I hereby claim:
- I am botlabsdev on github.
- I am botlabsdev (https://keybase.io/botlabsdev) on keybase.
- I have a public key ASBn2VqCK1itTxy5RRpPlR7nAnGjpf98dbSrzhrOw_BRPQo
To claim this, I am signing this object:
Axel botlabsDev
botlabsDev
/ poc_ask_gandalf.py
Last active
March 15, 2024 08:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import json | |
| import time | |
| from pathlib import Path | |
| from typing import Iterable | |
| import requests | |
| from openai import OpenAI | |
| """ |
botlabsDev
/ ms_threat_actor_taxonomy_to_misp_format.py
Created
April 20, 2023 11:53
Microsoft threat actory taxonomy to misp format converter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import uuid | |
| from pprint import pprint | |
| import requests | |
| # https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide | |
| # https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/ |
botlabsDev
/ new_microsoft_threat_actor_naming_taxonomy.py
Last active
April 20, 2023 12:00
The new Microsoft threat actor naming taxonom as line formated json. -> https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pprint import pprint | |
| import requests | |
| # https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide | |
| # https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/ | |
| URL = "https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/ThreatActorNaming/MicrosoftMapping.json" | |
botlabsDev
/ ip_to_asn_history.py
Last active
July 27, 2022 13:23
Historical IP to ASN Mapper - find the ASN of an IP to a given timestamp. Could be faster.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Twitter: @botlabsDev | |
| # $ python3 ip_to_asn_history.py 8.8.8.8 --day 2019-01-01 | |
| # alternative online tool: https://stat.ripe.net/widget/routing-history | |
| import argparse | |
| import datetime | |
| import ipaddress | |
| import tarfile | |
| from dataclasses import dataclass |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import ssl | |
| import logging | |
| import socket | |
| logging.basicConfig(filename='tls_logs.log', level=logging.INFO) | |
| #socket.setdefaulttimeout(2) | |
| class TlsSinkholeServer(asyncio.Protocol): | |
| peername = None |
botlabsDev
/ simple_tcp_sinkhole.py
Last active
May 18, 2022 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 23:65535 -j DNAT --to-destination :5555 | |
| # sudo python3 fake_tcp_server.py | |
| # sudo tcpdump -i eth0 port not 22 -C 100000 -w dump | |
| ### fake_tcp_server.py | |
| import asyncio | |
| class TcpSinkhole(asyncio.Protocol): |
botlabsDev
/ keybase.md
Created
March 23, 2022 18:14
botlabsDev
/ extract_emails_from_git_events.py
Last active
June 11, 2024 08:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime | |
| import logging | |
| from time import sleep | |
| import requests as requests | |
| logging.basicConfig(level=logging.INFO, filename="git_emails.log") | |
| API_URL = "https://api.github.com/events?per_page=1000" | |
| DENY_LIST = ["example.com", "github.com"] | |
| LOCAL_TIMEZONE = datetime.datetime.now().astimezone().tzinfo |
botlabsDev
/ mount_shared_folder.sh
Created
October 6, 2021 08:37
VMware - mount all shared folders from the VMware host into the the linux vm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vagrant.configure("2") do |config| | |
| config.vm.box = "peru/ubuntu-20.04-desktop-amd64" | |
| config.vm.box_version = "20210701.01" | |
| config.vm.provider "virtualbox" do |vb| | |
| vb.customize ["modifyvm", :id, "--nictrace1", "on"] | |
| vb.customize ["modifyvm", :id, "--nictracefile1", "#{File.dirname(__FILE__)}/trace1.pcap"] | |
| end | |
| end |
NewerOlder