Skip to content

Instantly share code, notes, and snippets.

View ag-michael's full-sized avatar
💭
for(;;){}

Michael ag-michael

💭
for(;;){}
View GitHub Profile
@ag-michael
ag-michael / FalconHuntqueries.md
Last active November 14, 2024 09:29
Falcon hunt queries

timestamp convert:


 convert ctime(timestamp/1000)

.top,.club,.xyz,.ru domain lookups where the amount of lookup for the domain is more than 1 and less than 4 per computer


aid=* event_simpleName=DnsRequest | regex DomainName=".*\.top$|.*\.club$|.*\.xyz$|.*\.ru$|[0-9]+.*\.\w$" | stats values(ComputerName) count by DomainName| where count <4 | sort – count
@ag-michael
ag-michael / ADenrichment.html
Created April 16, 2019 17:05
ADEnrichment report template
<style>
#reportrow {
position:relative;
overflow-wrap:anywhere;
border-bottom:solid 1px;
}
</style>
<div class="panel panel-info" ng-if="success">
<div class="panel-heading">