Skip to content

Instantly share code, notes, and snippets.

View kevinkeeneyjr's full-sized avatar

Kevin Keeney kevinkeeneyjr

13 followers · 23 following
View GitHub Profile
@grigorescu
grigorescu / bro_intel_1.md
Last active May 17, 2019 16:20
Bro Intelligence Framework tutorial - part 1

First we are going to do an extremely simple case of loading some data and matching it. First we will create an intelligence file in Bro’s intelligence format. Create a file named “intel1.dat” with the following content. Keep in mind that all field separation is with literal tabs! Double check that you don’t have spaces as separators.

#fields<TAB>indicator<TAB>indicator_type<TAB>meta.source
fetchback.com<TAB>Intel::DOMAIN<TAB>my_special_source

The next step will obviously be to load this data into Bro which is done as a configuration option. Put the following script into the same directory as your “intel1.dat” file and call it “intel-1.bro”.




  


  




    


          
    

      

        
        

          

              @grigorescu
          

          

            
                grigorescu
                / bro_intel_2.md
            
            

              Last active
              December 22, 2015 15:59
            

              
                Bro Intelligence Framework tutorial - part 3
              
          

        

      

        

  

      

    
It’s very possible that hits on intelligence could be something that you want turned into a notice even though the basic intel framework does not provide that functionality. This is an example of data driven notice creation with the do_notice.bro script that is included with Bro.


We need to create a new intelligence file. Create intel-2.dat.


#fields<TAB>indicator<TAB>indicator_type<TAB>meta.source<TAB>meta.do_notice
fetchback.com<TAB>Intel::DOMAIN<TAB>my_special_source<TAB>T



The only difference from the previous intelligence file is the do_notice column.



  


  




    


          
    

      

        
        

          

              @dcode
          

          

            
                dcode
                / laikaboss_el7.sh
            
            

              Last active
              August 29, 2015 14:26
            

              
                Install Laikaboss on CentOS 7.1
              
          

        

      

        

  

    
    


        



  


  

        

          
          #===============================================================#
        

        

          
          # Installing Laikaboss on CentOS 7.1
        

        

          
          #===============================================================#
        

        

          
          

        

        

          
          # Enable EPEL repo
        

        

          
          sudo yum install -y epel-release
        

        

          
          

        

        

          
          # Install dcode/cyberdev repo
        

        

          
          curl -s https://packagecloud.io/install/repositories/dcode/cyberdev/script.rpm.sh | sudo bash
        

  





    


  




    


          
    

      

        
        

          

              @jeffgeiger
          

          

            
                jeffgeiger
                / useless.sh
            
            

              Created
              February 12, 2016 19:29
            

              
                Useless Yet Fun Shell Functions
              
          

        

      

        

  

    
    


        



  


  

        

          
          #Silliness abounds
        

        

          
          nocolor() { echo -en "\033[0;39m"; }
        

        

          
          dots() { clear; while :; do let "first = $RANDOM % 2"; let "second = $RANDOM % 6 +1"; let "PAUSE = $RANDOM % 9 +1"; echo -en "\033[${first};3${second}m⬤ "; sleep .${second}; if [[ $RANDOM -gt 22000 ]]; then echo -en "\b\b\b\b    \b\b\b\b"; fi; done; }
        

        

          
          arrows() { clear; ARROWS=(⬅ ⬆ ⬇); while :; do let "arrval = $RANDOM % 3"; let "first = $RANDOM % 2"; let "second = $RANDOM % 6 +1"; let "PAUSE = $RANDOM % 9 +1"; echo -en "\033[${first};3${second}m${ARROWS[$arrval]} "; sleep .${second}; if [[ $RANDOM -gt 22000 ]]; then echo -en "\b\b\b\b    \b\b\b\b"; fi; done; }