oz9un
/ opendkim.conf
Last active
July 15, 2023 14:52
opendkim.conf example for "Phisher's Playbook"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Syslog yes | |
| LogWhy yes | |
| UMask 007 | |
| Canonicalization relaxed/simple | |
| Mode sv | |
| SubDomains no |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| oid_section = OIDs | |
| [ OIDs ] | |
| certificateTemplateName = 1.3.6.1.4.1.311.20.2 | |
| caVersion = 1.3.6.1.4.1.311.21.1 | |
| [ ca ] | |
| default_ca = CA_default |
oz9un
/ descriptionfields_networkconnection.xml
Created
October 19, 2021 11:03
[SysmonForLinux] Description Fields - NetworkConnection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.70"> | |
| <EventFiltering> | |
| <RuleGroup name="" groupRelation="or"> | |
| <ProcessCreate onmatch="include" /> | |
| </RuleGroup> | |
| <RuleGroup name="" groupRelation="or"> | |
| <ProcessTerminate onmatch="include" /> | |
| </RuleGroup> | |
oz9un
/ network_specifications.xml
Created
October 18, 2021 11:11
SysmonForLinux - Allow only specific ports and protocols.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.70"> | |
| <EventFiltering> | |
| <!-- Event ID 3 == NetworkConnect Detected. Do not log anything!--> | |
| <RuleGroup name="" groupRelation="and"> | |
| <NetworkConnect onmatch="exclude"> | |
| <Protocol condition="is">tcp</Protocol> | |
| <Protocol condition="is">udp</Protocol> | |
| <DestinationPort condition="is">80</DestinationPort> | |
| <DestinationPort condition="is">443</DestinationPort> | |
| </NetworkConnect> |
oz9un
/ all_disabled.xml
Created
October 18, 2021 10:18
SysmonForLinux - Disable all logs [Main Template]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.70"> | |
| <EventFiltering> | |
| <!-- BELOW PART DISABLES ALL OTHER LOGS FOR FIXING THE MESS!--> | |
| <!-- Event ID 1 == ProcessCreate. Log only ping process. --> | |
| <RuleGroup name="" groupRelation="or"> | |
| <ProcessCreate onmatch="include"/> | |
| </RuleGroup> | |
| <!-- Event ID 3 == NetworkConnect Detected. Do not log anything!--> | |
| <RuleGroup name="" groupRelation="or"> | |
| <NetworkConnect onmatch="include"/> |
oz9un
/ only_ping.xml
Created
October 18, 2021 08:46
SysmonForLinux - Log only pings [Disable other mess]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.70"> | |
| <EventFiltering> | |
| <!-- Event ID 1 == ProcessCreate. Log only ping process. --> | |
| <RuleGroup name="pingDetected" groupRelation="or"> | |
| <ProcessCreate onmatch="include"> | |
| <Image condition="is">/usr/bin/ping</Image> | |
| <CommandLine condition="contains">ping</CommandLine> | |
| </ProcessCreate> | |
| </RuleGroup> |