Skip to content

Instantly share code, notes, and snippets.

View clong's full-sized avatar

Chris Long clong

528 followers · 4 following
View GitHub Profile
@clong
clong / fleet_snippet.sh
Created March 22, 2018 02:32
fleet_snippet
# Generate a base64 encoded random string with length provided in $1
function generate_random() {
docker run --rm --entrypoint sh kolide/openssl -c "cat /dev/random | base64 | head -c $1"
}
@clong
clong / tty_upgrade.md
Created April 2, 2018 06:01
TTY upgrade

Python shell launched and caught:

osquery> select distinct(processes.pid), processes.parent, processes.name, processes.path, processes.cmdline, processes.cwd, processes.root, processes.uid, processes.gid, processes.start_time, process_open_sockets.remote_address, process_open_sockets.remote_port from processes join process_open_sockets using (pid) left outer join process_open_files on processes.pid = process_open_files.pid WHERE (name='Python' OR name='sh' OR name='bash') AND  process_open_files.pid is null;
+-----+--------+--------+-----------------------------------------------------------------------------------------------------+------------+--------------+------+-----+-----+------------+----------------+-------------+
| pid | parent | name   | path                                                                                                | cmdline    | cwd          | root | uid | gid | start_time | remote_address | remote_port |
+-----+--------+--------+------------------------------------------
@clong
clong / gist:d977895e2cd7cb9dafef56a951741b8e
Created June 5, 2018 15:42
circle_osquery.conf
{
"platform": "linux",
"schedule": {
"detect_responder": {
"query": "SELECT * FROM detect_responder;",
"interval": 10
}
}
}
@clong
clong / fix-caldera-config.ps1
Created March 12, 2019 06:56
# This script downloads an updated Caldera config if the one in replace
# is found to not match the one on the server
$tempCalderaCertFromServer = "c:\windows\temp\conf.yml"
$cagentConfPath = "C:\Program Files\cagent\conf.yml"
try {
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;(New-Object System.Net.WebClient).DownloadFile('https://logger:8888/conf.yml', $tempCalderaCertFromServer)
} catch {
Write-Host "The Caldera server cannot be reached at this time."
@clong
clong / Caldera_Config_Fixer.xml
Created March 12, 2019 06:57
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2019-03-12T06:13:46.6956561</Date>
<Author>WEF\vagrant</Author>
<Description>Grabs the latest config from the Caldera server</Description>
<URI>\Caldera_Config_Fixer</URI>
</RegistrationInfo>
<Triggers>
<CalendarTrigger>
@clong
clong / gist:b95b7737579a0ec50de9d9342da7af25
Created March 14, 2019 20:32
$ aws ec2 describe-images --owners 505638924199 --executable-users all
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2019-03-05T04:27:56.000Z",
"ImageId": "ami-00ae1022c8a735d81",
"ImageLocation": "505638924199/import-ami-09eb68f773fab5bf8",
"ImageType": "machine",
"Public": true,
@clong
clong / gist:6c274f8203f9cdda56abb667aa7b62d5
Created April 8, 2019 06:55
$ vagrant reload dc --provision --debug
INFO global: Vagrant version: 2.2.4
INFO global: Ruby version: 2.4.4
INFO global: RubyGems version: 2.6.14.1
INFO global: VAGRANT_DEFAULT_PROVIDER="vmware_desktop"
INFO global: VAGRANT_EXECUTABLE="/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/bin/vagrant"
INFO global: VAGRANT_INSTALLER_VERSION="2"
INFO global: VAGRANT_INSTALLER_ENV="1"
INFO global: VAGRANT_INSTALLER_EMBEDDED_DIR="/opt/vagrant/embedded"
INFO global: VAGRANT_LOG="debug"
@clong
clong / gist:fb0d0d7a83b01a08b820c597fccb4d40
Created April 27, 2019 21:52
The following WinRM command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
powershell -ExecutionPolicy Bypass -OutputFormat Text -file "c:\tmp\vagrant-shell.ps1"
Stdout from the command:
Installing Chocolatey
Getting latest version of the Chocolatey package for download.
Getting Chocolatey from https://chocolatey.org/api/v2/package/chocolatey/0.10.13.
@clong
clong / gist:fafa84443816cfe33bfe6726e4149cf7
Created April 28, 2019 05:30
# vagrant status --debug
INFO global: Vagrant version: 2.2.4
INFO global: Ruby version: 2.4.4
INFO global: RubyGems version: 2.6.14.1
INFO global: VAGRANT_INSTALLER_EMBEDDED_DIR="/opt/vagrant/embedded"
INFO global: VAGRANT_INSTALLER_ENV="1"
INFO global: VAGRANT_INSTALLER_VERSION="2"
INFO global: VAGRANT_EXECUTABLE="/opt/vagrant/embedded/gems/2.2.4/gems/vagrant-2.2.4/bin/vagrant"
INFO global: VAGRANT_LOG="debug"
WARN global: resolv replacement has not been enabled!
@clong
clong / gist:f8b2089a0d784467c7a11d0be83cd1c6
Created December 15, 2019 06:47
Error retrieving packages from source 'https://chocolatey.org/api/v2/':
Could not connect to the feed specified at 'https://chocolatey.org/api/v2/'.
Please verify that the package source (located in the Package Manager Settings)
is valid and ensure your network connectivity.