mrz-secops-offsec jonz-secops

Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on.

In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project.

Creating a Fork

Just head over to the GitHub page and click the "Fork" button. It's just that simple. Once you've done that, you can use your favorite git client to clone your repo or j

Base64 Patterns - Learning Aid

Base64 Code	Mnemonic Aid	Decoded*	Description
`JAB`	🗣 Jabber	`$.`	Variable declaration (UTF-16)
`TVq`	📺 Television	`MZ`	MZ header
`SUVY`	🚙 SUV	`IEX`	PowerShell Invoke Expression
`SQBFAF`	🐣 Squab favorite	`I.E.`	PowerShell Invoke Expression (UTF-16)
`SQBuAH`	🐣 Squab uahhh	`I.n.`	PowerShell Invoke string (UTF-16) e.g. `Invoke-Mimikatz`
`PAA`	💪 "Pah!"	`<.`	Often used by Emotet (UTF-16)

#File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

##Image Files

	package main

	import (
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"strings"
	)

	$userPath = $env:USERPROFILE
	$pathExclusions = New-Object System.Collections.ArrayList
	$processExclusions = New-Object System.Collections.ArrayList

	$pathExclusions.Add('C:\source\repos') > $null
	$pathExclusions.Add('C:\Windows\Microsoft.NET') > $null
	$pathExclusions.Add('C:\Windows\assembly') > $null
	$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio') > $null
	$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio Services') > $null
	$pathExclusions.Add($userPath + '\AppData\Local\GitCredentialManager') > $null

	- This page is a collection of some of the Advanced queries from the [[Datalog]] channel on the [[Logseq/Discord]] server. #datalog
	id:: 61db13f4-75e8-4f87-ad60-3ac3479c5fc8
	- ### Resources
	- [link: The first message on the datalog channel](https://discord.com/channels/725182569297215569/743139225746145311/743139795865174119)
	- [link: Logseq docs - Advanced queries](https://docs.logseq.com/#/page/advanced%20queries)
	- [link: Logseq datascript schema](https://gist.github.com/tiensonqin/9a40575827f8f63eec54432443ecb929)
	- [link: Logseq frontend db model](https://github.com/logseq/logseq/blob/master/src/main/frontend/db/model.cljs)
	- [link: How to Graph Your Data - talk by Paula Gearon](https://youtu.be/tbVwmFBnfo4)
	- [link: Domain modelling with datalog - talk by Norbert Wojtowicz](https://youtu.be/oo-7mN9WXTw)
	- [link: Athens Research ClojureFam](https://github.com/athensresearch/ClojureFam)

	# Log the time prior to executing the action.
	# This will be used as parth of an event log XPath filter.
	$DateTimeBefore = [Xml.XmlConvert]::ToString((Get-Date).ToUniversalTime(), [System.Xml.XmlDateTimeSerializationMode]::Utc)

	# Do the thing now that you want to see potential relevant events surface...
	$null = Mount-DiskImage -ImagePath "$PWD\FeelTheBurn.iso" -StorageType ISO -Access ReadOnly

	# Allow a moment to allow events to populate
	Start-Sleep -Seconds 5

	function Start-ProcessWithCommandLine {
	<#
	.SYNOPSIS

	A simple CreateProcess wrapper for demonstrating starting a process with custom command-line arguments.

	Author: Matt Graeber
	Company: Red Canary, Inc.

	.PARAMETER ApplicationName

	UPDATE PROCESS START [ 05/04/17 23:26:31 ]

	===[ DNSBL Process ]================================================

	[ EasyList_wo_Elements ] Reload [ 05/04/17 23:26:32 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	7964 7577 0 0 0 7577
	----------------------------------------------------------------------

	# Here are some domains I block to interfere with DNS-over-HTTPS, so that my own DNS-based security schemes work.
	# If you're going to be doing this, you should probably block all outbound 53, 853, and 5353 on your network,
	# except from your own internal DNS resolver (eg. pihole)
	#
	# Data from https://github.com/curl/curl/wiki/DNS-over-HTTPS

	one.one.one.one
	canadianshield.cira.ca
	doh.dns.sb
	dnsforge.de