Austin Songer, CISSP austinsonger
🙃
ericdmoore
/ New-Machine-Setup.md
Last active
April 25, 2024 20:22
The bare minimum for me to be productive on a new machine
Not necessarily meant to be followed step by step, although it is recommended. Some steps are valid during all levels, others give way to better alternatives further on.
HuangJiaLian
/ make_dmg.sh
Created
April 2, 2022 05:37
Two steps to turn a Python file to a macOS installer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Ref.: https://www.pythonguis.com/tutorials/packaging-pyqt5-applications-pyinstaller-macos-dmg/ | |
| rm -rf build dist/* | |
| ################################################# | |
| # Create app file using pyinstaller | |
| ################################################# | |
| pyinstaller --name 'Huanbu' \ |
Samirbous
/ process started via seclogon
Created
January 4, 2022 14:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| event.code:4688 and winlog.event_data.TargetUserSid :"S-1-0-0" and not winlog.event_data.TargetUserName:*$ and | |
| not winlog.event_data.TargetUserName:- and not winlog.event_data.TargetUserName:"defaultuser100000" and | |
| not winlog.event_data.TargetUserName : ("LOCAL SERVICE" or "NETWORK SERVICE") and | |
| not winlog.event_data.TargetDomainName : ("NT Service" or "Font Driver Host") |
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
April 28, 2025 21:31
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
Neo23x0
/ log4j_rce_detection.md
Last active
April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
haircut
/ Disable-iCloud-Private-Relay.mobileconfig
Created
October 28, 2021 00:24
Disables the iCloud Private Relay feature.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>PayloadDisplayName</key> | |
| <string>Restrictions</string> | |
| <key>PayloadIdentifier</key> |
oz9un
/ network_specifications.xml
Created
October 18, 2021 11:11
SysmonForLinux - Allow only specific ports and protocols.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.70"> | |
| <EventFiltering> | |
| <!-- Event ID 3 == NetworkConnect Detected. Do not log anything!--> | |
| <RuleGroup name="" groupRelation="and"> | |
| <NetworkConnect onmatch="exclude"> | |
| <Protocol condition="is">tcp</Protocol> | |
| <Protocol condition="is">udp</Protocol> | |
| <DestinationPort condition="is">80</DestinationPort> | |
| <DestinationPort condition="is">443</DestinationPort> | |
| </NetworkConnect> |
oz9un
/ all_disabled.xml
Created
October 18, 2021 10:18
SysmonForLinux - Disable all logs [Main Template]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.70"> | |
| <EventFiltering> | |
| <!-- BELOW PART DISABLES ALL OTHER LOGS FOR FIXING THE MESS!--> | |
| <!-- Event ID 1 == ProcessCreate. Log only ping process. --> | |
| <RuleGroup name="" groupRelation="or"> | |
| <ProcessCreate onmatch="include"/> | |
| </RuleGroup> | |
| <!-- Event ID 3 == NetworkConnect Detected. Do not log anything!--> | |
| <RuleGroup name="" groupRelation="or"> | |
| <NetworkConnect onmatch="include"/> |