I hereby claim:
- I am philhagen on github.
- I am philhagen (https://keybase.io/philhagen) on keybase.
- I have a public key ASAEYvINHkgXauuXhE5rJULIBfTwIIBMTXyZyi7N87GJSQo
To claim this, I am signing this object:
#!/usr/bin/python | |
from dnsimple import DNSimple | |
import socket | |
dns = DNSimple(email='foo@bar.com', api_token='your_token_here') | |
domains = dns.domains() | |
for domain in domains: | |
dname = domain['domain']['name'] |
I hereby claim:
To claim this, I am signing this object:
#!/bin/sh | |
# USE THIS SCRIPT AT YOUR OWN RISK!!! | |
# YOU ALONE ARE RESPONSIBLE FOR REVIEWING THE CONTENT AND | |
# ENSURING IT WILL NOT CAUSE UNINTENDED DAMAGE TO YOUR SYSTEM! | |
if [[ $EUID -ne 0 ]]; then | |
echo "This script must be run with sudo" | |
exit 1 | |
fi | |
set -x |
{"ts":1602265824.123071,"uid":"CHFRflzsgM15k9et4","id.orig_h":"192.168.75.169","id.orig_p":58506,"id.resp_h":"192.168.75.1","id.resp_p":53,"proto":"udp","trans_id":50763,"rtt":0.022633075714111329,"query":"www.sansgear.com","qclass":1,"qclass_name":"C_INTERNET","qtype":1,"qtype_name":"A","rcode":0,"rcode_name":"NOERROR","AA":false,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["vhost1.identityvector.com","70.32.97.206"],"TTLs":[3600.0,3600.0],"rejected":false} |
A former FOR572 student, John D, helfully provided some useful command lines that you might be able to take advantage of, specifically while parsing Zeek's log files when created in JSON format. These commands use the jq
utility, which is widely available for most operating systems. Another useful resource is the JSON and jq
Quick Start Guide, which is used in FOR572 and provided as a public resource.
Querying Zeek files:
dce_rpc.log
cat dce_rpc.log | jq '{ operation, "named_pipe", endpoint, ts, "id.orig_h", "id.orig_p", "id.resp_h", "id.resp_p"}'
{
"operation": "NetrShareGetInfo",
"named_pipe": "\\PIPE\\srvsvc",