mpurzynski

module Scan;

global whitelist_scan_port: set[port] = {5223/udp, 5223/tcp} &redef;

global ephemeral_start_udp: port = 32768/udp;
global ephemeral_start_tcp: port = 32768/tcp;

hook scan_policy(scanner: addr, victim: addr, scanned_port: port)
{
            if (( victim in whitelist_scan_ip) || ( scanner in whitelist_scan_ip ) || ( scanned_port in whitelist_scan_port) || ( scanned_port > ephemeral_start_udp ) || ( scanned_port > ephemeral_start_tcp ))

mpurzynski

#!/usr/bin/python
  
interfaces = "enp18s0f0 enp216s0f0"
intmap = {}

for int in interfaces.split():
    with open("/sys/class/net/"+int+"/device/numa_node") as nn:
        intmap[int] = nn.read()

print(json.dumps(intmap))

mpurzynski

Processing files: bro-af_packet-plugin-1.4.0-1.x86_64
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/COPYING
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/README
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/VERSION
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/__bro_plugin__
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/broctl/af_packet.py
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/lib/bif/__load__.bro
error: File not found: /builddir/build/BUILDROOT/bro-af_packet-plugin-1.4.0-1.x86_64/usr/lib/bro/plugins/Bro_AF_Packet/lib/bif/af_packet.bif.bro
error: File not found: /builddir

mpurzynski

module Scan;

global whitelist_scan_port: set[port] = { } &redef;

global ephemeral_start_udp: port = secret/udp;
global ephemeral_start_tcp: port = secret/tcp;

hook scan_policy(scanner: addr, victim: addr, scanned_port: port)
{
            if (( victim in whitelist_scan_ip) || ( scanner in whitelist_scan_ip ) || ( scanned_port in whitelist_scan_port) || ( scanned_port > ephemeral_start_udp ) || ( scanned_port > ephemeral_start_tcp ))

mpurzynski

#define _GNU_SOURCE

#include <stdlib.h>
#include <stdint.h>
#include <stdio.h>
#include <dlfcn.h>
#include <fcntl.h>

#define LIBC "/lib/x86_64-linux-gnu/libc.so.6"
#define PCAP "/usr/lib/x86_64-linux-gnu/libpcap.so"

mpurzynski

michalpurzynski@mbp:~$ pyenv versions
* system (set by /Users/michalpurzynski/.pyenv/version)
  2.7.15
  2.7.15/envs/iqrlib
  2.7.15/envs/mozdef
  3.7.1
  3.7.1/envs/black
  3.7.1/envs/misptest
  3.7.1/envs/mobdoctor
  ansible-vault-diff

mpurzynski

@load frameworks/intel/seen
  
module Intel;

#fields indicator indicator_type meta.source meta.desc meta.url meta.uuid meta.do_notice meta.expire

export {
    redef record MetaData += {
        uuid: string &optional;
    };

mpurzynski

    <IfModule !mod_php5.c>
        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
        DirectoryIndex /index.php index.php
        <FilesMatch \.php$>
            SetHandler "proxy:fcgi://127.0.0.1:9000"
        </FilesMatch>
    </IfModule>

mpurzynski

---
otx_api_key: {{ otx_api_key }}
misp_api_key: {{ misp_api_key }}
misp_api_url: {{ misp_api_url }}

mpurzynski

@load base/protocols/ssl
module SSL;

redef record Info += {
    server_cert_md5:    string &log &optional;
    client_cert_md5:    string &log &optional;
    server_cert_sha1:    string &log &optional;
    client_cert_sha1:    string &log &optional;
};