Skip to content

Instantly share code, notes, and snippets.

View ion-storm's full-sized avatar

ionstorm ion-storm

245 followers · 172 following
View GitHub Profile
@ion-storm
ion-storm / graylog_sigma_queries
Created July 28, 2018 03:18 — forked from curi0usJack/graylog_sigma_queries
# This is not my work. All credit goes to https://github.com/Neo23x0/sigma. I just used the tool to convert to graylog format,
# skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error.
rules/application/appframework_django_exceptions.yml
("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied")
@OALabs
OALabs / boxstarter_oalabs_x86vm.ps1
Last active February 12, 2025 17:52
Boxstarter - One click malware analysis tools installer for 32bit VM
Set-ExecutionPolicy Unrestricted;
iex ((New-Object System.Net.WebClient).DownloadString('http://boxstarter.org/bootstrapper.ps1'));
get-boxstarter -Force;
Install-BoxstarterPackage -PackageName 'https://gist.githubusercontent.com/OALabs/afb619ce8778302c324373378abbaef5/raw/4006323180791f464ec0a8a838c7b681f42d238c/oalabs_x86vm.ps1';
@curi0usJack
curi0usJack / graylog_sigma_queries
Last active October 3, 2019 17:28
# This is not my work. All credit goes to https://github.com/Neo23x0/sigma. I just used the tool to convert to graylog format,
# skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error.
rules/application/appframework_django_exceptions.yml
("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied")
@enigma0x3
enigma0x3 / test.SettingContent-ms
Created June 11, 2018 15:02
<?xml version="1.0" encoding="UTF-8"?>
<PCSettings>
<SearchableContent xmlns="http://schemas.microsoft.com/Search/2013/SettingContent">
<ApplicationInformation>
<AppID>windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel</AppID>
<DeepLink>%windir%\system32\cmd.exe /c calc.exe</DeepLink>
<Icon>%windir%\system32\control.exe</Icon>
</ApplicationInformation>
<SettingIdentity>
<PageID></PageID>
@hemenkapadia
hemenkapadia / Ubuntu 18.04 with Nvidia+CUDA on Optimus Laptop.md
Last active January 13, 2022 07:15
[Ubuntu 18.04 with Nvidia+CUDA on Optimus Laptop] Setting up Ubuntu 18.04 with nvidia drivers and CUDA for data science on Dell 7559 Optimus laptop #Ubuntu #Nvidia #CUDA #setup

Kernel settings for installation

Use a live usb to try Ubuntu before installing. Boot from the live usb. On the GRUB screen highlight the "Try Ubuntu ...." option and press e. Update kernel parameters by adding options before quiet splash such that the line should read as below

nogpumanager nomodeset i915.modeset=1 quiet splash

Note: On HighDPI screen machines there is a known issue whereby Ubiquity (ubuntu installer) craashes at the copying files step i.e. immediatly after the user setup screen. The cause and workaround are discussed in other gist post

Persist GRUB configuration

Post installation, to avoid updating the above mentioned kernel options each time the system is booted, edit GRUB configuration file sudo vi /etc/default/grub and make th

@MHaggis
MHaggis / CrowdStrike Savedsearches.conf
Created March 2, 2018 10:36
[POWERSHELL-DOWNLOAD-HUNT]
dispatch.earliest_time = -24h@h
dispatch.latest_time = now
dispatchAs = user
display.general.type = statistics
display.page.search.mode = verbose
display.page.search.tab = statistics
display.visualizations.charting.chart = bar
display.visualizations.show = 0
search = FileName=powershell.exe (CommandLine=*DownloadFile* OR CommandLine=*invoke-webrequest*) | stats values(CommandLine) as "commands" by ComputerName
@mattifestation
mattifestation / CustomASRRuleGenerator.ps1
Created January 25, 2018 09:01
$ScrObjBlockRule = New-CIPolicyRule -DriverFilePath $Env:windir\System32\scrobj.dll -Level FileName -Deny -AppID $Env:windir\System32\regsvr32.exe
# Merge the block rule into the allow all template rule included in the OS
Merge-CIPolicy -OutputFilePath CustomASRPolicy.xml -PolicyPaths $Env:windir\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml -Rules $ScrObjBlockRule
# This must be run elevated. Convert the policy to binary form and copy it to where WDAC will consume it.
ConvertFrom-CIPolicy -XmlFilePath .\CustomASRPolicy.xml -BinaryFilePath $Env:windir\System32\CodeIntegrity\SIPolicy.p7b
# Now reboot and the policy will take effect.
@Neo23x0
Neo23x0 / audit.rules
Last active October 23, 2025 06:15
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@mackwage
mackwage / windows_hardening.cmd
Last active October 21, 2025 07:12
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@tomwwright
tomwwright / gist:f88e2ddb344cf99f299935e1312da880
Last active September 3, 2024 06:20
Dell XPS 15 9560: Ubuntu 17.10 + Nvidia 384.90 + Nvidia Prime (No Bumblebee) https://medium.com/@tomwwright/better-battery-life-on-ubuntu-17-10-4588b7f72def
# perform a fresh install of Ubuntu 17.10
# upgrade the kernel to v4.13.10
mkdir ~/kernel-v4.13.10
cd ~/kernel-v4.13.10
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13.10/linux-headers-4.13.10-041310_4.13.10-041310.201710270531_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13.10/linux-headers-4.13.10-041310-generic_4.13.10-041310.201710270531_amd64.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13.10/linux-image-4.13.10-041310-generic_4.13.10-041310.201710270531_amd64.deb
sudo dpkg -i *.deb