Skip to content

Instantly share code, notes, and snippets.

@manasmbellani
manasmbellani / !provider.tf
Last active April 27, 2025 04:12
terraform-universe-example: An example of using terraform universe provider which is located here: https://github.com/aellwein/terraform-provider-universe
# terraform init
# TERRAFORM_UNIVERSE_RESOURCETYPES='json_file' terraform plan
terraform {
required_providers {
universe = {
source = "aellwein/universe"
version = "0.1.1"
}
}
}
@manasmbellani
manasmbellani / Generate-DGA.ps1
Created April 15, 2025 11:13
Generate Domain Generated Algorithm DNS Domain Names to trigger Defender for DNS
for($i=0; $i -le 150; $i++) {
$rand = -join ((97..122) | Get-Random -Count 32 | % {[char]$_})
Resolve-DnsName "$rand.com" -ErrorAction Ignore
}
for($i=0; $i -le 1000; $i++) {
$rand = -join ((97..122) | Get-Random -Count 63 | % {[char]$_})
Resolve-DnsName "$rand.contoso.com" -ErrorAction Ignore
}
@manasmbellani
manasmbellani / Removing Sensitive Data from Git History.md
Last active February 5, 2025 13:18
Removing Sensitive Data from Git History

Introduction

Sometimes developers may accidentally add secrets or other sensitive information into files to git repositories (and in some cases, the entire file contains secrets which should be removed). This document describes the steps to perform to ensure that these secrets can be masked going back through the git history

Masking Secrets in Files

To mask secrets in files, we will use git-filter-repo package. In Macbook, this can be installed via the following command:

$ brew install git-filter-repo
@manasmbellani
manasmbellani / Invoke-AzureLogAnalyticsDataSend.ps1
Last active October 14, 2024 23:46
Script to send sample log to Azure Log Analytics workspace using Azure Monitor Data Collector API: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell. Based on tutorial from Terence Luk: https://terenceluk.blogspot.com/2022/03/using-powershell-to-send-custom-log.html. Response = 200 indicates log was wr…
# Replace with the Workspace Customer ID and Primary Key from Log Analytics Workspace already created in Azure
# where logs should be forwarded under Settings > Agents > Log Analytics Agent Instructions
$customerId = "1.....3"
$sharedKey = "c.....="
# Change this to define the table name in Azure Log Analytics workspace. Table name is
# CustomLog_CL
$logType = "CustomLog"
# Change this to change the log to send to Azure Log Analytics workspace
@manasmbellani
manasmbellani / !splunkappsdoco.md
Last active June 10, 2023 09:34
splunkawssecuritymon - Alerts built in AWS Security Monitoring App for Splunk

README

This gist contains information about various splunk apps pertaining to detection engineering that have been released on Splunkbase.

Usage

Review the files on gist.github.com OR consider cloning this and opening it in a Markdown editor such as Typora to obtain a navigational outline

@manasmbellani
manasmbellani / splunk-app-deployment-steps.md
Created November 26, 2022 01:44
Practical tips/steps to consider prior to deploying and updating apps in Splunk

Steps to build new alerts in Splunk

To build new alerts, perform the following steps:

  • Ensure that the correct app is selected via the Apps menu option in Splunk UI
  • Leverage an existing search macro that has been recently built and update it to meet the search query for detection
  • Test if the alert works
  • Use MITRE Attack Framework to add relevant fields from the Matrix here if applicable
  • Create a new search macro with updated permissions. Search macro should be prefixed with appropriate keyword e.g. gcp_detect_ or sysmon_detect
  • Update the search macro permissions to be publicly readable, and admin writable
@manasmbellani
manasmbellani / inputs.conf
Last active March 29, 2023 21:54
Splunk Universal Forwarder inputs.conf file for collecting data from Window Servers / PCs
# Version 9.0.1
# these here just override and disable stuff that in system/default.
################################
# Data thru parsingQueue always
################################
[splunktcp]
route=has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
@manasmbellani
manasmbellani / flatten_dict_to_csv.py
Created August 21, 2022 04:48
flatten_dict_to_csv.py - Flattens a Dictionary into a single dictionary that can be written to a CSV file
#!/usr/bin/env python3
import json
dictionary = {
'duration': 720,
'language': 'sv',
'link': 'https://vimeo.com/neweuropefilmsale/incidentbyabank',
'name': 'INCIDENT BY A BANK',
'test': {
'test2': {
@manasmbellani
manasmbellani / .aws-lambda-layers
Last active December 6, 2023 16:14
aws-lambda-layers: Example code for the aws lambda layer
Please review the `README.md` file.
@manasmbellani
manasmbellani / get_domain_from_ssl_info_on_host.sh
Created November 5, 2021 00:44
get_domain_from_ssl_info_on_host.sh - Gets information from SSL cert information on host via openssl s_client
#!/bin/bash
USAGE="[-] $0 <hostname>"
if [ $# -lt 1 ]; then
echo "$USAGE"
exit 1
fi
hostname="$1"
echo | openssl s_client -connect $hostname:443 2>&1 | grep -iE "0 s:.*CN = " | grep -ioE "CN = .*" | cut -d "=" -f2