This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"8.8.8.8" | |
"8.8.4.4" | |
"1.1.1.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"": { | |
"Category": "vulnerable driver", | |
"Commands": { | |
"Command": "sc.exe create fiddrv64.sys binPath=C:\\windows\\temp\\fiddrv64.sys type=kernel && sc.exe start fiddrv64.sys", | |
"Description": "", | |
"OperatingSystem": "Windows 10", | |
"Privileges": "kernel", | |
"Usecase": "Elevate privileges" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Windows.Applications.LimaCharlieInstall | |
author: Whitney Champion (@shortxstack) | |
description: | | |
This artifact installs the LimaCharlie EDR sensor. | |
tools: | |
- name: LimaCharlieBinary | |
url: https://downloads.limacharlie.io/sensor/windows/64 | |
serve_locally: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
import time | |
from datetime import datetime, timedelta | |
import jwt | |
import uuid | |
from flask import Flask | |
from config import Config | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def generate_jwt(): | |
api_key = "" | |
base_url = "https://jwt.limacharlie.io" | |
uid = "" | |
url = "%s?uid=%s&secret=%s" % (base_url, uid, api_key) | |
try: | |
r = requests.get(url) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deploy_sysmon: | |
detect: | |
event: OS_SERVICES_REP | |
op: and | |
rules: | |
- op: is platform | |
name: windows | |
- op: contains | |
not: true | |
case sensitive: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import yaml | |
import requests | |
url = "https://sigma.limacharlie.io/convert/rule" | |
files = {'rule': open('sigma_rule.yml', 'rb').read()} | |
headers = { | |
"Content-Type": "application/x-www-form-urlencoded" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
import boto3 | |
import pytz | |
from datetime import datetime,timedelta | |
from os import path | |
s3 = boto3.resource('s3') | |
s3_client = boto3.client('s3') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import socket | |
import sys | |
import json | |
import zlib | |
import copy | |
import base64 | |
import re | |
import ssl | |
import logging |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
import requests | |
import time | |
import json | |
from multiprocessing import Process | |
def follow(thefile): | |
thefile.seek(0,2) |
NewerOlder