Michael Edie tankmek

## audit_acl.ps1
# Retrieve the current ACL
$acl = Get-Acl -Path .\private_file.txt


# Define the audit rule for Everyone with Success and Failure auditing for Read
$auditRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Everyone", "Read", "Success,Failure")


# Add the audit rule to the ACL
$acl.AddAuditRule($auditRule)

## ip_threat_feed.spl
# Reference: https://blog.edie.io/2020/04/30/diy-ip-threat-feed/
# Reference: https://github.com/tankmek/threatfeed/raw/master/ip_threat_feed.csv

index=honeypot eventtype="login_success"
| stats earliest(_time) AS first_seen, dc(host) AS sensor, latest(_time) AS last_seen by src_ip
| fieldformat first_seen=strftime(first_seen, "%Y%m%d %X")
| fieldformat last_seen=strftime(last_seen, "%Y%m%d %X")
| iplocation src_ip
| eval Country = if(isnull(Country), "Unknown", Country)
| lookup tor_exit_nodes exit_node_ip AS src_ip OUTPUTNEW exists AS tor_exit_node

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tankmek
                / keybase.md
            
            
              Created
              December 29, 2019 19:10
            
              
                Keybase proof
              
          
    Keybase proof

I hereby claim:

I am tankmek on github.
I am tankmek (https://keybase.io/tankmek) on keybase.
I have a public key whose fingerprint is 3AD0 A606 4ED4 33B9 5AF3  EF35 B94F EF97 E49C 9A75

To claim this, I am signing this object:

  
## qemu-image-mount
sudo modprobe nbd max_part=8
sudo qemu-nbd --connect=/dev/nbd0 image.qcow2
# identify each partition
sudo fdisk /dev/nbd0 -l
# create mount location and then mount
sudo mkdir /mnt/disk1
sudo mount /dev/nbd0p1 /mnt/disk1

## kali-rolling-update
download OVA
apt update && apt -y full-upgrade
reboot
apt -y --reinstall install open-vm-tools-desktop fuse (If new kernel version)
reboot

# When key expires
wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add

## Slackware-LUKS-LVM
# Create 100MB boot partition (Linux)
# Make the rest of the space one unit not bootable
## Make cryptanalysis harder
dd if=/dev/urandom of=/dev/sda2
# Setup luks container
#cryptsetup --verbose --cipher aes-xts-plain64:sha512 --key-size 512 --hash sha512 --iter-time 5000 luksFormat
cryptsetup -s 256 -y luksFormat /dev/sdx2
cryptsetup luksOpen /dev/sdx2 slackcrypt
# create physical volume
pvcreate /dev/mapper/slackcrypt

## ssh_config
# Manpage excerpt:
# Since the first obtained value for each parameter is used, more host-specific
# declarations should be given near the beginning of the file, and general defaults at the end.
Host *
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

## sshd_config
## Better SSH Security
# @c0demech // Michael Edie
# If using the following key exchange protocol:
# diffie-hellman-group-exchange-sha256: Custom DH with SHA2
# run the following:
# ssh-keygen -G /tmp/moduli -b 4096
# ssh-keygen -T /etc/ssh/moduli -f /tmp/moduli

# Generate rsa key with:
# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null

## Server2012
# Settings up external NTP on DC
w32tm /query /source # If you get CMOS continue
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:”pool.ntp.org,0x1”
# Make your PDC a reliable time source for the clients.
w32tm /config /reliable:yes
net start w32time
# Wait a few minutes and it should update
w32tm /query /source # Validate

## qmail_freebsd.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tankmek
                / qmail_freebsd.md
            
            
              Created
              February 15, 2018 19:16
            
              
                Notes for installing qmail + vpopmail in a freebsd jail.
              
          
    *** DRAFT **** DRAFT *****

[Install ezjail]

ezjail-admin create mail 'lo2|127.0.0.3,bge0|xx.xx.33.90'
echo 'cloned_interfaces="lo2"' >>/etc/rc.conf
service netif cloneup
	# Retrieve the current ACL
	$acl = Get-Acl -Path .\private_file.txt


	# Define the audit rule for Everyone with Success and Failure auditing for Read
	$auditRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Everyone", "Read", "Success,Failure")


	# Add the audit rule to the ACL
	$acl.AddAuditRule($auditRule)
	# Reference: https://blog.edie.io/2020/04/30/diy-ip-threat-feed/
	# Reference: https://github.com/tankmek/threatfeed/raw/master/ip_threat_feed.csv

	index=honeypot eventtype="login_success"
	\| stats earliest(_time) AS first_seen, dc(host) AS sensor, latest(_time) AS last_seen by src_ip
	\| fieldformat first_seen=strftime(first_seen, "%Y%m%d %X")
	\| fieldformat last_seen=strftime(last_seen, "%Y%m%d %X")
	\| iplocation src_ip
	\| eval Country = if(isnull(Country), "Unknown", Country)
	\| lookup tor_exit_nodes exit_node_ip AS src_ip OUTPUTNEW exists AS tor_exit_node
	sudo modprobe nbd max_part=8
	sudo qemu-nbd --connect=/dev/nbd0 image.qcow2
	# identify each partition
	sudo fdisk /dev/nbd0 -l
	# create mount location and then mount
	sudo mkdir /mnt/disk1
	sudo mount /dev/nbd0p1 /mnt/disk1
	download OVA
	apt update && apt -y full-upgrade
	reboot
	apt -y --reinstall install open-vm-tools-desktop fuse (If new kernel version)
	reboot

	# When key expires
	wget -q -O - https://archive.kali.org/archive-key.asc \| apt-key add
	# Create 100MB boot partition (Linux)
	# Make the rest of the space one unit not bootable
	## Make cryptanalysis harder
	dd if=/dev/urandom of=/dev/sda2
	# Setup luks container
	#cryptsetup --verbose --cipher aes-xts-plain64:sha512 --key-size 512 --hash sha512 --iter-time 5000 luksFormat
	cryptsetup -s 256 -y luksFormat /dev/sdx2
	cryptsetup luksOpen /dev/sdx2 slackcrypt
	# create physical volume
	pvcreate /dev/mapper/slackcrypt
	# Manpage excerpt:
	# Since the first obtained value for each parameter is used, more host-specific
	# declarations should be given near the beginning of the file, and general defaults at the end.
	Host *
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
	## Better SSH Security
	# @c0demech // Michael Edie
	# If using the following key exchange protocol:
	# diffie-hellman-group-exchange-sha256: Custom DH with SHA2
	# run the following:
	# ssh-keygen -G /tmp/moduli -b 4096
	# ssh-keygen -T /etc/ssh/moduli -f /tmp/moduli

	# Generate rsa key with:
	# ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
	# Settings up external NTP on DC
	w32tm /query /source # If you get CMOS continue
	net stop w32time
	w32tm /config /syncfromflags:manual /manualpeerlist:”pool.ntp.org,0x1”
	# Make your PDC a reliable time source for the clients.
	w32tm /config /reliable:yes
	net start w32time
	# Wait a few minutes and it should update
	w32tm /query /source # Validate