I hereby claim:
- I am philhagen on github.
- I am philhagen (https://keybase.io/philhagen) on keybase.
- I have a public key ASAEYvINHkgXauuXhE5rJULIBfTwIIBMTXyZyi7N87GJSQo
To claim this, I am signing this object:
Phil Hagen philhagen
philhagen
/ gist:5698359
Created
June 3, 2013 14:03
convert ALIAS records for all of your DNSimple domains to A records, including a TXT record to identify which domains were converted. The TXT record will allow automated reversal at a later date. The actual add/delete functions are commented here to allow you to run in "safe mode" first.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from dnsimple import DNSimple | |
| import socket | |
| dns = DNSimple(email='foo@bar.com', api_token='your_token_here') | |
| domains = dns.domains() | |
| for domain in domains: | |
| dname = domain['domain']['name'] |
philhagen
/ keybase.md
Last active
July 20, 2016 02:10
philhagen
/ remove-macos-gtm.sh
Last active
August 6, 2020 19:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # USE THIS SCRIPT AT YOUR OWN RISK!!! | |
| # YOU ALONE ARE RESPONSIBLE FOR REVIEWING THE CONTENT AND | |
| # ENSURING IT WILL NOT CAUSE UNINTENDED DAMAGE TO YOUR SYSTEM! | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run with sudo" | |
| exit 1 | |
| fi | |
| set -x |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"ts":1602265824.123071,"uid":"CHFRflzsgM15k9et4","id.orig_h":"192.168.75.169","id.orig_p":58506,"id.resp_h":"192.168.75.1","id.resp_p":53,"proto":"udp","trans_id":50763,"rtt":0.022633075714111329,"query":"www.sansgear.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["vhost1.identityvector.com","70.32.97.206"],"TTLs":[3600.0,3600.0],"rejected":false} |
philhagen
/ zeek_commands.md
Last active
March 18, 2023 09:12
Helpful Commands for parsing Zeek log files in JSON format with jq
A former FOR572 student, John D, helfully provided some useful command lines that you might be able to take advantage of, specifically while parsing Zeek's log files when created in JSON format. These commands use the jq utility, which is widely available for most operating systems. Another useful resource is the JSON and jq Quick Start Guide, which is used in FOR572 and provided as a public resource.
Querying Zeek files:
dce_rpc.logcat dce_rpc.log | jq '{ operation, "named_pipe", endpoint, ts, "id.orig_h", "id.orig_p", "id.resp_h", "id.resp_p"}'- Example output:
{ "operation": "NetrShareGetInfo", "named_pipe": "\\PIPE\\srvsvc",