- Incident Title: [Descriptive Name of Incident]
- Incident ID: [Unique Identifier]
- Date of Detection: [YYYY-MM-DD]
- Incident Lead: [Name]
- Assigned Team: [Incident Response Team]
- Current Status: [Open | In Progress | Resolved]
BlueSide_StrongSide BlueSideStrongSide
BlueSideStrongSide
/ Ir_template.md
Created
October 7, 2024 21:03
Base Example Of A Markdown Incident TImeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Finance: | |
| - 401(k) | |
| - 401k | |
| - Account Number | |
| - Accounting unit | |
| - Bank Account | |
| - Bank Account Number | |
| - Bank Password | |
| - BTC | |
| - Credit Card |
BlueSideStrongSide
/ gist:f11685859ab86259929bc019c6d20519
Created
June 15, 2023 03:54
Markdown Malware Analysis Tempalte
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Malware Analysis Report GPTemplate | |
| **Table of Contents** | |
| 1. [Executive Summary](#executive-summary) | |
| 2. [Introduction](#introduction) | |
| 3. [Malware Overview](#malware-overview) | |
| 4. [Infection Vector](#infection-vector) | |
| 5. [Malware Behavior](#malware-behavior) | |
| 6. [Indicators of Compromise (IOCs)](#indicators-of-compromise-iocs) |
BlueSideStrongSide
/ log_locations_aws_local.txt
Last active
June 8, 2023 23:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /var/log/amazon/ssm/amazon-ssm-agent.log | |
| /var/log/amazon/ssm/errors.log | |
| /var/log/audit/audit.log | |
| /var/log/cloud-init-output.log | |
| /var/log/cfn-init.log | |
| /var/log/cfn-init-cmd.log | |
| /var/log/cloud-init.log (Amazon Linux 1 / Amazon Linux 2 only) | |
| /var/log/cron | |
| /var/log/maillog | |
| /var/log/messages |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import csv | |
| import os | |
| # input arguments your track dict | |
| # input arguments the filename of the newly created csv | |
| def _export_to_csv(input_dict: dict = None, export_filename: str = None): | |
| try: | |
| # example.csv is the name of our exported file | |
| # mode = a+ we open a file handled in append plus mode |
BlueSideStrongSide
/ meridian_ports.csv
Created
May 18, 2022 00:04
Tracking updates to the IANA ports list csv. I will use this data in a supporting open source project just storing the data for now. Original link included https://www.meridianoutpost.com/resources/articles/well-known-tcpip-ports.php.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Port | Transport | Service/Comment | Official | |
|---|---|---|---|---|
| 0 | TCP, UDP | Reserved; do not use (but is a permissible source port value if the sending process does not expect messages in response) | Official | |
| 1 | TCP, UDP | TCPMUX | Official | |
| 5 | TCP, UDP | RJE (Remote Job Entry) | Official | |
| 7 | TCP, UDP | ECHO protocol | Official | |
| 9 | TCP, UDP | DISCARD protocol | Official | |
| 11 | TCP, UDP | SYSTAT protocol | Official | |
| 13 | TCP, UDP | DAYTIME protocol | Official | |
| 17 | TCP, UDP | QOTD (Quote of the Day) protocol | Official | |
| 18 | TCP, UDP | Message Send Protocol | Official |
BlueSideStrongSide
/ wiki_ports.csv
Created
May 18, 2022 00:03
Tracking updates to the IANA ports list csv. I will use this data in a supporting open source project just storing the data for now. Original link included https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | Reserved | Reserved | In programming APIs (not in communication between hosts), requests a system-allocated (dynamic) port[6] | |||
|---|---|---|---|---|---|---|
| 1 | Yes | Assigned | TCP Port Service Multiplexer (TCPMUX). Historic. Both TCP and UDP have been assigned to TCPMUX by IANA,[2] but by design only TCP is specified.[7] | |||
| 5 | Assigned | Assigned | Remote Job Entry[8] was historically using socket 5 in its old socket form, while MIB PIM has identified it as TCP/5[9] and IANA has assigned both TCP and UDP 5 to it. | |||
| 7 | Yes | Yes | Echo Protocol[10][11] | |||
| 9 | Yes | Yes | Yes[12] | Discard Protocol[13] | ||
| No | Unofficial | Wake-on-LAN[14] | ||||
| 11 | Yes | Yes | Active Users (systat service)[15][16] | |||
| 13 | Yes | Yes | Daytime Protocol[17] | |||
| 15 | Unofficial | No | Previously netstat service[2][15] | |||
| 17 | Yes | Yes | Quote of the Day (QOTD)[18] |
BlueSideStrongSide
/ nmap_ports.csv
Created
May 18, 2022 00:01
Tracking updates to the nmap ports list csv. I will use this data in a supporting open source project just storing the data for now. Original link included https://svn.nmap.org/nmap/nmap-services.
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| service_name,portnum/protocol,optional comments,, | |
| tcpmux,1/tcp,# TCP Port Service Multiplexer [rfc-1078] | TCP Port Service Multiplexer,, | |
| tcpmux,1/udp,# TCP Port Service Multiplexer,, | |
| compressnet,2/tcp,# Management Utility,, | |
| compressnet,2/udp,# Management Utility,, | |
| compressnet,3/tcp,# Compression Process,, | |
| compressnet,3/udp,# Compression Process,, | |
| unknown,4/tcp,,, | |
| rje,5/tcp,# Remote Job Entry,, | |
| rje,5/udp,# Remote Job Entry,, |
BlueSideStrongSide
/ keir_ports.csv
Last active
May 17, 2022 23:59
Storing formatted output for use in another opensource project original link to content included. http://keir.net/portlist.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Port | Transport | Service | |
|---|---|---|---|
| 0 | TCP | Reserved | |
| 1 | TCP | Port Service Multiplexer | |
| 2 | TCP | Management Utility | |
| 3 | TCP | Compression Process | |
| 4 | TCP | Unassigned | |
| 5 | TCP | Remote Job Entry | |
| 6 | TCP | Unassigned | |
| 7 | TCP | Echo | |
| 8 | TCP | Unassigned |
BlueSideStrongSide
/ iana_ports.csv
Last active
May 18, 2022 00:00
Tracking updates to the IANA ports list csv. I will use this data in a supporting open source project just storing the data for now. Original link included https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=1.
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Service Name,Port Number,Transport Protocol,Description,Assignee,Contact,Registration Date,Modification Date,Reference,Service Code,Unauthorized Use Reported,Assignment Notes | |
| ,0,tcp,Reserved,[Jon_Postel],[Jon_Postel],,,,,, | |
| ,0,udp,Reserved,[Jon_Postel],[Jon_Postel],,,,,, | |
| tcpmux,1,tcp,TCP Port Service Multiplexer,[Mark_Lottor],[Mark_Lottor],,,,,, | |
| tcpmux,1,udp,TCP Port Service Multiplexer,[Mark_Lottor],[Mark_Lottor],,,,,, | |
| compressnet,2,tcp,Management Utility,,,,,,,, | |
| compressnet,2,udp,Management Utility,,,,,,,, | |
| compressnet,3,tcp,Compression Process,[Bernie_Volz],[Bernie_Volz],,,,,, | |
| compressnet,3,udp,Compression Process,[Bernie_Volz],[Bernie_Volz],,,,,, | |
| ,4,tcp,Unassigned,,,,,,,, |
NewerOlder