Skip to content

Instantly share code, notes, and snippets.

View dvas0004's full-sized avatar

David Vassallo dvas0004

26 followers · 3 following
View GitHub Profile
@dvas0004
dvas0004 / logstash.conf
Last active August 29, 2015 14:19
sample logstash configuration file
input {
tcp {
port => 5140
type => "windows-events"
@dvas0004
dvas0004 / embeddedTLSserver.go
Created June 17, 2015 13:05
Example of Golang embedding, see http://blog.davidvassallo.me/?p=1650
package main
import (
"io"
"net/http"
"log"
"crypto/tls"
"net"
"sixpmplc.com/golang/license_server/tls_common"
)
@dvas0004
dvas0004 / tls_common
Last active August 29, 2015 14:23
tls_common - certificate and key for embedded TLS server, see http://blog.davidvassallo.me/?p=1650
package tls_common
/*
IMPORTANT: due to golang's encapsulation directives, variables in this file MUST start with a capital letter, else
they will not be visible from other packages
reference: http://golangtutorials.blogspot.com/2011/06/structs-in-go-instead-of-classes-in.html
*/
/*
@dvas0004
dvas0004 / logging_dynamic_template.json
Created June 25, 2015 09:59
modified default dynamic template for log analysis to be used by logstash (http://blog.davidvassallo.me/?p=1658)
{
"template" : "logstash-*",
"settings" : {
"analysis": {
"analyzer": {
"custom_keyword": {
"filter": ["lowercase"],
"type": "keyword"
}
}
@dvas0004
dvas0004 / nxlog.conf
Created June 28, 2015 12:28
NXLog AlienVault OSSIM configuration (http://blog.davidvassallo.me/?p=1664)
define ROOT /nxlog
Moduledir /usr/local/libexec/nxlog/modules
CacheDir %ROOT%/data
Pidfile %ROOT%/data/nxlog.pid
SpoolDir %ROOT%/data
LogFile %ROOT%/data/nxlog.log
<Extension _syslog>
Module xm_syslog
@dvas0004
dvas0004 / nxlog.conf
Last active August 29, 2015 14:23
NXLog manual, on-demand OSSIM configuration
Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
########################################
# Modules #
@dvas0004
dvas0004 / logstash.conf
Created June 28, 2015 12:43
Logstash config for receiving OSSIM logs
input {
tcp {
port => 5142
type => "ossim-events"
codec => json {
charset => "CP1252"
}
@dvas0004
dvas0004 / gist:d600a65f474f6d313251
Created June 28, 2015 12:50
Manual OSSIM GROK log parsing (legacy)
######## ALIENVAULT OSSIM Logs ########################################
if [type] == "ossim-events" {
grok {
patterns_dir => "/elk/logstash-1.5.1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns"
match => [ "message", "<entry id='%{INT:entry_id}' v='%{INT:v}' fdate='%{FDATE:fdate}' date='%{NUMBER:unix_timestamp}' plugin_id='%{NUMBER:plugin_id}' sensor='%{IP:sensor}' src_ip='%{IP:src_ip}' dst_ip='%{IP:dst_ip}' src_port='%{NUMBER:src_port}' dst_port='%{NUMBER:dst_port}' tzone='%{NUMBER:tzone}' datalen='%{NUMBER:datalen}' data='%{GREEDYDATA:data}' plugin_sid='%{NUMBER:plugin_sid}' proto='%{NUMBER:proto}' ctx='%{GREEDYDATA:ctx}' src_host='%{GREEDYDATA:src_host}' dst_host='%{GREEDYDATA:dst_host}' src_net='%{GREEDYDATA:src_net}' dst_net='%{GREEDYDATA:dst_net}' username='%{GREEDYDATA:username}' userdata1=%{GREEDYDATA:userdata}' idm_host_src='%{GREEDYDATA:idm_host_src}' idm_host_dst='%{GREEDYDATA:idm_host_dst}' idm_mac_src='%{MAC:idm_mac_src}' idm_ma
@dvas0004
dvas0004 / ble_demo.java
Created September 2, 2015 14:25
ble_demo for 6pm
package com.sixpmplc.ble_demo;
import android.annotation.TargetApi;
import android.app.Activity;
import android.bluetooth.BluetoothAdapter;
import android.bluetooth.BluetoothDevice;
import android.bluetooth.BluetoothGatt;
import android.bluetooth.BluetoothGattCallback;
import android.bluetooth.BluetoothGattCharacteristic;
import android.bluetooth.BluetoothGattDescriptor;
@dvas0004
dvas0004 / uol_forensics.c
Created September 7, 2015 07:32
Practice reverse engineering simple C programs for forensics
#include <stdio.h>
int main()
{
char password[13];
printf("What's the password? ");
fgets(password,13,stdin);