ℹ️ This was duplicated to this blog for readability and reference
The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.
ajish uhjish
brokensound77
/ RMM-detection.md
Last active
June 28, 2024 13:51
Detection Engineering: RMM analysis
karlvr
/ postgresql-geoip.sql
Last active
April 1, 2022 01:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- | |
| -- GEOIP IN POSTGRESQL | |
| -- | |
| -- We use two approaches. First using PostgreSQL inet and cidr types and indexing (PostgreSQL 9.4 and later), | |
| -- and then using ip4r (https://github.com/RhodiumToad/ip4r). | |
| -- The performance of ip4r indexes is significantly better than PostgreSQL's own index. | |
| -- An operation that took 42s using ip4r took 47 minutes using PostgreSQL's cidr index. | |
| -- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Invoke-Kerberoast.ps1 | |
| Author: Will Schroeder (@harmj0y), @machosec | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
| Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sample script to deploy HDF via blueprint | |
| # - Installs Ambari server/agents | |
| # - Installs HDF mpack | |
| # - Uses ambari-bootstrap to generate blueprint based on stack advisor recommendation and starts cluster install | |
| # - Optionally: installs KDC, sets up postgres for Ranger, allows customizations of config properties and number of Nifi nodes | |
| # | |
| # Usage: su as root and run below to invoke this script on a host where CentOS/RHEL has been freshly installed (do NOT run this on HDP sandbox!). You can customize the functionality by setting env vars e.g. | |
| # export host_count=3; export install_nifi_on_all_nodes=true; curl -sSL https://gist.github.com/abajwa-hw/ae4125c5154deac6713cdd25d2b83620/raw | sudo -E sh ; | |
| # Note for multi-node install, you will need to install/register agents on other nodes first using below (replace <AMBARI_SERVER_HOSTNAME>) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Global LRU caching utility. For that little bit of extra speed. | |
| The caching utility provides a single wrapper function that can be used to | |
| provide a bit of extra speed for some often used function. The cache is an LRU | |
| cache including a key timeout. | |
| Usage:: | |
| import cache | |
| @cache.memoize |
apollolm
/ nginx-ssl-config
Last active
January 12, 2023 14:47
Nginx Configuration with multiple port apps on same domain, with SSL.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # the IP(s) on which your node server is running. I chose port 3000. | |
| upstream app_geoforce { | |
| server 127.0.0.1:3000; | |
| } | |
| upstream app_pcodes{ | |
| server 127.0.0.1:3001; | |
| } |