Warren Baker wagonza

## gist:8aba9bb95ced56861c09
elasticsearch:
 image: <yourESImage>
 environment:
  - "TZ=Africa/Johannesburg"
 ports:
  - x.x.x.x:9200:9200/tcp
  - x.x.x.x:9300:9300/tcp

logstash:
 image: <yourLogStashImage>

## gist:0bbd6e40de4878e091bc012acefb407c
shell -$SHELL
defscrollback 15000
autodetach on
startup_message off
#termcapinfo xterm*|Eterm|mlterm|rxvt 'hs:ts=\E]0;:fs=\007:ds=\E]0;screen\007'
termcapinfo rxvt-unicode ti@:te@     #enable SHIFT-PGUP / SHIFT-PGDOWN scroll
#termcapinfo wy* CS=\E[?1h:CE=\E[?1l:vi=\E[?25l:ve=\E[?25h:VR=\E[?5h:VN=\E[?5l:cb=\E[1K:CD=\E[1J
terminfo rxvt-unicode ti@:te@:
#term screen-256color
setenv LC_CTYPE en_US.UTF-8

## ciscoasa.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                wagonza
                / ciscoasa.md
            
            
              Last active
              July 21, 2018 10:29
            
              
                Cisco ASA Typical Connection Status indicators
              
          
    Typical CISCO Asa status indicators:


TCP FINs - The remote server tore down the connection (typical for HTTP or FTP connections). Normal close down sequence.
TCP Reset-I - The client tore down the connection (typical in an SMTP or IMAP exchange). Reset was from the inside (high security).
TCP Reset-O - The server was not listening on that protocol at that time (usually seen as coming from SMTP servers). Reset was from the outside (low security).
FIN Timeout - Force termination after 10 minutes awaiting the last ACK or after half-closed timeout
SYN Timeout - Forced termination after two minutes awaiting three-way handshake completion
Deny - Terminated by application inspection
SYN Control - Back channel initiation from wrong side


## emotetlist
Emotet List
hxxp://n01goalkeeper.com/wp-content/t69/
hxxp://dixieblissluxuries.com/wp-admin/cjm6/
hxxp://betc-photographe-alsace.com/old-3-octobre/1955t1n713/
hxxp://www.novawebdesigns.com/germanmilitariatwo/wp-content/uoata252/
hxxp://www.newuvolume2.com/wp-content/upgrade/g1z8jf7/
hxxp://drnishayoga.com/ao48270/76pzd398
hxxps://casasaigon.com/wp-admin/sf64228
hxxps://www.itmsas.net/wp-admin/4r2s9
hxxp://betc-photographe-alsace.com/old-3-octobre/1955t1n713

## blacklist_ca.sh

trust dump --filter "pkcs11:id=%AD%BD%98%7A%34%B4%26%F7%FA%C4%26%54%EF%03%BD%E0%24%CB%54%1A;type=cert"  > /etc/pki/ca-trust/source/blacklist/addtrust-external-root.p11-kit
update-ca-trust extract
	elasticsearch:
	image: <yourESImage>
	environment:
	- "TZ=Africa/Johannesburg"
	ports:
	- x.x.x.x:9200:9200/tcp
	- x.x.x.x:9300:9300/tcp

	logstash:
	image: <yourLogStashImage>
	shell -$SHELL
	defscrollback 15000
	autodetach on
	startup_message off
	#termcapinfo xterm*\|Eterm\|mlterm\|rxvt 'hs:ts=\E]0;:fs=\007:ds=\E]0;screen\007'
	termcapinfo rxvt-unicode ti@:te@ #enable SHIFT-PGUP / SHIFT-PGDOWN scroll
	#termcapinfo wy* CS=\E[?1h:CE=\E[?1l:vi=\E[?25l:ve=\E[?25h:VR=\E[?5h:VN=\E[?5l:cb=\E[1K:CD=\E[1J
	terminfo rxvt-unicode ti@:te@:
	#term screen-256color
	setenv LC_CTYPE en_US.UTF-8
	Emotet List
	hxxp://n01goalkeeper.com/wp-content/t69/
	hxxp://dixieblissluxuries.com/wp-admin/cjm6/
	hxxp://betc-photographe-alsace.com/old-3-octobre/1955t1n713/
	hxxp://www.novawebdesigns.com/germanmilitariatwo/wp-content/uoata252/
	hxxp://www.newuvolume2.com/wp-content/upgrade/g1z8jf7/
	hxxp://drnishayoga.com/ao48270/76pzd398
	hxxps://casasaigon.com/wp-admin/sf64228
	hxxps://www.itmsas.net/wp-admin/4r2s9
	hxxp://betc-photographe-alsace.com/old-3-octobre/1955t1n713

	trust dump --filter "pkcs11:id=%AD%BD%98%7A%34%B4%26%F7%FA%C4%26%54%EF%03%BD%E0%24%CB%54%1A;type=cert" > /etc/pki/ca-trust/source/blacklist/addtrust-external-root.p11-kit
	update-ca-trust extract