boredhackerblog BoredHackerBlog

I do stuff when I'm bored.

BoredHackerBlog / 01-netcfg.yaml

Created September 12, 2021 02:34

netplan config for bridge, br0 can be used to sniff traffic between eth1, eth2

	# root@host:~# cat /etc/netplan/01-netcfg.yaml
	network:
	version: 2
	renderer: networkd
	ethernets:
	eth0:
	dhcp4: yes
	eth1:
	dhcp4: no
	eth2:

BoredHackerBlog / rulematch.py

Created September 4, 2021 19:19

dict rule match - this code essentially takes in a bunch of rules and compares them against an event (dict) and prints if something matches

	# requires dictquery (pip3 install dictquery or get it from here: https://github.com/cyberlis/dictquery)
	import dictquery as dq

	#each rule needs to be a new line
	#rule format, RULENAME\|RULE
	#rule syntax: https://github.com/cyberlis/dictquery#dictquery
	rules_file = "rules.txt"

	rules = {}

BoredHackerBlog / docker-compose.yml

Created August 15, 2021 22:52

cortex standalone (thehive project) from https://github.com/TheHive-Project/Docker-Templates

	version: '2'
	services:
	elasticsearch:
	image: 'elasticsearch:7.11.1'
	environment:
	- http.host=0.0.0.0
	- discovery.type=single-node
	- script.allowed_types=inline
	- thread_pool.search.queue_size=100000
	- thread_pool.write.queue_size=10000

BoredHackerBlog / dfdiff.py

Created February 19, 2021 14:10

	#source: https://kanoki.org/2019/07/04/pandas-difference-between-two-dataframes/

	import pandas as pd
	import sys

	def compare(csv1, csv2):
	#might need to modify this to drop certain columns or read csv a certain way
	dfcsv1 = pd.read_csv(csv1)
	dfcsv2 = pd.read_csv(csv2)

BoredHackerBlog / dockerfirefox.sh

Created February 1, 2021 02:56

docker firefox container

	while true; do
	docker stop firefox;
	docker rm firefox;
	docker run -d --name=firefox -p 5800:5800 -v /dev/shm:/dev/shm --privileged -e KEEP_APP_RUNNING=1 -e VNC_PASSWORD=passwd -e DISPLAY_WIDTH=1900 -e DISPLAY_HEIGHT=900 jlesage/firefox;
	sleep 300;
	done

BoredHackerBlog / Vagrantfile

Last active January 2, 2021 19:49

Vagrantfile for creating Win10 VM w/ firewall disabled

	#copied some things from https://github.com/jckhmr/adlab
	Vagrant.configure("2") do \|config\|
	config.vm.guest = :windows
	config.vm.communicator = "winrm"
	config.vm.boot_timeout = 600
	config.vm.graceful_halt_timeout = 600
	config.winrm.retry_limit = 10
	config.winrm.retry_delay = 20

	config.vm.provider "virtualbox" do \|v\|

BoredHackerBlog / FileSystemWatcher_copy_on_change.ps1

Created January 1, 2021 02:00

	#copied from https://gallery.technet.microsoft.com/scriptcenter/Powershell-FileSystemWatche-dfd7084b

	$folder = 'C:\Users\IEUser\Desktop\testfolder'
	$filter = '.'
	$savefolder = 'C:\temp\'

	$fsw = New-Object IO.FileSystemWatcher $folder, $filter -Property @{IncludeSubdirectories = $true;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}

	Register-ObjectEvent $fsw Changed -SourceIdentifier FileChanged -Action {
	$filepath = $Event.SourceEventArgs.FullPath

BoredHackerBlog / inotify_copy_on_close_write.sh

Created December 5, 2020 01:29

	# This is for monitoring a folder (recursive) and copying files that were saved into a new folder
	# apt install inotify-tools
	# https://linux.die.net/man/1/inotifywait includes events
	# command below does copy after close_write event
	inotifywait -q -m -r -e close_write --format '%w%f' myfiles/ \| while read afile; do cp --parents -r $afile /tmp/; done

BoredHackerBlog / cape_install_notes

Created August 8, 2020 20:08

	#source: https://medium.com/@soji256/build-a-cape-sandbox-to-analyze-emotet-3d507599dda6
	# https://medium.com/@soji256/build-a-malconfscan-with-cuckoo-environment-to-analyze-emotet-ff0c4c589afe

	#download IE VM from https://gist.github.com/zmwangx/e728c56f428bc703c6f6#gistcomment-3196040
	# https://drive.google.com/a/pondurance.com/uc?export=download&id=0B76gNAvlBE7eSXp3ZDBSSWdUUjA

	#for ubuntu 18.04 desktop
	# username must be research
	sudo apt update
	sudo apt upgrade -y

BoredHackerBlog / get_site_title.go

Created May 17, 2020 19:22