Pinboard (asteroza)
https://pinboard.in/u:asteroza/public/
recent bookmarks from asterozaCapture Network Logs (NetLog) from Edge and Chrome (and Electron and WebView2) – text/plain2023-08-30T06:21:36+00:00
https://textslashplain.com/2020/01/17/capture-network-logs-from-edge-and-chrome/
asterozachrome edge browser network log capture debugginghttps://pinboard.in/u:asteroza/b:f24aa069c53a/No log to display. - NetLog Viewer2023-08-30T06:09:06+00:00
https://netlog-viewer.appspot.com/#import
asterozachrome chromium edge network log debugging sysadmin tools utilites tips tricks proxy troubleshootinghttps://pinboard.in/u:asteroza/b:1d8b7ce36cb6/Site compatibility-impacting changes coming to Microsoft Edge - Microsoft Edge Development | Microsoft Learn2023-08-30T05:16:07+00:00
https://learn.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes
asterozamicrosoft edge browser breaking change log list version sysadmin tips tricks reference information securityhttps://pinboard.in/u:asteroza/b:dc69815a822c/Parsing Windows DNS Debug log… | DollarUnderscore2023-08-21T01:42:39+00:00
https://p0wershell.com/?p=291
asterozawindows DNS log analysis powershell parser sysadmin tools utilities softwarehttps://pinboard.in/u:asteroza/b:0d3aa0991683/Microsoft Log Parser 2.22023-08-21T01:41:40+00:00
https://www.microsoft.com/en-us/download/confirmation.aspx?id=24659
asterozawindows DNS log analysis network networking sysadmin tools utilities software tips trickshttps://pinboard.in/u:asteroza/b:6bb52004a115/Windows DNS Log Analyser2023-08-21T01:39:10+00:00
https://support.moonpoint.com/reviews/software/windows/network/dns/WDLA/
asterozawindows DNS log analysis software network networking sysadmin tools utilities tips trickshttps://pinboard.in/u:asteroza/b:31d64830a325/SetupDiag - Windows Deployment | Microsoft Learn2022-11-17T09:18:44+00:00
https://learn.microsoft.com/en-us/windows/deployment/upgrade/setupdiag
asterozawindows update error debug sysadmin tips tricks loghttps://pinboard.in/u:asteroza/b:0098a65c70ed/Black Hat 2022:Blasting Event-Driven Cornucopia - WMI edition2022-08-25T05:53:34+00:00
https://binarly.io/posts/Black_Hat_2022_Blasting_Event_Driven_Cornucopia_WMI_edition/index.html
asterozawindows security WMI disable logging event log ETWhttps://pinboard.in/u:asteroza/b:e2a2ddc4874f/COCOAログチェッカー2022-08-02T04:46:10+00:00
https://cocoa-log-checker.com/#/
asterozajapan COVID-19 coronavirus COCOA app log contacthttps://pinboard.in/u:asteroza/b:06e2f14bc1eb/A Begginers All Inclusive Guide to ETW — Blake's R&D2022-07-22T07:24:19+00:00
https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
asterozawindows security logging ETW loghttps://pinboard.in/u:asteroza/b:101c884ab42e/Paul Melson on Twitter: "PowerShell scriptblock logging plus real-time detection for the use of System.Reflection.AssemblyName() takes so many tools and techniques off the table for attackers and has a very low false positive rate. I cannot recommend thi?2022-06-30T06:06:30+00:00
https://twitter.com/pmelson/status/1540350167920291842
asterozapowershell script block logging security blueteam defense event loghttps://pinboard.in/u:asteroza/b:976791651c89/Windows Event Log Evasion via Native APIs2022-04-14T07:43:15+00:00
https://www.inversecos.com/2022/03/windows-event-log-evasion-via-native.html
asterozawindows event log evasion security hacking pentesting sysadmin tips tricks IoC DFIR forensichttps://pinboard.in/u:asteroza/b:43309f726c34/airbus-cert/ntTraceControl: Powershell Event Tracing Toolbox2022-03-22T07:42:08+00:00
https://github.com/airbus-cert/ntTraceControl
asterozasecurity testing windows event log fakehttps://pinboard.in/u:asteroza/b:0cc139874d83/inversecos on Twitter: "1 How to prove malicious macro was enabled & clicked? 👀 #DFIR HKEY_LOCAL_MACHINEUSERDATSoftwareMicrosoftOffice<VERS><PROGRAM>SecurityTrusted DocumentsTrustRecords Look ONLY for values where last four bytes are "FF F…2022-02-18T00:11:54+00:00
https://twitter.com/inversecos/status/1494174785621819397
asterozaDFIR office macro log security hacking pentestinghttps://pinboard.in/u:asteroza/b:cb8a18a0afc3/MDATP/Failed Logon - Public IP.md at master · alexverboon/MDATP · GitHub2022-02-15T06:41:12+00:00
https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Failed%20Logon%20-%20Public%20IP.md
