I hereby claim:
- I am botlabsdev on github.
- I am botlabsdev (https://keybase.io/botlabsdev) on keybase.
- I have a public key ASBn2VqCK1itTxy5RRpPlR7nAnGjpf98dbSrzhrOw_BRPQo
To claim this, I am signing this object:
Axel botlabsDev
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euxo pipefail | |
| # Download Windows 10 and setup Flare-VM from https://github.com/fireeye/flare-vm | |
| # with zero effort. | |
| vagrant plugin install winrm winrm-elevated | |
| vagrant init gusztavvargadr/windows-10 | |
| vagrant up |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vagrant.configure("2") do |config| | |
| config.vm.box = "peru/ubuntu-20.04-desktop-amd64" | |
| config.vm.box_version = "20210701.01" | |
| config.vm.provider "virtualbox" do |vb| | |
| vb.customize ["modifyvm", :id, "--nictrace1", "on"] | |
| vb.customize ["modifyvm", :id, "--nictracefile1", "#{File.dirname(__FILE__)}/trace1.pcap"] | |
| end | |
| end |
botlabsDev
/ mount_shared_folder.sh
Created
October 6, 2021 08:37
VMware - mount all shared folders from the VMware host into the the linux vm
botlabsDev
/ extract_emails_from_git_events.py
Last active
June 11, 2024 08:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime | |
| import logging | |
| from time import sleep | |
| import requests as requests | |
| logging.basicConfig(level=logging.INFO, filename="git_emails.log") | |
| API_URL = "https://api.github.com/events?per_page=1000" | |
| DENY_LIST = ["example.com", "github.com"] | |
| LOCAL_TIMEZONE = datetime.datetime.now().astimezone().tzinfo |
botlabsDev
/ keybase.md
Created
March 23, 2022 18:14
botlabsDev
/ simple_tcp_sinkhole.py
Last active
May 18, 2022 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 23:65535 -j DNAT --to-destination :5555 | |
| # sudo python3 fake_tcp_server.py | |
| # sudo tcpdump -i eth0 port not 22 -C 100000 -w dump | |
| ### fake_tcp_server.py | |
| import asyncio | |
| class TcpSinkhole(asyncio.Protocol): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import ssl | |
| import logging | |
| import socket | |
| logging.basicConfig(filename='tls_logs.log', level=logging.INFO) | |
| #socket.setdefaulttimeout(2) | |
| class TlsSinkholeServer(asyncio.Protocol): | |
| peername = None |
botlabsDev
/ ip_to_asn_history.py
Last active
July 27, 2022 13:23
Historical IP to ASN Mapper - find the ASN of an IP to a given timestamp. Could be faster.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Twitter: @botlabsDev | |
| # $ python3 ip_to_asn_history.py 8.8.8.8 --day 2019-01-01 | |
| # alternative online tool: https://stat.ripe.net/widget/routing-history | |
| import argparse | |
| import datetime | |
| import ipaddress | |
| import tarfile | |
| from dataclasses import dataclass |
botlabsDev
/ new_microsoft_threat_actor_naming_taxonomy.py
Last active
April 20, 2023 12:00
The new Microsoft threat actor naming taxonom as line formated json. -> https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pprint import pprint | |
| import requests | |
| # https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide | |
| # https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/ | |
| URL = "https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/ThreatActorNaming/MicrosoftMapping.json" | |
botlabsDev
/ ms_threat_actor_taxonomy_to_misp_format.py
Created
April 20, 2023 11:53
Microsoft threat actory taxonomy to misp format converter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import uuid | |
| from pprint import pprint | |
| import requests | |
| # https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide | |
| # https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/ | |
OlderNewer