wzr

## SysmonEventGUIDParser.ps1
# Author: Matthew Graeber (@mattifestation)

$Epoch = Get-Date '01/01/1970'

# Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/
$StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName
$TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone)

# Parse out all the LogonGUID fields for sysmon ProcessCreate events
Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } | ForEach-Object {

## gist:2dae7ecc02dfc9745bb67976352fc83e
output:
  - platform: gpio
    pin: GPIO4
    id: shelly_25_relay_1
  - platform: gpio
    pin: GPIO15
    id: shelly_25_relay_2

fan:
  - platform: binary

## gist:f9382425b3511dc5df9069d04e9a6cd9
0.0,4044846.845925496,621861.718327588,4875890.961218956
0.1,4044846.5780038214,621862.0272585081,4875891.142851647
0.2,4044846.3100821143,621862.336189386,4875891.324484328
0.3,4044846.042160376,621862.6451202217,4875891.506116999
0.4,4044845.7742386055,621862.9540510151,4875891.68774966
0.5,4044845.5063168043,621863.2629817667,4875891.8693823125
0.6,4044845.238394972,621863.5719124762,4875892.051014955
0.7,4044844.9704731074,621863.8808431432,4875892.2326475885
0.8,4044844.702551213,621864.1897737688,4875892.414280211
0.9,4044844.434629286,621864.4987043517,4875892.595912824

## extended_search_reporting.xml
<form>
  <label>Extended Search Reporting, v1.4</label>
  <fieldset submitButton="false"></fieldset>
  <row>
    <panel>
      <html>
  <h3>Search Efficiency Ratings</h3>
  <p/>
  Description: The efficiency panel is a ranking of searches based on how efficient the searches are. The value represents a function of how often the search runs and how long it takes to run. A search running often and takes a long time will have a low efficiency value. Searches that run in less time raise efficiency value.
  <p/>

## iterm2-solarized.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                wzr
                / iterm2-solarized.md
            
            
              Created
              January 30, 2019 21:14
                — forked from kevin-smets/iterm2-solarized.md
            
              
                iTerm2 + Oh My Zsh + Solarized color scheme + Meslo powerline font + [Powerlevel9k] - (macOS)
              
          
      View iterm2-solarized.md
  
      
    Default

Powerlevel9k


## gist:2041f626d8a90d9922fd5abdd572bbf4
Follow normal process for installing openSSH/openSSL, generating keys and adding to remote host.  In cygwin, add the following to .bash_profile

### this is necessary to start ssh-agent and add keys
SSH_ENV="$HOME/.ssh/environment"

function start_agent {
     echo "Initialising new SSH agent..."
     /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
     echo succeeded
     chmod 600 "${SSH_ENV}"

## props.conf
[WinEventLog:Security]
#Returns most of the space savings XML would provide
SEDCMD-clean0-null_sids = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(\:)(\s+NULL SID)$/\1/g s/(?m)(ID\:)(\s+0x0)$/\1/g
SEDCMD-clean1-summary = s/This event is generated[\S\s\r\n]+$//g
SEDCMD-clean2-cert_summary = s/Certificate information is only[\S\s\r\n]+$//g
SEDCMD-clean3-blank_ipv6 = s/::ffff://g
SEDCMD-clean4-token_elevation_summary = s/Token Elevation Type indicates[\S\s\r\n]+$//g
SEDCMD-clean5-network_share_summary = s/(?ms)(A network share object was checked to see whether.*$)//g
SEDCMD-clean6-authentication_summary = s/(?ms)(The computer attempted to validate the credentials.*$)//g
SEDCMD-clean7-local_ipv6 = s/(?ms)(::1)//g

## dcparser.py
#!/usr/bin/env python
# (c) 2015 Jan Holthuis
# A simple python script to get some info about Dreamcast images
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:

## download.rb
#!/usr/bin/env ruby

require 'nokogiri'
require 'net/http'
require 'shellwords'
require 'json'

source = Net::HTTP.get('www.domain.com', '/thepagethathasthevideos/')
doc = Nokogiri::HTML(source)
ids = doc.css('a').map{ |a| a.attr('data-vimeoid') }.compact.uniq

