mbbx6spp

Best UNIX Shell tools

These are a list of usages of shell commands I can't live without on UNIX-based systems.

Install

Mac OS X

Using Homebrew (yes, I am opinionated) you can install the following tools with the following packages:

markusklems

// create an IAM Lambda role with access to dynamodb
// Launch Lambda in the same region as your dynamodb region
// (here: us-east-1)
// dynamodb table with hash key = user and range key = datetime

console.log('Loading event');
var AWS = require('aws-sdk');
var dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10'});

exports.handler = function(event, context) {

boazsegev

#!/usr/bin/env ruby
# encoding: UTF-8

require'json'
def yank
    gemname = (ARGV.index('-g') && ARGV[ARGV.index('-g') + 1]) || (puts('Please enter gem name:') || gets.strip)
    data = JSON.parse `curl -s https://rubygems.org/api/v1/versions/#{gemname}.json`
    versions = data.map {|v| v['number']} .reverse
    puts "\n\n#{gemname} versions: #{versions.join ', '}"
    puts "\nHow many versions to yank (starting at the first release) (none/ALL/number)?"

bmaupin

#!/bin/bash

# Cache sudo password
sudo -v

# Get latest OpenSSL 1.0.2 version from https://openssl.org/source/
# v1.1.0 seems to have removed SSLv2/3 support
openssl_version=1.0.2k

# Install build dependencies

0x9090

<?xml version="1.0" encoding="UTF-8"?>

<opml version="1.0">
    <head>
        <title>Nops subscriptions in feedly Cloud</title>
    </head>
    <body>
        <outline text="Security" title="Security">
            <outline type="rss" text="X-Force Research – Security Intelligence" title="X-Force Research – Security Intelligence" xmlUrl="http://securityintelligence.com/topics/x-force/feed/" htmlUrl="https://securityintelligence.com"/>
            <outline type="rss" text="SecurityIntelligence" title="SecurityIntelligence" xmlUrl="http://securityint.blogspot.com/feeds/posts/default" htmlUrl="http://securityint.blogspot.com/"/>

fox-srt

# IDS signatures for https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1:
alert udp any any -> any 500 (msg:"FOX-SRT - Suspicious - Possible Fragmented Cisco IKE/isakmp Packet HeapSpray (CVE-2018-0101)"; flow:to_server; content:"|84|"; offset:16; depth:1; content:"|02|"; distance:1; within:1; fast_pattern; byte_test:4,>,5000,5,relative; byte_test:2,>,5000,11,relative; byte_extract:4,36,fragment_match; byte_test:4,=,fragment_match,53,relative; byte_test:4,=,fragment_match,137,relative; byte_test:4,=,fragment_match,237,relative; threshold:type limit, track by_dst, count 1, seconds 600; classtype:attempted-admin; sid:21002339; rev:5;)
alert udp any any -> any 500 (msg:"FOX-SRT - Exploit - Possible Shellcode in Cisco IKE/isakmp - tcp/CONNECT/"; content:"tcp/CONNECT/"; fast_pattern:only; threshold:type limit, track by_src, count 1, seconds 600; priority:1; classtype:attempted-admin; sid:21002340; rev:2;)

MSAdministrator

MITRE ATT&CK Data Format

The MITRE ATT&CK JSON file is a flat JSON structure which is difficult to parse. To parse this JSON file, there are several different approaches but the type key is the, well, key!

The types within this JSON are the following (as well as the common wording used for this type):

• attack-pattern (Techniques)
• relationship (This is a unique type that contains relationships between types)
• course-of-action (Mitigations)
• identity (unused)