Skip to content

Instantly share code, notes, and snippets.

View mdfranz's full-sized avatar

Matt Franz mdfranz

  • Lutherville Timonium MD
  • 05:19 (UTC -04:00)
View GitHub Profile
@mdfranz
mdfranz / cf-cvpn-examples.md
Last active July 27, 2024 21:57
Generating AWS Client VPN CloudFormation with Various LLMs

Prompt

Generate CloudFormation Resources in YAML to create VPC that has AWS Client VPN endpoints

Models from Macbook Air M1/16GB

llama3.1:latest

@mdfranz
mdfranz / crossplane-f-around-and-find-out.md
Last active August 4, 2024 21:41
Playing with Crossplane
@mdfranz
mdfranz / windmill_example_boto.py
Last active August 17, 2024 15:42
Windmill Python Boto
import os
import wmill
import boto3
# see https://windmill.dev
def main(): # Specify the parameter type as a dictionary
aws_accounts = []
aws_accounts.append(wmill.get_resource("u/mdfranz/aws_9431"))
aws_accounts.append(wmill.get_resource("u/mdfranz/aws_6473"))
@mdfranz
mdfranz / mitre-gemma2-9B.md
Created October 22, 2024 11:27
Gemma Mitre ATT&CK

Prompt

what are the limitations of the Mitre ATT&CK framework for practioners

Gemma2:9B (Nvidia 3060/12GB)

While the MITRE ATT&CK framework is a powerful tool for cybersecurity practitioners, it does have some limitations:

1. Focus on adversarial tactics, not business impacts:

hub:
revisionHistoryLimit:
config:
Authenticator:
enable_auth_state: true
allowed_users:
- user1
- user2
- user3
- notadmin
#!/usr/bin/env python3
import sys, pyshark
cap = pyshark.FileCapture(sys.argv[1])
for e in cap:
if 'IP' in e:
if 'TCP' in e:
print (e['eth'].src,e['ip'].src,e['eth'].dst,e['ip'].dst)
helm install falco falcosecurity/falco \
    --version 4.11.1 \
    --namespace falco \
    --create-namespace \
    --set falcosidekick.enabled=true --set falcosidekick.webui.enabled=true \
    --set collectors.kubernetes.enabled=true \
    --set tty=true \
 --set-json 'falco.append_output=[{"match": {"source": "syscall"},"extra_output": "pod_uid=%k8smeta.pod.uid, pod_name=%k8smeta.pod.name, namespace_name=%k8smeta.ns.name"}]'
@mdfranz
mdfranz / windmill_s3.sh
Last active November 29, 2024 15:26
Shell Job for Windmill using AWS Resource
#!/bin/bash
# Get Credentials from Resources
AWS_9431=$(curl -s -H "Authorization: Bearer $WM_TOKEN" \
"$BASE_INTERNAL_URL/api/w/$WM_WORKSPACE/resources/get_value_interpolated/u/mdfranz/aws_9431" | jq)
export ACCESS_KEY=`echo $AWS_9431 | jq .awsAccessKeyId`
export SECRET_KEY=`echo $AWS_9431 | jq .awsSecretAccessKey`
# Download S3M
@mdfranz
mdfranz / ja4-duckdb.md
Last active December 4, 2024 12:14
DuckDB and JA4 Data from Zeek

The Data

Records from https://ja4db.com/

D describe jadb;
┌────────────────────────┬─────────────┬─────────┬─────────┬─────────┬─────────┐
│      column_name       │ column_type │  null   │   key   │ default │  extra  │
│        varchar         │   varchar   │ varchar │ varchar │ varchar │ varchar │
├────────────────────────┼─────────────┼─────────┼─────────┼─────────┼─────────┤
@mdfranz
mdfranz / clickhouse-local-zeek.md
Last active December 15, 2024 21:55
Parsing Zeek JSON with Clickhouse Local