Skip to content

Instantly share code, notes, and snippets.

Scott Stout skout23

View GitHub Profile
View GeoIP Product Id's
ProductID Database
106 GeoIP.dat
111 GeoIPOrg.dat
112/115 GeoIPRegion.dat
117 GeoIPASNum.dat
119 GeoIPUserType.dat
121/122 GeoIPISP.dat
132/133 GeoIPCity.dat
135 GeoIPAreaCode.dat
137 GeoIPDMACode.dat
@skout23
skout23 / logs_insights_queries.txt
Created Feb 11, 2019
Scratch Pad ideas for Cloudtrail queries using AWS Cloudwatch Logs Insights
View logs_insights_queries.txt
```
filter eventName="ConsoleLogin"
| stats count(*) as eventCount by userIdentity.userName, sourceIPAddress
| sort eventCount desc
filter not sourceIPAddress =~ /^(?i)123.123.123.123/ and userIdentity.userName =~/^(?i)\w/
| stats count(*) as eventCount by eventName, userIdentity.userName, sourceIPAddress
| sort eventCount desc
filter eventName="ConsoleLogin"
@skout23
skout23 / s3_bucket_sizes.sh
Created Feb 1, 2019
Get the latest size in bytes of all s3 buckets given a list of profiles
View s3_bucket_sizes.sh
#!/bin/bash
aws_profile=("default" "otherprofile");
region="us-east-1"
# setting the expected date() format BSD style (macos)
start_time="$(date -v-2d '+%Y-%m-%d')"
end_time="$(date '+%Y-%m-%d')"
#loop AWS profiles array incase we provide more than 1 profile
for profile in "${aws_profile[@]}"; do
@skout23
skout23 / buffer_overflow.c
Last active Apr 26, 2018
simple buffer_overflow for testing afl
View buffer_overflow.c
/*
Compile with:
afl-gcc -fno-stack-protector -z execstack buffer_overflow.c -o buffer_overflow
gcc -fno-stack-protector -z execstack buffer_overflow.c -o buffer_overflow
*/
#include <stdio.h>
#include <string.h>
View pyenv + virtualenv all the things
# should pick up pyenv as dep
brew install pyenv-virtualenv
# add to your .bash_profile or other .profile
eval "$(pyenv init -)"
eval "$(pyenv virtualenv-init -)"
# List available pythons versions
$ pyenv install -l
View keybase.md

Keybase proof

I hereby claim:

  • I am skout23 on github.
  • I am skout23 (https://keybase.io/skout23) on keybase.
  • I have a public key ASDw8P2ph2XFQLlCW0GtGhnuJZlOBN6nQMSmPzXH_VPlYAo

To claim this, I am signing this object:

View .tmux.conf
# act like GNU screen
unbind C-b
set -g prefix C-a
# look good
set -g default-terminal "screen-256color"
# Allows for faster key repetition
set -s escape-time 0
View avg_student_count.rb
require 'json'
require 'rest-client'
=begin
{"data"=>
{"district"=>"4fd43cc56d11340000000005",
"school"=>"4fee004cca2e43cf27000002",
"name"=>"Advanced Literature 1(B)",
"teacher"=>"4fee004dca2e43cf270007e8",
@skout23
skout23 / manage_snapshots.rb
Last active Oct 6, 2015
AWS ec2 EBS snapshot management
View manage_snapshots.rb
#!/usr/bin/env ruby
# cleaned up a bit, makes use of memoize to better handle queries to the EC2 backend, less calls == faster.
require 'rubygems'
require 'aws-sdk'
regions = [
"ec2.us-east-1.amazonaws.com",
@skout23
skout23 / too short.txt
Created Oct 4, 2015
Fixing suricata on 12.04 ubuntu
View too short.txt
aptitude install suricata
...
sudo modprobe nfnetlink_queue
You can’t perform that action at this time.