I hereby claim:
- I am keithmccammon on github.
- I am kwm (https://keybase.io/kwm) on keybase.
- I have a public key whose fingerprint is 142F DB63 ACB2 E176 484B 184E 0ACD C417 A011 DD72
To claim this, I am signing this object:
Keith McCammon keithmccammon
keithmccammon
/ cblr-batch.py
Last active
July 27, 2016 19:06
Cb Enterprise Response Live Response batch harness
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import sys | |
| from cbapi.response import CbEnterpriseResponseAPI | |
| from cbapi.response.models import Process, Sensor | |
| from cbapi.response.live_response_api import LiveResponseSession | |
keithmccammon
/ cb-response-delete-file.py
Created
June 16, 2016 18:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Given a sensor ID and a file path, delete the file. This performs no logging | |
| and returns no status. It is generally unhelpful and not a template upon which | |
| you want to build. But if the file is present and not locked it will be | |
| destroyed :) | |
| """ | |
| import argparse |
keithmccammon
/ decode-posh-base64string.py
Last active
March 30, 2016 16:48
Decode input passed to PowerShell's FromBase64String function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import gzip | |
| import base64 | |
| import StringIO | |
| import sys | |
| def gunzip(raw_data): | |
| decoded_data_obj = StringIO.StringIO(raw_data) |
keithmccammon
/ netconns-by-domain.py
Created
July 20, 2015 13:32
Extracting historical network events (netconns) given a list of domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Dump a comma-separated list of domain,ipaddr pairings where the domain | |
| includes at least one element from the list (domains). | |
| Useful for dumping historical name resolution data, compiling lists of | |
| endpoints that have talked to a domain, etc. | |
| Depends on https://github.com/redcanaryco/cbapi2. | |
| """ |
NewerOlder