Jason Kendall coolacid
coolacid
/ gist:a6ab2e481ae50900c703
Created
April 20, 2015 14:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "_shard": 0, | |
| "_node": "fan7MZSvSUS6LS3XcwQFfA", | |
| "_index": "cif.observables-2015.04.20", | |
| "_type": "observables", | |
| "_id": "bafb0b47000be58fb6c4f08f29af81704531965b0bd907e57c7f99c69ae194b8", | |
| "_score": 1, | |
| "fields": { | |
| "tags": [ | |
| "suspicious" |
coolacid
/ gist:158eee28112cfad787c1
Created
April 20, 2015 04:59
Logstash, DNS, GeoIP and CIFv2 Augments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NOTE:: The IPs were taken from the CIF DB for testing. Not actual events. | |
| Logstash startup completed | |
| { | |
| "message" => "2015-04-19 05:46:59,798 fail2ban.actions: WARNING [asterisk-iptables] Ban 141.101.113.108", | |
| "@version" => "1", | |
| "@timestamp" => "2015-04-19T09:46:59.798Z", | |
| "type" => "fail2ban", | |
| "host" => "homer", | |
| "path" => "/srv/Logs/f2b/fail2ban", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original Thread: http://forum.feed-the-beast.com/threads/creating-an-endless-lava-ocean-on-mystcraft.15421/ | |
| Ocean Biome | |
| Single Biome Distribution | |
| Stone Block | |
| Fluid Yellorium Block | |
| Standard World | |
| Normal Moon | |
| Dark Stars | |
| Dark Sun |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is just a collection of different outputs from Event Augmentation Filters. | |
| TLD - Breaks apart TLD data and reports information based on that | |
| OUI - Takes a MAC address and reports the manufacturer details based on OUI lookup | |
| GeoIP - Find the Geo Information from an IP address |
coolacid
/ gist:025e0bd1370d5489d9e4
Created
January 24, 2015 01:18
Set description of a USB sound card
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This expects that you might have multiple USB sound cards that are the same type like I have. | |
| Start out by finding the ATTRS{devpath} value: | |
| udevadm info --attribute-walk /dev/snd/by-id/[DEVICE] | grep devpath | grep ATTRS | head -1 | |
| Create a udev rules file in /etc/udev/rules.d (such as 98-audiocards.rules) and add a line matching the devpath from above: | |
| SUBSYSTEMS=="usb", ATTRS{devpath}=="2.1.1", ENV{SOUND_DESCRIPTION}="Mixer" |
coolacid
/ gist:9b760ef8bc6d0ca1a2ec
Created
January 22, 2015 16:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| generator { | |
| message => "9.8.7.6 5.4.3.2" | |
| count => 1 | |
| } | |
| } | |
| filter { | |
| grok { | |
| match => [ "message", "%{IPORHOST:src} %{IPORHOST:dst}" ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pygithub3 import Github | |
| from subprocess import call | |
| import os | |
| gh = Github() | |
| #es = gh.orgs.get('elasticsearch') | |
| repos = gh.repos.list_by_org('logstash-plugins') |
coolacid
/ goog_auth_toqr.py
Created
July 15, 2014 01:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # Copyright (c) 2014 Nicolas Blais | |
| # All rights reserved. | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions | |
| # are met: | |
| # 1. Redistributions of source code must retain the above copyright | |
| # notice, this list of conditions and the following disclaimer. |
coolacid
/ gist:696943e850316202b39e
Created
June 26, 2014 17:42
Find vulnerable wordpress timthumb files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find . -name '*timthumb.php' -o -name '*img.php' | xargs grep -i "WEBSHOT_ENABLED" | grep -i true | grep -vi error |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Config file here: https://github.com/coolacid/GettingStartedWithELK/blob/master/Other/KV/KV_Stomping.conf | |
| 10,000 of each generator type | |
| Command: time bin/logstash -f KV_Stomping.conf > /dev/null | |
| With Conditionals | |
| real 0m21.677s | |
| user 0m44.223s | |
| sys 0m1.781s |