jose nazario paralax

cybersecurity, threat intel, cooking, biochemistry.

paralax / Vagrantfile

Last active November 2, 2018 19:56

Gravwell Vagrantfile - just "vagrant up"

	Vagrant.configure("2") do \|config\|
	config.vm.box = "ubuntu/xenial64"

	# progressbar via https://askubuntu.com/questions/445245/how-do-i-enable-fancy-apt-colours-and-progress-bars
	# from https://dev.gravwell.io/docs/#!quickstart/quickstart.md
	$script = <<SCRIPT
	mkdir -p /etc/apt/apt.conf.d

	echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar

paralax / bind_tcp.py

Last active May 25, 2018 04:50

routersploit PHP bind shell module support

	# routersploit/modules/payloads/php/bind_tcp.py

	from base64 import b64encode
	from routersploit.core.exploit import *
	from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload


	class Exploit(BindTCPPayloadMixin, GenericPayload):
	__info__ = {
	"name": "PHP Bind TCP",

paralax / cybersec_internships.md

Last active March 6, 2018 15:33

Cybersecurity Summer Internships - 2018

paralax / cisco_asa_vpn_crash.rb

Created February 19, 2018 15:11

Cisco ASA CVE-2018-0101 Crash PoC (msf)

	# https://pastebin.com/YrBcG2Ln

	class MetasploitModule < Msf::Exploit::Remote
	Rank = NormalRanking

	include Msf::Exploit::Remote::HttpClient
	include Msf::Auxiliary::Dos

	def initialize(info = {})
	super(

paralax / opencanaryd

Created January 17, 2018 19:59

opencanaryd init.d script for raspian

	#! /bin/sh
	### BEGIN INIT INFO
	# Provides: opencanaryd
	# Required-Start: $remote_fs $syslog
	# Required-Stop: $remote_fs $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: OpenCanaryd launcher
	# Description: OpenCanaryd is an alerting honeypot
	### END INIT INFO

paralax / extractor.cpp

Created October 20, 2017 16:30

working on a manalyze plugin to extract IPs, paths, etc

	/*
	This file is part of Manalyze.

	Manalyze is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	Manalyze is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of

paralax / extractors.json

Created August 23, 2017 16:49

snippet of WAF log extractor for anomaly score

	{
	"title": "Fastly WAF anomaly score",
	"extractor_type": "split_and_index",
	"converters": [],
	"order": 0,
	"cursor_strategy": "copy",
	"source_field": "message",
	"target_field": "anomaly_score",
	"extractor_config": {
	"index": 19,

paralax / tcp_banner_grab.php

Last active June 1, 2018 16:16

TCP connect() scanner with banner grab

	<?php
	$ports = range(20, 100);
	$IP = "192.168.1.50";
	$results = array();
	foreach ($ports as $port) {
	$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
	socket_set_option($sock, SOL_SOCKET, SO_RCVTIMEO, array('sec'=>0, 'usec'=>100));
	socket_set_option($sock, SOL_SOCKET, SO_SNDTIMEO, array('sec'=>0, 'usec'=>100));
	if (@socket_connect($sock, $IP, $port)) {
	socket_recv($sock, $buffer, 1024, 0);

paralax / Makefile

Last active July 2, 2024 01:40

vtwebd - a very tiny web daemon that servers static content

	all: vtwebd

	request.o: request.c
	gcc -g -O2 -c request.c

	vtwebd.o: main.c
	gcc -pthread -g -O2 -c main.c

	vtwebd: vtwebd.o request.o
	gcc -pthread -g -o vtwebd main.o request.o

paralax / divergence_measures.fs

Created May 4, 2017 19:55

towards implementing the Jensen-Shannon divergence metric, IEEE TRANSACTIONS ON INFORMATION THEORY. VOL. 37, NO. I, JANUARY 1991

	let entropy (s) : float =
	let p = string(s).ToCharArray()
	\|> Seq.groupBy (fun x -> x)
	\|> Seq.map (fun (x,y) -> Seq.length y)
	-1.0 * ([ for count in p ->
	float(count)/float(String.length(s)) *
	System.Math.Log(float(count)/float(String.length(s)), 2.0) ]
	\|> Seq.sum )

	let ngrams (s : string) (n: int) : Map<string,int> =