ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.
ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.
-- | |
-- GEOIP IN POSTGRESQL | |
-- | |
-- We use two approaches. First using PostgreSQL inet and cidr types and indexing (PostgreSQL 9.4 and later), | |
-- and then using ip4r (https://github.com/RhodiumToad/ip4r). | |
-- The performance of ip4r indexes is significantly better than PostgreSQL's own index. | |
-- An operation that took 42s using ip4r took 47 minutes using PostgreSQL's cidr index. | |
-- |
<# | |
Invoke-Kerberoast.ps1 | |
Author: Will Schroeder (@harmj0y), @machosec | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
# Sample script to deploy HDF via blueprint | |
# - Installs Ambari server/agents | |
# - Installs HDF mpack | |
# - Uses ambari-bootstrap to generate blueprint based on stack advisor recommendation and starts cluster install | |
# - Optionally: installs KDC, sets up postgres for Ranger, allows customizations of config properties and number of Nifi nodes | |
# | |
# Usage: su as root and run below to invoke this script on a host where CentOS/RHEL has been freshly installed (do NOT run this on HDP sandbox!). You can customize the functionality by setting env vars e.g. | |
# export host_count=3; export install_nifi_on_all_nodes=true; curl -sSL https://gist.github.com/abajwa-hw/ae4125c5154deac6713cdd25d2b83620/raw | sudo -E sh ; | |
# Note for multi-node install, you will need to install/register agents on other nodes first using below (replace <AMBARI_SERVER_HOSTNAME>) |
"""Global LRU caching utility. For that little bit of extra speed. | |
The caching utility provides a single wrapper function that can be used to | |
provide a bit of extra speed for some often used function. The cache is an LRU | |
cache including a key timeout. | |
Usage:: | |
import cache | |
@cache.memoize |
# the IP(s) on which your node server is running. I chose port 3000. | |
upstream app_geoforce { | |
server 127.0.0.1:3000; | |
} | |
upstream app_pcodes{ | |
server 127.0.0.1:3001; | |
} |