Extracts the package table of contents as an XML file
xar --dump-toc={header.xml} -f {file.pkg}
Clean up the TOC to just the RSA signature information
/usr/bin/xmllint --xpath '//signature[@style="RSA"]' {header.xml} > {rsa.raw}
peasead
/ ecs-to-stix.py
Last active
March 20, 2025 21:21
Convert an Elastic Common Schema (ECS) formatted NDJSON file into a STIX 2.1 JSON file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import uuid | |
| import argparse | |
| import os | |
| from stix2 import Indicator, Bundle, AttackPattern, MarkingDefinition | |
| # Author: @andythevariable | |
| # Usage: | |
| # python -m venv ecs-to-stix |
peasead
/ update-agents.sh
Last active
June 6, 2023 22:23
Updates Fleet-managed Elastic agents that are stuck in an "Updating" status.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Shell script to update Elastic Agents that are stuck in an "Updating" state in Fleet. | |
| # Example : | |
| # KIBANA_URL="https://my-kibana-host:5601" | |
| # PASSWORD="secret-password" | |
| # ./update-agents.sh | |
| KIBANA_URL="https://kibana-url:port" | |
| PASSWORD="elastic-user-password" | |
| AGENT_IDS=` |
peasead
/ macos-setup.sh
Last active
October 26, 2021 18:01
— forked from seven62/macos-setup.sh
Script and readme to configure a new mac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #set -eux | |
| # Create Profile Directories | |
| mkdir ~/{bin,code,dev} | |
| # Installing Homebrew if necessary | |
| if system_profiler SPApplicationsDataType | grep brew >/dev/null 2>&1; then echo "Homebrew already installed. Moving on."; else /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"; fi | |
| # Install CLI Tools |
peasead
/ malware-bazaar-tag-download.sh
Last active
July 13, 2025 10:06
Download samples from Malware Bazaar based on tag.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bash script to download Malware Bazaar based on tag | |
| # Define tag and number of samples to download | |
| TAG=insert-malware-bazaar-tag | |
| DOWNLOAD_LIMIT=100 | |
| # Determin OS | |
| OS=$(uname -s) | |
| # Download hash values from tag, save the SHA256 hashes |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat input.ndjson | jq -s . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat file.json | jq -c '.[]' > output.ndjson |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # python3 csv-to-ndjson.py | |
| # pip3 install csv json | |
| import csv | |
| import json | |
| csvfile = open('in.csv', 'r') | |
| jsonfile = open('out.ndjson', 'w') | |
| fieldnames = ("field1","field2","field3") |
peasead
/ mac-os-elastic-agent-install.sh
Last active
March 29, 2023 03:10
Install the Elastic Agent on macOS systems.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -eux | |
| # Single script to install the Elastic Agent on macOS | |
| # Downloads the Elastic Agent and saves it to your computer in the current directory (example in Downloads, Desktop, etc.) | |
| curl -OL https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.2.0-darwin-x86_64.tar.gz | |
| # Uses the Tar command to decompress the Elastic Agent and prepare it for installation | |
| tar zxf elastic-agent-8.2.0-darwin-x86_64.tar.gz | |
| # Enters the Elastic Agent directory that was decompressed in the previous step |
peasead
/ extract-pkg-x509-cert.md
Last active
September 10, 2024 07:42
Extracting code-signing certificates from .pkg files
peasead
/ win-2019-ad-deploy.ps1
Last active
February 4, 2021 20:38
Deploy Windows 2019 Active Directory and DNS services
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.virtualgyanis.com/post/step-by-step-how-to-install-and-configure-domain-controller-on-windows-server-2019 | |
| Import-Module ADDSDeployment | |
| Install-ADDSForest ` | |
| -CreateDnsDelegation:$false ` | |
| -DatabasePath "C:\Windows\NTDS" ` | |
| -DomainMode "WinThreshold" ` | |
| -DomainName "huntops.blue" ` | |
| -DomainNetbiosName "HUNTOPS" ` | |
| -ForestMode "WinThreshold" ` | |
| -InstallDns:$true ` |
NewerOlder