| id | |
| author | |
| creation date | |
| platform | |
| playbook link |
Roberto Rodriguez Cyb3rWard0g
🍻
Cyb3rWard0g
/ kafkacat-eventhub.conf
Created
March 22, 2020 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata.broker.list=<EVENTHUB-NAMESPACE>.servicebus.windows.net:9093 | |
| security.protocol=SASL_SSL | |
| sasl.mechanisms=PLAIN | |
| sasl.username=$ConnectionString | |
| sasl.password=Endpoint=<ROOTMANAGERSHAREDACCESSKEY-CONNECTION-STRING-PRIMARY-KEY> | |
| enable.ssl.certificate.verification=false | |
| message.max.bytes=1000000 |
Cyb3rWard0g
/ azure-la-agent-windows.json
Created
March 20, 2020 00:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "condition": "[parameters('enableMonitoringAgent')]", | |
| "type": "Microsoft.Compute/virtualMachines/extensions", | |
| "apiVersion": "2019-03-01", | |
| "name": "[concat(variables('VMName'), '/OMSExtension')]", | |
| "location": "[parameters('location')]", | |
| "dependsOn": [ | |
| "[concat('Microsoft.Compute/virtualMachines/', variables('VMName'))]" | |
| ], | |
| "properties": { |
Cyb3rWard0g
/ azure-la-windows-event-providers.json
Created
March 20, 2020 00:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "workspaceName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "Name for the Log Analytics workspace used to aggregate data" | |
| } | |
| }, |
Cyb3rWard0g
/ ala-workspace-sentinel.json
Last active
October 1, 2021 20:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "utcValue": { | |
| "type": "string", | |
| "defaultValue": "[utcNow()]", | |
| "metadata": { | |
| "description": "Returns the current (UTC) datetime value in the specified format. If no format is provided, the ISO 8601 (yyyyMMddTHHmmssZ) format is used" | |
| } |
Cyb3rWard0g
/ ala-workspace.json
Last active
May 30, 2024 05:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "utcValue": { | |
| "type": "string", | |
| "defaultValue": "[utcNow()]", | |
| "metadata": { | |
| "description": "Returns the current (UTC) datetime value in the specified format. If no format is provided, the ISO 8601 (yyyyMMddTHHmmssZ) format is used" | |
| } |
Cyb3rWard0g
/ sigmac_nbformat_notebook.py
Created
January 11, 2020 06:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Author: Roberto Rodriguez (@Cyb3rWard0g) | |
| # License: GPL-3.0 | |
| import nbformat as nbf | |
| import yaml | |
| import subprocess | |
| import argparse | |
| from os import path |
Cyb3rWard0g
/ es_notebook_nbformat.py
Last active
January 11, 2020 05:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Author: Roberto Rodriguez (@Cyb3rWard0g) | |
| # License: GPL-3.0 | |
| import nbformat as nbf | |
| # Initializing Notebooks Cells | |
| nb = nbf.v4.new_notebook() | |
| nb['cells'] = [] |
Cyb3rWard0g
/ yaml_to_notebook.py
Created
December 18, 2019 05:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import nbformat as nbf | |
| import yaml | |
| # *** Read YAML file *** | |
| analytic = yaml.safe_load(open("WIN-190815181010.yaml").read()) | |
| # *** Create Notebook object *** | |
| nb = nbf.v4.new_notebook() | |
| nb['cells'] = [] |
Cyb3rWard0g
/ WIN-190813181020.yaml
Created
December 17, 2019 16:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title: Remote Service creation | |
| id: WIN-190815181010 | |
| author: Roberto Rodriguez @Cyb3rWard0g | |
| playbook_link: WIN-190813181020 | |
| creation_date: 19/08/15 | |
| platform: Windows | |
| permissions_required: | |
| - Administrator | |
| attack_coverage: | |
| - technique: T1035 |
Cyb3rWard0g
/ threathunter_playbook_format.md
Last active
December 17, 2019 16:49