Skip to content

Instantly share code, notes, and snippets.

@githubfoam
githubfoam / kill-chain model
Last active May 29, 2025 13:49
kill-chain model
============================================================================
The kill-chain model, originally developed by Lockheed Martin as the Cyber Kill Chain, is a framework that helps Security Operations Center (SOC) engineers analyze cyberattacks in a structured way. It breaks down an attack into stages, allowing SOC engineers to understand, detect, and respond effectively.
How a SOC Engineer Uses the Kill-Chain Model
SOC engineers use the kill-chain model to:
Detect Threats Earlier: By recognizing attack patterns at different stages, they can stop an attack before it progresses.
Improve Incident Response: Helps prioritize threats based on their progression within the chain.
@githubfoam
githubfoam / falco detection cheat sheet
Created May 29, 2025 12:03
falco detection cheat sheet
#======================================================================
Simulated Detection Scenarios
Falco – Chmod 777
Scenario: Attacker gives full permissions to a sensitive file.
Simulate:
touch /tmp/test.sh && chmod 777 /tmp/test.sh
@githubfoam
githubfoam / wazuh cheat sheet
Created May 29, 2025 12:02
wazuh cheat sheet
#======================================================================
Part 2: Simulated Detection Scenarios
✅ Wazuh – File Integrity Monitoring
Scenario: Someone modifies /etc/passwd.
Simulate:
echo "#TEST123" >> /etc/passwd
@githubfoam
githubfoam / xdr cheat sheet
Last active May 28, 2025 08:08
xdr cheat sheet
#======================================================================
To make an informed decision on purchasing an XDR product, you need a structured approach to evaluating vendors and ensuring the solution meets your security needs. Here's how you can organize the process effectively:
1. Define Evaluation Goals & Success Criteria
Establish clear objectives for adopting an XDR solution (e.g., better threat detection, improved response automation).
Identify key security gaps that need addressing.
Define measurable success criteria for the evaluation (e.g., ease of integration, accuracy of threat detection, response time).
@githubfoam
githubfoam / PAM - privilleged access management cheat sheet
Last active May 23, 2025 11:09
PAM - privilleged access management cheat sheet
#===================================================================================================================================
What does a Holistic Approach in PAM involve?
Comprehensive User Access Control
Not only managing privileged users, but also regular employees, third-party contractors, and automated system accounts.
Example: Instead of just securing admin accounts, PAM also tracks access for interns, vendors, and service accounts across all systems
Integration with Other Systems
@githubfoam
githubfoam / eduroam cheat sheet
Created May 22, 2025 06:59
eduroam cheat sheet
To uninstall the CAT (Configuration Assistant Tool) installer from eduroam on Windows 10
PS:
The CAT installer itself usually configures the network and installs certificates but does not stay as a running application, so it often doesn’t show up in Programs
Remove eduroam from Windows
https://servicedesk.msstate.edu/TDClient/45/Portal/KB/ArticleDet?ID=1625
Method 1: Using Windows Settings (Recommended)
Uninstalling the eduroam CAT Installer Configuration
@githubfoam
githubfoam / base 64 detection cheat sheet
Created April 16, 2025 16:11
base 64 detection cheat sheet
#===================================================================================================================================
Base64-Encoded C2 Domain: Explanation & Examples
What is Base64 Encoding?
Base64 is a method of encoding binary data into ASCII text, often used to obfuscate malicious commands, URLs, or payloads to evade detection.
Why Do Attackers Use Base64 for C2 Communication?
Evasion: Many security tools scan for known malicious domains in plaintext.
Obfuscation: Makes malicious traffic harder to identify in logs.
@githubfoam
githubfoam / cyber threat intelligence cheat sheet
Created March 28, 2025 06:33
cyber threat intelligence cheat sheet
#===================================================================================================================================
Analyzing cyber incidents, attack patterns, and TTPs (Tactics, Techniques, and Procedures) of threat actors.
Working with SIEM tools for log analysis and real-time threat detection
Investigating security breaches, malware analysis, and intrusion detection.
Utilizing MITRE ATT&CK / Cyber Kill Chain, threat intelligence feeds / MISP, and OSINT to map threats to vulnerabilities
Working as incident response and with legal inquiries
@githubfoam
githubfoam / URLscan Dorking Techniques
Last active May 8, 2025 08:11
URLscan Dorking Techniques
#=====================================================================
Dorking is the practice of crafting advanced search queries to uncover publicly available but sensitive information. URLscan.io allows users to filter through indexed scans using Lucene-based query syntax
Examples:
page.domain:example.com → Searches all scans related to example.com
page.ip:192.168.1.1 → Finds all URLs hosted on this IP
2. Common URLscan Dorking Queries
a) Finding Open Admin Panels
@githubfoam
githubfoam / ai online resources
Last active February 20, 2025 06:27
ai online resources
#===================================================================================================================================
Kaggle is a fantastic platform for data science competitions, datasets, and learning. Here are some other online websites similar to Kaggle, offering various resources for data scientists, machine learning engineers, and AI enthusiasts:
Competition Platforms:
DrivenData: Focuses on social good challenges, often with real-world impact.
Analytics Vidhya: Hosts data science competitions, hackathons, and learning resources, particularly strong in the Indian data science community.
AIcrowd: A platform for AI challenges and competitions, with a focus on reproducibility and open-source contributions.
CodaLab: A platform for hosting competitions and evaluating machine learning models, often used by academic researchers.
Topcoder: Offers a variety of challenges, including data science, design, and development.