Currently in no particular order. Most of these are kind of ancient.
Where's all the modern documentation? So much of what I've turned up searching is other folks complaining about having few options beyond reading source code.
The OREILLY books, while dated, seem to be some of the best available. Note that these can be read with a 7-day trial. Do this! At least get through the introduction section and first chapter of each to see if it's what you're after.
| # This GIST has been transformed into a Git repository and does not receive updates anymore | |
| # | |
| # Please visit the github repo to get a current list | |
| # https://github.com/Neo23x0/ti-falsepositives/ | |
| # Hashes that are often included in IOC lists but are false positives | |
| HASH_WHITELIST = [ | |
| # Empty file | |
| 'd41d8cd98f00b204e9800998ecf8427e', | |
| 'da39a3ee5e6b4b0d3255bfef95601890afd80709', |
Updated May 21/2018
There are lots of different how-tos out there for automatically launching VMs using VirtualBox on MacOS. Most of them focus on older versions of VirtualBox or old versions of MacOS.
Tested using MacOS High Sierra 10.13.4 running VirtualBox 5.2.12. The guest OS is Fedora 28.
Following the instructions on the VirtualBox website (https://www.virtualbox.org/manual/ch09.html#autostart), copy the Virtualbox autostart plist template file to your system's LaunchDaemons folder.
david$ sudo cp \
| #!/usr/bin/env python2 | |
| import base64, struct, sys | |
| if len(sys.argv) > 1: | |
| try: | |
| binary = base64.decodestring(sys.argv[1]) | |
| #File header | |
| sys.stdout.write(struct.pack("IHHIIII", | |
| 0xa1b2c3d4, # Magic |
| alert tcp any any -> any !80 (msg:"SURICATA HTTP on unusual port"; flow:to_server; app-layer-protocol:http; threshold: type limit, track by_src, seconds 60, count 1; sid:2271001; rev:1;) | |
| alert tcp any any -> any 80 (msg:"SURICATA non-HTTP on TCP port 80"; flow:to_server; app-layer-protocol:!http; threshold: type limit, track by_src, seconds 60, count 1; sid:2271002; rev:1;) | |
| alert tcp any any -> any ![443,465,587] (msg:"SURICATA TLS on unusual port"; flow:to_server; app-layer-protocol:tls; threshold: type limit, track by_src, seconds 60, count 1; sid:2271004; rev:1;) | |
| alert tcp any any -> any [443,465] (msg:"SURICATA non-TLS on TLS port"; flow:to_server; app-layer-protocol:!tls; threshold: type limit, track by_src, seconds 60, count 1; sid:2271003; rev:1;) | |
| alert tcp any any -> any ![20,21] (msg:"SURICATA FTP on unusual TCP port"; flow:to_server; app-layer-protocol:ftp; threshold: type limit, track by_src, seconds 60, count 1; sid:2271005; rev:1;) | |
| alert tcp any any -> any [20,21] (msg:"SURICATA non-FTP on TCP |
| require 'victor' | |
| scale = 1000 # scale up the result by this factor | |
| first_n = 1 # index of first logo | |
| last_n = 10000 # index of last logo | |
| SCALE = 0.18 # scale up the individual logos by this factor | |
| ALPHA = -15 # for smaller values, logos will shrink faster going out. for positive values, logos will shrink going in. | |
| def get_r i | |
| i**(1/(2.0-ALPHA)) |
| # UPDATED 17 February 2019 | |
| # Redirect all HTTP traffic to HTTPS | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name www.domain.com domain.com; | |
| return 301 https://$host$request_uri; | |
| } | |
| # SSL configuration |
| #!/usr/bin/env bash | |
| # When will my Lenovo order arrive? | |
| # | |
| # I grew impatient while waiting for my Thinkpad to ship, and the arrival date | |
| # kept changing, so I wrote this script to scrape their order details page. | |
| # | |
| # Might not work on all platforms, and it's parsing HTML with sed, so there be | |
| # plenty of dragons within this script. |
| # To read foo.pcap | |
| tshark -ln -r foo.pcap -q -d udp.port==514,syslog -T fields -E separator=" " -e ip.src -e syslog.msg | |
| # To listen on eth0 | |
| tshark -ln - eth0 -q -d udp.port==514,syslog -T fields -E separator=" " -e ip.src -e syslog.msg |