ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.
# the IP(s) on which your node server is running. I chose port 3000. | |
upstream app_geoforce { | |
server 127.0.0.1:3000; | |
} | |
upstream app_pcodes{ | |
server 127.0.0.1:3001; | |
} |
"""Global LRU caching utility. For that little bit of extra speed. | |
The caching utility provides a single wrapper function that can be used to | |
provide a bit of extra speed for some often used function. The cache is an LRU | |
cache including a key timeout. | |
Usage:: | |
import cache | |
@cache.memoize |
# Sample script to deploy HDF via blueprint | |
# - Installs Ambari server/agents | |
# - Installs HDF mpack | |
# - Uses ambari-bootstrap to generate blueprint based on stack advisor recommendation and starts cluster install | |
# - Optionally: installs KDC, sets up postgres for Ranger, allows customizations of config properties and number of Nifi nodes | |
# | |
# Usage: su as root and run below to invoke this script on a host where CentOS/RHEL has been freshly installed (do NOT run this on HDP sandbox!). You can customize the functionality by setting env vars e.g. | |
# export host_count=3; export install_nifi_on_all_nodes=true; curl -sSL https://gist.github.com/abajwa-hw/ae4125c5154deac6713cdd25d2b83620/raw | sudo -E sh ; | |
# Note for multi-node install, you will need to install/register agents on other nodes first using below (replace <AMBARI_SERVER_HOSTNAME>) |
<# | |
Invoke-Kerberoast.ps1 | |
Author: Will Schroeder (@harmj0y), @machosec | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
-- | |
-- GEOIP IN POSTGRESQL | |
-- | |
-- We use two approaches. First using PostgreSQL inet and cidr types and indexing (PostgreSQL 9.4 and later), | |
-- and then using ip4r (https://github.com/RhodiumToad/ip4r). | |
-- The performance of ip4r indexes is significantly better than PostgreSQL's own index. | |
-- An operation that took 42s using ip4r took 47 minutes using PostgreSQL's cidr index. | |
-- |
ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.