Skip to content

Instantly share code, notes, and snippets.

View muffins's full-sized avatar

Nick Anderson muffins

150 followers · 58 following
View GitHub Profile
@muffins
muffins / gist:59810da3dfd1d246f02ff27f6afb19a9
Created March 23, 2023 21:45
osquery listening processes function
function listening_processes() {
type osqueryi > /dev/null 2>&1
if [ $? -eq 1 ]; then
echo "[-] osqueryi not found on the system, install it."
return 1
fi
osqueryi "select p.pid, p.name, lp.port, lp.address from listening_ports lp join processes p on lp.pid = p.pid where lp.port <> 0"
}
@muffins
muffins / osquery_build_and_sign.md
Last active January 21, 2021 06:18
osquery: Building Signed Windows MSI and Chocolatey packages.

Building the signed osquery.msi package:

  • First build the binaries, obvi. Pay close attention here to the Cmake invocation flags. We specify the MultiThreaded to ensure there's no requirement on a linkage of MSVCRT, and further build the tests to ensure they're mostly passing locally.
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> cmake -DCMAKE_MSVC_RUNTIME_LIBRARY=MultiThreaded -DOSQUERY_BUILD_TESTS=ON -G "Visual Studio 16 2019" -A x64 -T v141 ..\..\                                       -- Selecting Windows SDK version 10.0.18362.0 to target Windows 10.0.19041.
-- osquery version: 4.4.0
-- Build type:
-- Shared libraries: OFF
-- Importing: source/boost
-- Importing: source/bzip2
@muffins
muffins / gist:8e20351d6f54778a8a196d78aba00c2e
Created October 5, 2017 05:20 — forked from techbliss/gist:d6c0002325da01470d3321cc8c218b81
Solarized dark background
[Colors]
AbstractTableViewBackgroundColor=#002B36
AbstractTableViewHeaderTextColor=#657B83
AbstractTableViewSelectionColor=#073642
AbstractTableViewSeparatorColor=#808080
AbstractTableViewTextColor=#657B83
DisassemblyAddressBackgroundColor=#002B36
DisassemblyAddressColor=#657B83
DisassemblyAutoCommentBackgroundColor=#XXXXXX
DisassemblyAutoCommentColor=#85833A
@muffins
muffins / Python WExpect
Created February 22, 2017 04:36 — forked from anthonyeden/Python WExpect
Python's PExpect for Microsoft Windows: WExpect
"""Pexpect is a Python module for spawning child applications and controlling
them automatically. Pexpect can be used for automating interactive applications
such as ssh, ftp, passwd, telnet, etc. It can be used to a automate setup
scripts for duplicating software package installations on different servers. It
can be used for automated software testing. Pexpect is in the spirit of Don
Libes' Expect, but Pexpect is pure Python. Other Expect-like modules for Python
require TCL and Expect or require C extensions to be compiled. Pexpect does not
use C, Expect, or TCL extensions. It should work on any platform that supports
the standard Python pty module. The Pexpect interface focuses on ease of use so
that simple tasks are easy.
@muffins
muffins / hosts
Created October 22, 2016 15:48
IPs for popular websites
# In the event of another DNS take down, you can drop these into your etc/hosts
# file and still be able to reach some components of popular sites.
tumblr.com 174.121.194.34
wikipedia.org 208.80.152.201
# News
bbc.co.uk 212.58.241.131
aljazeera.com 198.78.201.252
@muffins
muffins / README.md
Created August 17, 2016 01:03 — forked from hofmannsven/README.md
My simply Git Cheatsheet
@muffins
muffins / tmux-cheatsheet.markdown
Last active August 29, 2015 14:20 — forked from MohamedAlaa/tmux-cheatsheet.markdown

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@muffins
muffins / Keybase Proof
Last active June 26, 2017 15:28
### Keybase proof
I hereby claim:
* I am muffins on github.
* I am muffins (https://keybase.io/muffins) on keybase.
* I have a public key whose fingerprint is B67D D475 9985 DC6E CECC 0BF7 3DD0 0932 D3CA E72D
To claim this, I am signing this object: