I hereby claim:
- I am superducktoes on github.
- I am superducktoes (https://keybase.io/superducktoes) on keybase.
- I have a public key whose fingerprint is B2C5 91D5 AF7C C0B6 F068 7567 0517 E3C4 ED54 7340
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
ldap://e2216d7a9a31.bingsearchlib.com:39356/a | |
ldap://612877d3a59b.bingsearchlib.com:39356/a | |
ldap://205.185.115.217:47324/a | |
ldap://ab3419ba1f45.bingsearchlib.com:39356/a | |
ldap://193.3.19.159:53/c | |
ldap://ea62856c5fc3.bingsearchlib.com:39356/a | |
ldap://43065f484327.bingsearchlib.com:39356/a | |
ldap://5486b6edd688.bingsearchlib.com:39356/a | |
ldap://92d27039ede4.bingsearchlib.com:39356/a | |
ldap://45cecd2f38ca.bingsearchlib.com:39356/a |
#!/bin/bash | |
ulimit -n 65535 | |
chattr -i /etc/ld.so.preload | |
rm -f /etc/ld.so.preload | |
chattr -R -i /var/spool/cron | |
chattr -i /etc/crontab | |
ufw disable | |
iptables -F |
from greynoise import GreyNoise | |
import json | |
import csv | |
import argparse | |
import os | |
from stix2 import MemoryStore, Indicator | |
api_client = GreyNoise(api_key="") | |
parser = argparse.ArgumentParser() |
{ | |
"type": "bundle", | |
"id": "bundle--156aade4-a0b9-4931-aef7-f400b2ffd1d7", | |
"objects": [ | |
{ | |
"type": "indicator", | |
"spec_version": "2.1", | |
"id": "indicator--7f7cfee6-7cb4-4d8f-8012-bc5959a53564", | |
"created": "2022-05-19T20:10:17.632149Z", | |
"modified": "2022-05-19T20:10:17.632149Z", |
import fileinput | |
import re | |
from greynoise import GreyNoise | |
# command usage: cat <file_ips>.txt| python3 file_ips_lookup.py | |
api_client = GreyNoise(api_key="") | |
ip_list = [] | |
# parse file for ips |
<form theme="dark"> | |
<label>GreyNoise Firewall Data</label> | |
<fieldset submitButton="false"> | |
<input type="time" token="field1"> | |
<label></label> | |
<default> | |
<earliest>-24h@h</earliest> | |
<latest>now</latest> | |
</default> | |
</input> |
Stop Chasing Ghosts: California Roadshow | |
Cheat Sheet | |
You’re working at a sticker company called “Milk Co.” One of your developers leaves a vulnerable dev environment exposed to the internet. Users at the workshop will play the role of the Security Analyst at “Milk Co.” and have to investigate the alert to understand what happened, decide how they can stop additional attacks quickly, and then do additional investigation into indicators that can be used for hunting. | |
Question Answer Form | |
https://stopchasingghosts.typeform.com/to/JWKos6K2 | |
[Optional] Slack Channel: Join GreyNoise Community Slack and find channel #roadshow-dc |
import requests | |
import json | |
GN_API_KEY = "" | |
GN_QUERY = "last_seen:1d classification:malicious" | |
GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql" | |
HEADERS = { | |
"accept": "application/json", |
import requests | |
import json | |
GN_API_KEY = "" | |
GN_QUERY = 'tags:"SSH Bruteforcer" last_seen:1d spoofable:false' | |
file_name = "./greynoise_ips.txt" | |
GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql" |