Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# | |
# Copyright © 2018 seamus tuohy, <code@seamustuohy.com> | |
# | |
# This program is free software: you can redistribute it and/or modify it | |
# under the terms of the GNU General Public License as published by the Free | |
# Software Foundation, either version 3 of the License, or (at your option) | |
# any later version. | |
# |
// STRONTIUM: Detecting new patterns in credential harvesting | |
// https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/ | |
// Microsoft Threat Protection (MTP) Query | |
// Thanks Microsoft for not providing your own plain text version! I loved writing this from an image. | |
IdentityLogonEvents | |
| where Timestamp > ago(30d) | |
| where ActionType == "LogonFailed" | |
| where IPAddress startswith "185.220.101." or IPAddress startswith "199.249.230." or IPAddress startswith "23.129.64." or IPAddress startswith "109.70.100." or IPAddress startswith "185.220.102." | |
| summarize authAttempts=dcount(Timestamp), firstAttempt=min(Timestamp), lastAttempt=max(Timestamp),uniqueIPs=dcount(IPAddress), uniqueAccounts=dcount(AccountObjectId),attemptedAccounts=make_set(AccountObjectId) by DeviceType, OSPlatform | |
| sort by uniqueAccounts |
# ADVANCED HUNTING REFERENCES | |
# Kusto Queries | |
# - Query Language REFERENCE | |
# - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ | |
# - Regular Expression in Kusto | |
# - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/re2 | |
# - Allowed Regular Expression Syntax for Kusto Queries | |
# - https://github.com/google/re2/wiki/Syntax |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
# | |
# Copyright © 2020 seamus tuohy, <code@seamustuohy.com> | |
# | |
# This program is free software: you can redistribute it and/or modify it | |
# under the terms of the GNU General Public License as published by the Free | |
# Software Foundation, either version 3 of the License, or (at your option) | |
# any later version. | |
# |
{ | |
"objects": [ | |
{ | |
"labels": [ | |
"source--eiq-fusion" | |
], | |
"name": "EclecticIQ Fusion Center", | |
"external_references": [ | |
{ | |
"source_name": "external-url", |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
Windows Registry Editor Version 5.00 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 | |
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
"DontUpdateLinks"=dword:00000001 |
# This file is part of Viper - https://github.com/viper-framework/viper | |
# See the file 'LICENSE' for copying permission. | |
# | |
FROM ubuntu:rolling | |
# FROM debian:buster | |
MAINTAINER Viper-Framework (https://github.com/viper-framework) | |
# Set Local | |
ENV LANG C.UTF-8 |
Auth and copy token at https://irc.gitter.im/.
Ignore the /PASS
thing, it doesn't work in weechat.
/server add gitter irc.gitter.im -ssl -ssl_verify -ssl_dhkey_size=1024 -password=<REPLACE_WITH_YOUR_TOKEN>
/connect gitter
Term | Description | Link(s) |
---|---|---|
Alias | Another email address that people can use to email | |
App Password | An app password is a password that is created within the Azure portal and that allows the user to bypass MFA and continue to use their application. | |
Alternate email address | Required for admins to receive important notifications, or resetting the admin password which cannot be modified by the end users | |
AuditAdmin | ||
AuditDelegate | ||
Delegate | An account with assigned permissions to a mailbox. | |
Display Name | Name that appears in the Address Book & on the TO and From lines on an email. | |
EAC | "Exchange Admin Center" |