Skip to content

Instantly share code, notes, and snippets.

@mbrownnycnyc
mbrownnycnyc / youtube.md
Last active April 9, 2024 12:12
youtube channels that are worth watching. I would be disappointed if they stopped putting out content. (note that I specifically am not posting anything related to software development, cybersec or AI)

travel/cultures/experiences/self help/philosophy

@mbrownnycnyc
mbrownnycnyc / generate-att&ckjson.ps1
Created February 8, 2023 21:22
quick way to produce att&ck navigator layers
#baseline_layer.json is exported layer from the navigator... there certainly is a way to create the json from scratch reviewing specs, but it was very fsat to just do this.
$sourcefile = ".attack nav layers\baseline_layer.json"
$offtechoutfile = ".\attack nav layers\offensive_techs.json"
$deftechoutfile = ".\attack nav layers\defensive_techs.json"
#goal here is to:
# define two att&ck navigator layer json files
# one is for offensive techniques
@mbrownnycnyc
mbrownnycnyc / modify-attackjson.ps1
Last active January 12, 2023 00:22
modify an att&ck navigator json
$orcacomplianceframework = @"
Collection - Automated Collection - T1119
Collection - Data from Cloud Storage - T1530
Collection - Data from Information Repositories - T1213
Collection - Data Staged - T1074
Collection - Email Collection - T1114
Credential Access - Brute Force - T1110
Credential Access - Forge Web Credentials - T1606
Credential Access - Modify Authentication Process - T1556
Credential Access - Multi-Factor Authentication Request Generation - T1621
@mbrownnycnyc
mbrownnycnyc / get-chokepointtechniques.ps1
Last active January 19, 2023 19:08
Process ATT&CK and D3FEND data to indicate likelihood an ATT&CK technique is a choke point as defined in this article (https://medium.com/mitre-engenuity/where-to-begin-prioritizing-att-ck-techniques-c535b50983f4). This theory considers the following conjecture: MITRE will assign research hours to align with prioritization of offensive technique…
# summary:
# Process ATT&CK and D3FEND data to indicate likelihood an ATT&CK technique is a choke point as defined in this article (https://medium.com/mitre-engenuity/where-to-begin-prioritizing-att-ck-techniques-c535b50983f4). This theory considers the following conjecture: MITRE will assign research hours to align with prioritization of offensive technique (resulting severity, frequency of observation, etc). This theory considers the following facts: ATT&CK procedure examples are well documented, D3FEND offensive blast radius is well documented.
# Remember to see "Limitations and future work" section of the above blog post/article.
# also see "BIASES WHEN MAPPING TO MITRE ATT&CK" section of (https://www.cisa.gov/uscert/sites/default/files/publications/Best%20Practices%20for%20MITRE%20ATTCK%20Mapping.pdf)
# this covers the following biases: Novelty bias, Visibility bias, Producer bias, Victim bias, Availability bias...
# you won't ever be able to eliminate these, either within yourself, on your team, o
@mbrownnycnyc
mbrownnycnyc / foreach-concurrentdict.ps1
Last active December 21, 2022 14:17
Thread safe disctionary and using -parallel switch with foreach in powershell
# summary of code covered here: https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324
$gkeclusters = [System.Collections.Concurrent.ConcurrentDictionary[string,object]]::new()
$gcpprojects.projectId | % -ThrottleLimit 10 -Parallel {
write-host "checking $($_)"
$dict = $using:gkeclusters
$dict.TryAdd($(gcloud container clusters list --project $_ --format json), $_) | out-null
}
@mbrownnycnyc
mbrownnycnyc / get-xfcvssdata.ps1
Last active September 16, 2022 19:46
gather interesting cvss data from x-force
$cvelist = "CVE-2022-32868","CVE-2022-32886","CVE-2022-32912","CVE-2022-32891","CVE-2022-32854","CVE-2022-32911","CVE-2022-32864","CVE-2022-32917","CVE-2022-32883","CVE-2022-32908","CVE-2022-32795","CVE-2022-32868","CVE-2022-32872","CVE-2022-32886","CVE-2022-32902","CVE-2022-32896","CVE-2022-32911","CVE-2022-32864","CVE-2022-32917","CVE-2022-32883","CVE-2022-32908","CVE-2022-32900","CVE-2022-32902","CVE-2022-32854","CVE-2022-32896","CVE-2022-32911","CVE-2022-32864","CVE-2022-32894","CVE-2022-32917","CVE-2022-32883","CVE-2022-32908","CVE-2022-32900","CVE-2022-32854","CVE-2022-32911","CVE-2022-32864","CVE-2022-32917","CVE-2022-32883","CVE-2022-32908","CVE-2022-32795","CVE-2022-32868","CVE-2022-32872","CVE-2022-32886","CVE-2022-32912","CVE-2022-32893"
$baseurl = "https://api.xforce.ibmcloud.com/"
$apikey = "xxxx"
$apipass = "yyyy"
$encodeme = $apikey+":"+$apipass
$access_token = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($encodeme))
$headers = @{"Authorization"= "Basic $access_token";
@mbrownnycnyc
mbrownnycnyc / gitlab-search.py
Last active September 26, 2022 17:23
gitlab code searcher based on https://github.com/tuimm/gitlab-search, but added enum for all branches and regex string matches. need to add multithreading and dumping data to disk upon receipt.
import gitlab
import re
def search(gitlab_server, token, file_filter, regextofind, group=None, project_filter=None):
return_value = []
gl = gitlab.Gitlab(gitlab_server, private_token=token)
if (project_filter == '') and (group == ''):
projects = gl.projects.list(all=True)
else:
group_object = gl.groups.get(group)
@mbrownnycnyc
mbrownnycnyc / parse_awscli_json_output.ps1
Last active September 14, 2022 17:41
deal with json for filtering in powershell
# parse elbv2
$targetjson = get-content "elbv2-listener-allowing-cleartext.json" | ConvertFrom-Json
$interestingdata = @()
foreach ($item in $targetjson) {
$tempobj = "" | select dnsname, arn, vpcid, tags, listener_80_defaultaction_type, sg_tags, sg_used_by
$tempobj.dnsname = $item.DNSName
$tempobj.arn = $item.arn
$tempobj.vpcid = $item.VpcId
@mbrownnycnyc
mbrownnycnyc / worksheet.ps1
Last active June 23, 2022 19:52
script used to assist in building a risk scoring spreadsheet for AD prived groups and users (adjust baseline risk of each group)
#https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-b--privileged-accounts-and-groups-in-active-directory
$userrights_readable = "Access Credential Manager as a trusted caller","Access this computer from the network","Act as part of the operating system","Add workstations to domain","Adjust memory quotas for a process","Allow log on locally","Allow log on through Remote Desktop Services","Back up files and directories","Bypass traverse checking","Change the system time","Change the time zone","Create a pagefile","Create a token object","Create global objects","Create permanent shared objects","Create symbolic links","Debug programs","Deny access to this computer from the network","Deny log on as a batch job","Deny log on as a service","Deny log on locally","Deny log on through Terminal Services","Enable computer and user accounts to be trusted for delegation","Force shutdown from a remote system","Generate security audits","Impersonate a client after authenti