Skip to content

Instantly share code, notes, and snippets.

View jamesspi's full-sized avatar

James Spiteri jamesspi

29 followers · 3 following
View GitHub Profile
@jamesspi
jamesspi / History.md
Last active February 3, 2026 23:50

About 3 years ago, we were trying to figure out what it meant to start to leverage Generative AI within a security operations team. ChatGPT took the world by storm, and for the first time we had a machine model where natural language was the primary interaction, democratizing the technology. In June 2023, we launched the first flavor of the AI Assistant, as we wanted to see what value that would start to provide. LLMs were still really developing. GPT-4 was the standard, with a max of 32,000 tokens. You could ask questions to help out in day to day. A new paradigm for teams, which was already showing some promise - but it was clear that it would be a while before it could really be put into practice.

As we continued to develop the chat experience, and add more functionality, we wanted to start going beyond chat. About a year later, in May 2024, we launched Attack Discovery [(p

@jamesspi
jamesspi / cscertificates.txt
Last active November 1, 2024 07:35
*.crowdstrikexdr.co.za,crowdstrikexdr.co.za
japan.crowdstrikebenefits.com
*.crowdstrikedataprotection.cc,crowdstrikedataprotection.cc
*.crowdstrikedataprotecton.com,crowdstrikedataprotecton.com
*.crowdstrike-cspm-reg-test.com,crowdstrike-cspm-reg-test.com
*.crowdstrikemalware.zip,crowdstrikemalware.zip
land.crowdstrikebenefits.com,us.crowdstrikebenefits.com
ww16.crowdstrike.capethemes.com
*.crowdstrike.1-27.us-east-1.k8s.dev.appian-internal.com
*.crowdstrike.1-29.us-east-1.k8s.dev.appian-internal.com
@jamesspi
jamesspi / xzvuln-macos.sql
Created March 30, 2024 21:18
OSQuery To Check for XZ and liblzma - macOS
SELECT 'Homebrew Package' AS source, name, version,
CASE
WHEN version LIKE '5.6.0%' OR version LIKE '5.6.1%' THEN 'Potentially Vulnerable'
ELSE 'Most likely not vulnerable'
END AS status
FROM homebrew_packages
WHERE name = 'xz' OR name = 'liblzma';
@jamesspi
jamesspi / xzvuln.sql
Last active April 16, 2024 15:16
OSQuery To Check for XZ and liblzma - *nix
SELECT 'DEB Package' AS source, name, version,
CASE
WHEN version LIKE '5.6.0%' OR version LIKE '5.6.1%' THEN 'Potentially Vulnerable'
ELSE 'Most likely not vulnerable'
END AS status
FROM deb_packages
WHERE name = 'xz-utils' OR name = 'liblzma' OR name LIKE 'liblzma%'
UNION
SELECT 'RPM Package' AS source, name, version,
CASE
@jamesspi
jamesspi / driverload.json
Created March 24, 2023 22:24
Driver Load Event
{
"agent": {
"id": "b5780efb-e2e8-42f2-9221-b8e93f2db369",
"type": "endpoint",
"version": "8.6.2"
},
"process": {
"Ext": {
"ancestry": [
"YjU3ODBlZmItZTJlOC00MmYyLTkyMjEtYjhlOTNmMmRiMzY5LTAtMTY3ODkzOTIxOS4yNTI4MzAw"