morfikov

About this HowTo

Encrypted systems (desktops/laptops) have one major problem when it comes to providing security over protected files. When you sit in front of your machine, you can feel safe because no one can break into the system without your knowledge. Moreover, if they try to do some bad actions, you can detect them and avoid the imminent danger. But what if you leave your laptop alone? Even if you think that you can lock it, turn it off or hibernate it, the machine still isn't secure as you would have thought. The problem lays in the physical access that people can get when you're not around and hence set some traps for you when you're not looking. To avoid the danger that comes

Neo23x0

# IMPORTANT!
# This gist has been transformed into a github repo 
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd

#      ___             ___ __      __
#     /   | __  ______/ (_) /_____/ /
#    / /| |/ / / / __  / / __/ __  / 
#   / ___ / /_/ / /_/ / / /_/ /_/ /  
#  /_/  |_\__,_/\__,_/_/\__/\__,_/   

Yatoom

Thinkfan setup

Note: I configured this thinkfan setup for my old Thinkpad w520 on Ubuntu 17.10.

1. Install necessary programs

Install lm-sensors and thinkfan.

sudo apt-get install lm-sensors thinkfan

jobertabma

1. Capture ICMP packets on your server:

tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap

2. Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:

ip=vm03;output=`hostname`;for ((i=0;i<${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done

Neo23x0

rule Microsoft_PE_Timestamp_Copyright_Anomaly {
   meta:
      description = "Detects a portable executable with an old copyrigth statement but a new compilation timestamp"
      author = "Florian Roth"
      reference = "Internal Research"
      date = "2017-06-02"
      score = 30
   strings:
      $a1 = "Copyright (C) Microsoft Corp. 19" wide

cvan

Instructions

CloudFlare is an awesome reverse cache proxy and CDN that provides DNS, free HTTPS (TLS) support, best-in-class performance settings (gzip, SDCH, HTTP/2, sane Cache-Control and E-Tag headers, etc.), minification, etc.

1. Make sure you have registered a domain name.
2. Sign up for CloudFlare and create an account for your domain.
3. In your domain registrar's admin panel, point the nameservers to CloudFlare's (refer to this awesome list of links for instructions for various registrars).
4. From the CloudFlare settings for that domain, enable HTTPS/SSL and set up a Page Rule to force HTTPS redirects. (If you want to get fancy, you can also enable automatic minification for text-based assets [HTML/CSS/JS/SVG/etc.], which is a pretty cool feature if you don't want already have a build step for minification.)
5. If you

TinLe

# Syslog stuff
COMPONENT ([\w._\/%-]+)
COMPID postfix\/%{COMPONENT:component}(?:\[%{NUMBER:pid}\])?
POSTFIX (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{COMPID}:

# Milter
HELO (?:\[%{IP:helo}\]|%{HOST:helo}|%{DATA:helo})

MILTERCONNECT %{QUEUEID:qid}: milter-reject: CONNECT from %{RELAY:relay}: %{GREEDYDATA:milter_reason}; proto=%{WORD:proto}
MILTERUNKNOWN %{QUEUEID:qid}: milter-reject: UNKNOWN from %{RELAY:relay}: %{GREEDYDATA:milter_reason}; proto=%{WORD:proto}