Skip to content

Instantly share code, notes, and snippets.

View neu5ron's full-sized avatar

Nate Guagenti neu5ron

119 followers · 28 following
View GitHub Profile
@vysecurity
vysecurity / Azure
Last active August 31, 2017 05:14
admin.iris.net
admin.mywebvalet.net
admin.seo.com.cn
api.mywebvalet.net
api.nuget.org
api.squaremeal.co.uk
app.iris.net
app.mywebvalet.net
app.swyftmedia.com
cdn.24sevenoffice.com
@dcode
dcode / rock_hardware.adoc
Last active July 31, 2019 04:41

ROCK Sensor Parts List

Below is the hardware I use for development and home use of my ROCK sensor. It’s an extremely powerful system in a small form factor, under $1000. The most important aspects to me were that I wanted IPMI for baremetal remote management, dual Intel NICs, quiet, and relatively low-power. I sit by this thing and work everyday and don’t want to wear hearing protection while I write code.

The prices reflect what I paid for them in March 2016. No doubt the prices will have changed and newer, better stuff is probably available. Things like RAM and SSDs go on sale all the time, so look for that if you’re a bargain shopper.

@Tuurlijk
Tuurlijk / logstash.conf
Created March 3, 2017 14:21
National Vulnerability Database (NVD) XML | JSON | logstash
input {
tcp {
port => 5000
codec => json_lines {
}
}
}
## Add your filters / logstash plugins configuration here
filter {
@justincjahn
justincjahn / 10-cisco-elasticsearch.conf
Last active August 9, 2024 22:37
Logstash: Processing Cisco Logs
#
# INPUT - Logstash listens on port 8514 for these logs.
#
input {
udp {
port => "8514"
type => "syslog-cisco"
}
@x0rz
x0rz / fake_sandbox.ps1
Created April 14, 2016 13:56
# Simulate fake processes of analysis sandbox/VM that some malware will try to evade
# This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...)
# It's just a PoC and it's ugly as f*ck but hey, if it works...
# Usage: .\fake_sandbox.ps1 -action {start,stop}
param([Parameter(Mandatory=$true)][string]$action)
$fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe",
"VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe",
@gfoss
gfoss / PowerShell Command Line Logging
Last active August 4, 2023 18:02
Detect and alert on nefarious PowerShell command line activity
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions
Log Source Type:
MS Event Log for Win7/Win8/2008/2012 - PowerShell
Add this file to your PowerShell directory to enable verbose command line audit logging
profile.ps1
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true