NOTE - this was specifically built for a docker instance, with the Filebeat docker module collecting the logs.
robert-moses
/ README.md
Created
January 12, 2022 17:04
— forked from ThisIsQasim/README.md
PiHole + Elasticsearch Ingest processing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .bash_profile | |
| # Get the aliases and functions | |
| if [ -f ~/.bashrc ]; then | |
| . ~/.bashrc | |
| fi | |
| # User specific environment and startup programs | |
| set TERM=xterm-256color |
robert-moses
/ Windows-Event-Alerting.ps1
Last active
August 29, 2019 14:50
WIndows Event Log alerting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Well Known SIDs of interest | |
| # SID: S-1-5-32-544 | |
| # Name: Administrators | |
| # | |
| # SID: S-1-5-21domain-512 | |
| # Name: Domain Admins | |
| # | |
| # Test lockout - EventID: 4740 | |
| (1..6)| %{ runas /user:DQGSOCAS4681\test1 cmd} |
robert-moses
/ Clear-Browser-Cache.ps1
Last active
November 18, 2019 20:38
PS to clear IE, Chrome and FF browser caches
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # | |
| # To Do: | |
| # Switch to either another variable for user profiles (all) or to simply sort through the c:\users\ folder. | |
| # | |
| # | |
| #Delete Internet Explorer Cache | |
| Remove-Item -path "$env:USERPROFILE\AppData\Local\Microsoft\Windows\Temporary Internet Files\*" -Recurse -Force -EA SilentlyContinue -Verbose | |
| Remove-Item -path "$env:USERPROFILE\AppData\Local\Microsoft\Windows\INetCache\*" -Recurse -Force -EA SilentlyContinue -Verbose | |
| Write-Host -ForegroundColor yellow "Internet Explorer Cache Removal - COMPLETE" |
robert-moses
/ kali-windows-docker-notes.txt
Last active
August 11, 2021 04:54
Kali Windows Docker (persistent storage)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker run -ti --rm --mount src=kali-root,dst=/root --mount src=kali-postgres,dst=/var/lib/postgresql my-kali | |
| # | |
| # Notes to setup/run a persistent kali docker container (my notes to setup on my usual windows work PC) | |
| # credit to @Airman604 | |
| # https://medium.com/@airman604/kali-linux-in-a-docker-container-5a06311624eb | |
| # https://hub.docker.com/r/kalilinux/kali-linux-docker/ | |
| # https://www.kali.org/news/official-kali-linux-docker-images/ | |
| # https://hub.docker.com/?ref=login&overlay=onboarding | |
| # Setup Docker Desktop for Windows | |
| # Requires Windows10 Pro and Hyper-V |
robert-moses
/ O365 security and IR.md
Last active
February 21, 2024 14:19
Office 365 security baseline and incident response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # scan and get all output file formats | |
| nmap –sT –oA Network_Topology –vv 192.168.0.0/24 | |
| # | |
| # pull the "alive" host IPs from the output | |
| grep open Network_Topology.gnmap | cut -d" " -f2 > Device_List.txt | |
| # | |
| # rescan, to ensure nothing was missed with the -A option | |
| nmap -A --excludefile Device_List.txt 192.168.0.0/24 | |
| # | |
| # add additional hosts to list file, manually |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Quick System Check Script | |
| # Author: Robert Moses | |
| ## Logging setup | |
| > quick_system_check.log | |
| exec > >(tee -a quick_system_check.log) | |
| exec 2> >(tee -a quick_system_check.log >&2) | |
| #Set Date | |
| MYDAY=`date +%d` | |
| #Set Hour |
robert-moses
/ export-bitlocker-recovery.cmd
Created
July 24, 2018 18:47
export bitlocker recovery key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # export protectors | |
| manage-bde -protectors -get c: | |
| # | |
| # export key to a file | |
| # | |
| manage-bde -protectors -get c: >> c:\temp\%COMPUTERNAME%-recovery-key.txt |
robert-moses
/ PS-cleanup-logs.ps1
Last active
July 22, 2018 21:47
POSH, clean up log file (IIS, etc)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Replace path with the path you want, include file name pattern/etc | |
| # Replace time/age with what you want | |
| # add this as a schedule task. | |
| Get-ChildItem C:\Inetpub\logs* -Include u_ex*.log -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item |
NewerOlder