Skip to content

Instantly share code, notes, and snippets.

Brad Lhotsky reyjrar

Block or report user

Report or block reyjrar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:54c69ed1c7817368fa46
#!/usr/bin/env perl
#
use strict;
use warnings;
use Benchmark qw(cmpthese timethese);
my @tests = (
q{testing 12345 some more stuff},
q{123 testing some stuff},
@reyjrar
reyjrar / mbsyncrc
Created Jan 12, 2015
New old mail setup
View mbsyncrc
Expunge Slave
Create Both
CopyArrivalDate yes
Sync All
SyncState *
IMAPAccount company
Host imap.company.com
CertificateFile ~/Certificates/godaddy.pem
UseIMAPS yes
@reyjrar
reyjrar / git-log-code-review.log
Created Apr 10, 2014
Sample output of a 'git log --reverse' when using Git::Code::Review
View git-log-code-review.log
commit 32e77a880484a60431b7e2d841549e0b6a96057f
Author: Brad Lhotsky <brad.lhotsky@booking.com>
Date: Wed Apr 2 22:11:05 2014 +0200
Initializing source repository.
---
audit_repo: /Users/blhotsky/tmp/repo
branch: master
reviewer: brad.lhotsky@booking.com
source_repo: git@github.com:reyjrar/Parse-Syslog-Line.git
@reyjrar
reyjrar / digiti-matching.pl
Created Dec 8, 2013
Testing variations on matching digits with Perl Regex
View digiti-matching.pl
#!/usr/bin/env perl
#
use strict;
use warnings;
use Benchmark qw(cmpthese);
my @tests = (
q{testing 12345 some more stuff},
q{123 testing some stuff},
@reyjrar
reyjrar / adobe.txt
Last active Dec 29, 2015
Output from a bitsquatting whois tool I'm working on. GOOGLEUSERCONTENT.COM is rated #44 on the Alexa Top Sites
View adobe.txt
$ ./bin/bit-whois.pl adobe.com
adobe.com variation bdobe.com is taken (ns01.domaincontrol.com)
adobe.com variation aeobe.com is !! ERROR !!
No Match Domain!
adobe.com variation acobe.com is taken (ns1.s416.sureserver.com)
adobe.com variation adpbe.com is taken (ns2.hastydns.com)
adobe.com variation adnbe.com is ** AVAILABLE **
adobe.com variation adoce.com is taken (ns2.warptech.net)
adobe.com variation adoae.com is ** AVAILABLE **
adobe.com variation adobf.com is ** AVAILABLE **
@reyjrar
reyjrar / feature.xml
Created Jul 9, 2013
Possible enhancement to the decoders/rules
View feature.xml
<decoder name="uptime">
<regex>load avergage: (\S+),</regex>
<order>var:load<order>
</decoder>
<rule id="100000" level="10">
<decoded_as>uptime</decoded_as>
<compare var="load" is="numeric" check="gt">2</compare>
</rule>
@reyjrar
reyjrar / crontab.xml
Created Jun 26, 2013
OSSEC Decoder for crontab manipulation.
View crontab.xml
<!-- Decoder to enable extracting data from the crontab command
Aug 30 17:13:02 server.example.com crontab[1347]: (root) LIST (root)
Aug 30 17:13:38 server.example.com crontab[2852]: (root) BEGIN EDIT (root)
Aug 30 17:13:41 server.example.com crontab[2852]: (root) REPLACE (root)
Aug 30 17:13:41 server.example.com crontab[2852]: (root) END EDIT (root)
Aug 30 17:14:01 server.example.com crond[1756]: (root) RELOAD (/var/spool/cron/root)
Aug 30 17:14:01 server.example.com CROND[4018]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Aug 30 17:14:06 server.example.com crontab[4030]: (root) LIST (root)
Aug 30 17:15:01 server.example.com CROND[5818]: (root) CMD (/usr/lib64/sa/sa1 1 1)
@reyjrar
reyjrar / named-axfr.xml
Created Jun 26, 2013
OSSEC Decoder for Named Zone Transfers
View named-axfr.xml
<!-- AXFR Logs
06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR started
06-Mar-2013 09:16:37.228 xfer-out: client 10.1.1.5#37937: view internal: transfer of 'example.com/IN': IXFR ended
06-Mar-2013 09:18:26.971 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR started
06-Mar-2013 09:18:26.974 xfer-out: client 10.1.6.3#35733: view internal: transfer of 'test.example.com/IN': AXFR-style IXFR ended
-->
<decoder name="bind-axfr-start">
View ossec-ar-filename.patch
commit 47f1803471ec4c8f9c69c42680019bc002ef304b
Author: Brad Lhotsky <brad.lhotsky@booking.com>
Date: Tue May 28 17:59:21 2013 +0200
Active response was not passing the filename in file events, ie,
syscheck. The Eventinfo struct only included file data for builds with
Prelude integration. This prevented the AR from handing filename off
anyways.
* Eventinfo now contains file data always
* Added *expect* option for 'filename'
@reyjrar
reyjrar / os_shell_escape.c
Created May 28, 2013
Implement shell escaping, relies on caller to clean up the memory for the escaped string.
View os_shell_escape.c
/* Escape a set of characters */
char *os_shell_escape(const char *src) {
// Maximum Length of the String is 2xthe current length
char shell_escapes[] = { '\\', '"', '\'', ' ', '\t', ';', '`', '>', '<', '|', '#',
'*', '[', ']', '{', '}', '&', '$', '!', ':', '(', ')' };
char *escaped_string;
int length = 0;
int i = 0;
You can’t perform that action at this time.