It's a fast go-based scanner for Linux, Windows, and macOS that applies Sigma rules and outputs the matches as JSON.
git clone https://github.com/SigmaHQ/sigma.git
cd sigma
title: Correlation - Multiple Failed Logins Followed by Successful Login | |
id: b180ead8-d58f-40b2-ae54-c8940995b9b6 | |
status: experimental | |
description: Detects multiple failed logins by a single user followed by a successful login of that user | |
references: | |
- https://reference.com | |
author: Florian Roth (Nextron Systems) | |
date: 2023/06/16 | |
correlation: | |
type: temporal |
My LinkTree
by Proofpoint
by Austin Hudson
#!/bin/bash -x | |
hostname=$(hostname) | |
source=$(echo "$SSH_CONNECTION" | cut -d' ' -f 1) | |
geo=$(geoiplookup "$source") | |
curl -X POST --silent --data "payload={\"text\": \":bust_in_silhouette: SYSTEM: $hostname USER: $USER SOURCE: $source GEO: $geo\"}" https://hooks.slack.com/services/XXXXXXXX_YOURHOOK_XXXXX > /dev/null |
https://thedfirreport.com/ | |
https://www.zerodayinitiative.com/blog/ | |
https://codewhitesec.blogspot.com/ | |
https://www.digitalshadows.com/blog-and-research/ | |
https://blog.talosintelligence.com/ | |
https://www.riskiq.com/blog/ | |
https://www.sekoia.io/en/blog-sekoia-io/ | |
https://www.nextron-systems.com/blog/ | |
https://www.microsoft.com/security/blog/ | |
https://blog.truesec.com/ |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
Guide by Florian Roth
https://www.minecraft.net/en-us/store/minecraft-java-edition/
I've transformed this gist into a git repository.
Whenever you research a certain vulnerability ask yourself these questions and please answer them for us
Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)