tag:blogger.com,1999:blog-71371173255684167562024-03-14T03:19:38.363-04:00Edward SnyderEddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-7137117325568416756.post-42508076314372828822011-10-06T10:21:00.004-04:002011-10-06T10:29:57.247-04:00OSX commands equivalent to Linux commands<pre><br />OSX Linux<br />==== =====<br />disktool -l fdisk -l<br /><br /><br /></pre>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-17201412221986774012011-09-23T11:16:00.004-04:002011-09-23T11:35:01.810-04:00R3gExGrep for IP Addresses:<br />=======================<br />Only the IP:<br />------------<br />grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' file.txt<br /><br />Only one IP and ONLY if it is at the beginning of the line:<br />------------------------------------------------------------<br />grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' file.txt<br /><br />Any IP and the rest of the line it is one:<br />-------------------------------------------<br />grep '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' file.txt<br /><br />Convert sequential lines of text to space delimitated list:<br />============================================================<br />perl -pe 's/\s*$/ /' filename.txt<br /><br />Sort IP's properly:<br />=====================<br />sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n<br /><br />Display only unique IP's from above sort command:<br />==================================================<br />| uniq<br /><br />Remove all white space from left to first word:<br />================================================<br />cat | sed -e 's/^[ \t]*//'Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-27806095016959976812011-08-12T10:46:00.000-04:002011-08-12T10:47:07.294-04:00INetSim<a href="http://www.inetsim.org/features.html">http://www.inetsim.org/features.html</a>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-7165659779361383902011-07-29T11:51:00.002-04:002011-09-19T12:11:40.712-04:00Java Script:<ul><li><a href="http://jsunpack.jeek.org/dec/go">Unpacker</a></li><li><a href="http://www.linuxquestions.org/linux/answers/Security/Decoding_obfuscated_javascript_Simple_way">Decoding (easy)</a><br /></li></ul>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-65951264859427783432011-07-29T11:42:00.001-04:002011-07-29T11:44:50.148-04:00Code injection:<ul><li><a href="http://www.codeproject.com/KB/winsdk/CodeInject.aspx">C example</a><br /></li></ul>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-86163995835087875552011-07-29T11:29:00.008-04:002011-11-03T09:29:02.482-04:00Sandb0x3n:<span style="font-weight: bold;">Local:</span><br /><ul><li><a href="http://www.secureworks.com/research/tools/truman/">Truman</a></li><li><a href="http://zerowine.sourceforge.net/">ZeroWine</a><br /></li></ul><br /><span style="font-weight: bold;">Online:<br /><br /></span><ul><li><a href="http://eureka.cyber-ta.org">EUREKA! (MRI)</a><br /></li></ul><ul><li><a href="http://www.sunbeltsecurity.com/sandbox/">GFI Sandbox</a><br /></li></ul>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-58882884277297855462011-07-29T10:24:00.003-04:002011-07-29T10:34:13.807-04:00Anti-Virus info:<ul><li><a href="http://security.symantec.com/nbrt/npe.aspx?lcid=1033">Norton Power Eraser</a></li><li><a href="http://www.symantec.com/business/support/index?page=content&id=TECH100099">Interpreting Symantec AV Logs</a><br /></li></ul>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-64324483191224670522011-07-23T00:49:00.008-04:002011-07-23T01:14:35.708-04:00ZOMG - "CYBER WEAPONS"!!! If only there were a blog that would Really Justify Bulletins such as this... Dear _cyber_ blog...<a href="http://www.businessweek.com/printer/magazine/cyber-weapons-the-new-arms-race-07212011.html">http://www.businessweek.com/printer/magazine/cyber-weapons-the-new-arms-race-07212011.html</a>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-17740221561797610492011-07-21T11:03:00.004-04:002011-07-21T11:07:15.764-04:00Escape raw HTML<a href="http://http//www.accessify.com/tools-and-wizards/developer-tools/quick-escape/default.php"></a><a href="http://www.accessify.com/tools-and-wizards/developer-tools/quick-escape/default.php">www.accessify.com/tools-and-wizards/developer-tools/quick-escape/default.php</a>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-34261347382331222552011-07-15T10:02:00.008-04:002011-07-15T12:25:46.132-04:00SMBMOUNT* boot machine with sleuthkit, smbfs, clamav (w/updated definitions), etc.<br /><br />* mkdir -p /data/<casenum>/<dir/code name as listed on file server>/ /work/<casenum>/<partnums(s)>/<br /><br />* smbmount //192.168.8.103/<dir/code name from file sever /data/<casenum/<dir/code name>/ -o username=user,password=pass,ro<br /><br />* run mmls on image file: mmls /data/<casenum/<dir/code name>/image.dd<br /><br />* find offset of partitions to mount - start sector (63) * default block size (512) = 32256 (for first partition)<br /><br />* mount -o loop,ro,noexec,nodev,offset=32256 /data/<casenum>/<dir/code name>/image.dd /work/<casenum>/<partnum>/Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-89250809162079547062011-07-14T10:47:00.000-04:002011-07-14T10:51:58.599-04:00Local Ubuntu package repositorySo I am trying to figure out the best way to create a local repository for Ubuntu (yes I am ashamed it is not for Debian) - Natty. So far I have come across this command for pulling down the packages - debmirror -v --host=archive.ubuntu.com --method=http --root=ubuntu --arch=i386 --dist=natty,natty-updates,natty-security --section=main,multiverse,restricted,universe --nosource --passive natty --ignore-release-gpg<br /><br />Still working/researching if this is the best way and then how to point all the non-internet accessible machines to the one machine that debmirror was run on. Suggestions welcome!Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com2tag:blogger.com,1999:blog-7137117325568416756.post-58455248857442825732011-07-14T10:37:00.000-04:002011-07-14T10:38:03.824-04:00Merging/Splitting PDF'shttp://www.pdfsam.org/Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0tag:blogger.com,1999:blog-7137117325568416756.post-25156029581112206492011-07-14T10:31:00.001-04:002011-07-21T11:08:20.965-04:00Performing bulk whois/ASN lookups<a href="http://www.team-cymru.org/Services/ip-to-asn.html">http://www.team-cymru.org/Services/ip-to-asn.html</a>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com1tag:blogger.com,1999:blog-7137117325568416756.post-91197990059313960812011-07-14T10:21:00.001-04:002011-09-19T13:23:16.092-04:00Wind0ze Commands of possible relevance.<pre>~Uptime:<br />========<br />systeminfo | find "Time"<br /><br />Merge split files (like Unix cat):<br />==================================<br />copy /B file1+file2+file3 entirefile.out<br /></pre>Eddie Snyderhttp://www.blogger.com/profile/11262428514146296675noreply@blogger.com0