Skip to content

Instantly share code, notes, and snippets.

View DavidHoenisch's full-sized avatar

Mockingjay DavidHoenisch

17 followers · 90 following
View GitHub Profile
@DavidHoenisch
DavidHoenisch / lin-hardening.sh
Last active June 13, 2025 23:07
#!/usr/bin/env bash
sudo apt update && sudo apt upgrade -y
sudo apt install lynis ufw unattended-upgrades -y
sudo lynis audit system > lynis-scan.txt
sudo useradd web-app
@DavidHoenisch
DavidHoenisch / guide.md
Last active August 9, 2025 16:12

PCAP Analysis Methodology Guide

For Network Security Analysts

Introduction

This guide outlines a systematic approach to analyzing packet captures (PCAPs) for security investigation. As analysts, our goal is to identify potential security incidents, understand attack patterns, and determine the scope and impact of suspicious network activity.

Initial Triage Questions

Before diving into analysis, address these key questions:

  • What is the time range of the capture?
  • What prompted this PCAP analysis (alert, incident, routine monitoring)?
@DavidHoenisch
DavidHoenisch / command
Last active July 25, 2024 16:56
Automatically create github issues with the results from a trivy scan
trivy config . --format json | jq -c '.Results.[]| select(.Misconfigurations != null) |.Misconfigurations.[]' | zq -j 'cut Message, Resolution, Severity, CauseMetadata.Resource' - | parallel --delimiter '\\n' --quote issuefromscan
@DavidHoenisch
DavidHoenisch / gist:e73be30e69a1f94c01e346188ddd8b6b
Created July 18, 2024 18:25
NIST SP 800-171 to NIST SP 800-53 mappings
{
"171 Rev": "2",
"generated": "2024-07-18 11:24:35.990610",
"mappings": [
{
"index": 0,
"NIST 800-171 Control Number": "3.1.1",
"Control Family": "Access Control",
"Control Text": "Limit system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).",
"NIST 800-53 Mapping": "AC-2, AC-3, AC-17"
@DavidHoenisch
DavidHoenisch / Scraping words from a URL.md
Created June 28, 2023 16:54
Scraping words from a URL.md

The following code is for scraping content from websites and extracting just the words. This is useful for being able to feed web content into other processes.

This can be accomplished in a three step process.

  1. Get the raw html content using the requests library
  2. Feed the .text results of step one into the BeautifulSoup and extract the text with .get_text(). This will strip all the html from the content and return and unstructured string.
  3. The string that is returned will need some heavy sanitization.
    1. Strip the blank lines with a python filter
    lines = filter(lambda x: x.strip(), text.splitlines())
@DavidHoenisch
DavidHoenisch / enable-logging.ps1
Created January 24, 2023 16:41
All the logging for windows. Generated to what2log.com
auditpol /set /subcategory:"computer account management" /Success:Enable /Failure:Enable
auditpol /set /subcategory:"computer account management" /Success:Enable /Failure:Enable
auditpol /set /subcategory:"computer account management" /Success:Enable /Failure:Enable
auditpol /set /subcategory:"audit policy change" /Success:Enable /Failure:Enable
auditpol /set /subcategory:"logon" /Success:Enable /Failure:Enable
@DavidHoenisch
DavidHoenisch / swiftonsecurity-sysmon-config.ps1
Last active October 25, 2025 18:44
Configure powershell with swiftonsecurity's sysmon config. Assumes that your install paths match. Modifiy as needed.
$source = 'https://raw.githubusercontent.com/Neo23x0/sysmon-config/master/sysmonconfig-export.xml'
$destination = 'C:\Program Files\Sysmon\Sysmon\sysmonconfig-export.xml'
Invoke-WebRequest -Uri $source -OutFile $destination
'C:\Program Files\Sysmon\Sysmon\Sysmon.exe -c .\sysmonconfig-export.xml'
@DavidHoenisch
DavidHoenisch / auditd_install.sh
Created January 23, 2023 18:07
#!/bin/bash
if [[ $UID -ne 0 ]]; then
echo "Please run with sudo"
exit 1
fi
## check what distrobution of linux is being run. Supported versions are CentOS, debian, Ubuntu, Amazon Linux
if [ -f /etc/redhat-release ]; then
@DavidHoenisch
DavidHoenisch / MVT_IOS_HELPFUL_COMMANDS.md
Created October 7, 2022 01:58
MVT_IOS Helpful Commands
Use Command
Mount iOS phone to docker docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb -v /var/run/usbmuxd:/var/run/usbmuxd mvt 
Get info on iOS device ideviceinfo
Create iOS backup idevicebackup2 --full [path/to/backup/folder]
Get the latest IoC’s mvt-ios download-iocs
Decrypt the backup MVT_IOS_BACKUP_PASSWORD="mypassword" mvt-ios decrypt-backup -d /path/to/decrypted /path/to/backup
@DavidHoenisch
DavidHoenisch / Helpful commands.md
Created October 7, 2022 01:51
MVT-ANDROID Helpful commands
Use Command
Mount iOS phone to docker docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb -v /var/run/usbmuxd:/var/run/usbmuxd mvt 
Get info on iOS device ideviceinfo
Create iOS backup idevicebackup2 --full [path/to/backup/folder]
Get the latest IoC’s mvt-ios download-iocs
Decrypt the backup MVT_IOS_BACKUP_PASSWORD="mypassword" mvt-ios decrypt-backup -d /path/to/decrypted /path/to/backup