to find directories, not files
# -depth 1 for a maximum depth of one sub-directory
# -exec {} \; runs a custom command for every find
# git --git-dir={}/.git --work-tree=$PWD/{} pull git pulls the individual directories
find . -type d -depth 1 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \;
View quick-zeek-container
If you want to run a pcap through Zeek, but don't have ROCK or don't need "all the things".
# Fire up the Docker container, mapping the directory with your pcap
## If pcap in your current directory
docker run -it -v $(pwd):/pcap broplatform/bro:3.0.0 /bin/bash
## If pcap is somewhere else
docker run -it -v [directory where your pcap is]:/pcap broplatform/bro:3.0.0 /bin/bash
# If you have to build your own for some reason
# This can be skipped if the `docker run...` worked above
View pull multiple Docker images
make a file called "images" with all of the docker images listed, 1 per line
while read i; do sudo docker pull "$i"; done < images
peasead /
Last active Mar 9, 2020
ROCKNSM Startup & Shutdown
# For creating NSM data from targeted pcaps, trying to get minimal noise
# This is for VirtualBox, but would likely work elsewhere
sudo -u suricata suricata-update
sudo ip link set dev [mon-int] mtu 16110
sudo ifup [mon-interface]
sleep 5

FINALLY figured out getting a CAC to work on Catalina when you've previously had some middleware installed.


defaults read /Library/Preferences/ DisabledTokens

You shouldn’t have any responses and if you reboot you should get asked to Pair your CAC. If you get, run this

sudo defaults delete /Library/Preferences/ DisabledTokens Reboot


Keybase proof

I hereby claim:

  • I am peasead on github.
  • I am variable ( on keybase.
  • I have a public key ASB24PAieecv2Kzl2W9jTJFFT7kgmjKOL7qL5QWGERc59go

To claim this, I am signing this object:

View nginx Proxy Redirect
server {
listen 80;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
View Bash Profile
export PS1="\[\033[36m\]\u\[\033[m\]@\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ "
export CLICOLOR=1
export LSCOLORS=exFxBxDxCxegedabagacad
alias ls='ls -lGFh'
alias whois='whois -h'
alias usbtoserial=/dev/cu.usbserial
# Profile Additions
transfer() { if [ $# -eq 0 ]; then echo "No arguments specified. Usage:\necho transfer /tmp/\ncat /tmp/ | transfer"; return 1; fi
tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; }
View speedtest-cli-down-up-only
# Requires the speedtest-cli Python script available from
# The idea is that you can exclude all the other data returned by the Python script, and just the up/down speeds
# python speedtest-cli | grep -E 'Download: [^d]{1,6} Mbit\/s|Upload: [^d]{1,6} Mbit\/s' <- without your IP address
python speedtest-cli | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}|Download: [^d]{1,6} Mbit\/s|Upload: [^d]{1,6} Mbit\/s'
You can’t perform that action at this time.