## ldap2csv.py
#!/usr/bin/python

# http://www.packtpub.com/article/python-ldap-applications-ldap-opearations

# sudo apt-get install python-ldap

import ldap

host = 'ldap://example.com:389'
dn = 'ldap@example.com'
	# Author: Matthew Graeber (@mattifestation)

	$Epoch = Get-Date '01/01/1970'

	# Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/
	$StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName
	$TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone)

	# Parse out all the LogonGUID fields for sysmon ProcessCreate events
	Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } \| ForEach-Object {
	output:
	- platform: gpio
	pin: GPIO4
	id: shelly_25_relay_1
	- platform: gpio
	pin: GPIO15
	id: shelly_25_relay_2

	fan:
	- platform: binary
	0.0,4044846.845925496,621861.718327588,4875890.961218956
	0.1,4044846.5780038214,621862.0272585081,4875891.142851647
	0.2,4044846.3100821143,621862.336189386,4875891.324484328
	0.3,4044846.042160376,621862.6451202217,4875891.506116999
	0.4,4044845.7742386055,621862.9540510151,4875891.68774966
	0.5,4044845.5063168043,621863.2629817667,4875891.8693823125
	0.6,4044845.238394972,621863.5719124762,4875892.051014955
	0.7,4044844.9704731074,621863.8808431432,4875892.2326475885
	0.8,4044844.702551213,621864.1897737688,4875892.414280211
	0.9,4044844.434629286,621864.4987043517,4875892.595912824
	<form>
	<label>Extended Search Reporting, v1.4</label>
	<fieldset submitButton="false"></fieldset>
	<row>
	<panel>
	<html>
	<h3>Search Efficiency Ratings</h3>
	<p/>
	Description: The efficiency panel is a ranking of searches based on how efficient the searches are. The value represents a function of how often the search runs and how long it takes to run. A search running often and takes a long time will have a low efficiency value. Searches that run in less time raise efficiency value.
	<p/>
	Follow normal process for installing openSSH/openSSL, generating keys and adding to remote host. In cygwin, add the following to .bash_profile

	### this is necessary to start ssh-agent and add keys
	SSH_ENV="$HOME/.ssh/environment"

	function start_agent {
	echo "Initialising new SSH agent..."
	/usr/bin/ssh-agent \| sed 's/^echo/#echo/' > "${SSH_ENV}"
	echo succeeded
	chmod 600 "${SSH_ENV}"
	[WinEventLog:Security]
	#Returns most of the space savings XML would provide
	SEDCMD-clean0-null_sids = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g s/(?m)(\:)(\s+NULL SID)$/\1/g s/(?m)(ID\:)(\s+0x0)$/\1/g
	SEDCMD-clean1-summary = s/This event is generated[\S\s\r\n]+$//g
	SEDCMD-clean2-cert_summary = s/Certificate information is only[\S\s\r\n]+$//g
	SEDCMD-clean3-blank_ipv6 = s/::ffff://g
	SEDCMD-clean4-token_elevation_summary = s/Token Elevation Type indicates[\S\s\r\n]+$//g
	SEDCMD-clean5-network_share_summary = s/(?ms)(A network share object was checked to see whether.*$)//g
	SEDCMD-clean6-authentication_summary = s/(?ms)(The computer attempted to validate the credentials.*$)//g
	SEDCMD-clean7-local_ipv6 = s/(?ms)(::1)//g
	#!/usr/bin/env python
	# (c) 2015 Jan Holthuis
	# A simple python script to get some info about Dreamcast images
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy
	# of this software and associated documentation files (the "Software"), to deal
	# in the Software without restriction, including without limitation the rights
	# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	# copies of the Software, and to permit persons to whom the Software is
	# furnished to do so, subject to the following conditions:
	#!/usr/bin/env ruby

	require 'nokogiri'
	require 'net/http'
	require 'shellwords'
	require 'json'

	source = Net::HTTP.get('www.domain.com', '/thepagethathasthevideos/')
	doc = Nokogiri::HTML(source)
	ids = doc.css('a').map{ \|a\| a.attr('data-vimeoid') }.compact.uniq
	#!/usr/bin/python

	# http://www.packtpub.com/article/python-ldap-applications-ldap-opearations

	# sudo apt-get install python-ldap

	import ldap

	host = 'ldap://example.com:389'
	dn = 'ldap@example.com'