asterozamicrosoft defender ATP query public logon log event security DFIRhttps://pinboard.in/u:asteroza/b:9de9864b4c94/Nasreddine Bencherchali on Twitter: "EDRs/AVs sometimes trust certain locations or perform certain behavior when met with unexpected weirdness. Here are some ideas to check/test for, the next time you have some alone time with your solution 1/🧵" / Twit2022-02-09T06:14:32+00:00
https://twitter.com/nas_bench/status/1490417839098023936
asterozawindows security antivirus EDR XDR weakness trusted location reference information noise event loghttps://pinboard.in/u:asteroza/b:171a2243aa36/Download System Center 2012 R2 Configuration Manager Toolkit from Official Microsoft Download Center2022-01-19T02:51:20+00:00
https://www.microsoft.com/en-us/download/confirmation.aspx?id=50012
asterozasysadmin tools utilities tips tricks log file error syntax highlighthttps://pinboard.in/u:asteroza/b:4a988ea396d2/Announcing performance analyzer for Microsoft Defender Antivirus - Microsoft Tech Community2022-01-07T06:57:55+00:00
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-performance-analyzer-for-microsoft-defender-antivirus/ba-p/2713911
asterozawindows defender antivirus performance profiler profiling ETW log sysadmin tips trickshttps://pinboard.in/u:asteroza/b:7d81255b19a4/The Cisco Umbrella 1 Million top domains - Cisco Umbrella2021-12-24T07:05:18+00:00
https://umbrella.cisco.com/blog/cisco-umbrella-1-million
asterozareference information DNS top domain name security log noise filter threat huntinghttps://pinboard.in/u:asteroza/b:6d086abf0cec/Verifiable Data Structures | Trillian2021-12-06T06:40:13+00:00
https://transparency.dev/verifiable-data-structures/
asterozagoogle binary tamper evident log verifiable data structure open sourcehttps://pinboard.in/u:asteroza/b:30ac1bca7ef1/An open-source append only ledger | Trillian2021-12-06T06:39:53+00:00
https://transparency.dev/#trillian
asterozagoogle binary tamper evident log verifiable data structure open sourcehttps://pinboard.in/u:asteroza/b:c24614e52aa1/Binary Transparency2021-12-06T06:39:07+00:00
https://binary.transparency.dev/
asterozagoogle binary tamper evident log verifiable data structure open sourcehttps://pinboard.in/u:asteroza/b:c243d5798e1b/GitHub - mdecrevoisier/Windows-auditing-mindmap: Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.2021-10-15T07:47:53+00:00
https://github.com/mdecrevoisier/Windows-auditing-mindmap
asterozasecurity hackinig pentesting windows event log mindmap sysadmin tips tricks reference information DFIRhttps://pinboard.in/u:asteroza/b:55deed89f274/libfsclfs/Common Log File System (CLFS).asciidoc at main · libyal/libfsclfs · GitHub2021-09-03T01:00:05+00:00
https://github.com/libyal/libfsclfs/blob/main/documenation/Common%20Log%20File%20System%20(CLFS).asciidoc
asterozawindows CLFS common log filesystemhttps://pinboard.in/u:asteroza/b:216833687a7c/Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth | FireEye Inc2021-09-03T00:08:48+00:00
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
asterozawindows common log filesystem CLFS high performance logging securityhttps://pinboard.in/u:asteroza/b:926da949ab80/John Lambert on Twitter: "#HuntingTipOfTheDay If you collect your logs, an attacker clearing local event logs is a signal. Keep your eyes out for someone clearing the NTFS change journal to hide their tracks👣. 📎https://t.co/zXO0ePNLCK 📎https://t.2021-07-20T07:09:59+00:00
https://twitter.com/JohnLaTwC/status/1416019798354403330
asterozathreat hunting windows event log NTFS USN journal delete security hacking pentesting defense blueteam sysadminhttps://pinboard.in/u:asteroza/b:c420d8f0faf0/John Lambert on Twitter: "#HuntingTipOfTheDay If your DNS logging suddenly shows a machine resolving https://t.co/ZoZe9K8Rp2 that never normally does it, there might be a reason: https://t.co/TjYMtORRdI" / Twitter2021-07-08T06:11:50+00:00
https://twitter.com/JohnLaTwC/status/1410441322310168576
asterozathreat hunting intelligence firewall DNS log security defense sysadmin tips trickshttps://pinboard.in/u:asteroza/b:8f8392ab3dca/Mehmet Ergene on Twitter: "Here is how to hunt/detect 60% (possibly more than 60%) of lateral movement attacks: On ALL endpoints, look for EID 4624 with LogonType 9 (NewCredentials), and check TargetOutboundUserName field. 1/4 #threathunting #dfir #late?2021-06-16T05:40:12+00:00
https://twitter.com/Cyb3rMonk/status/1404098063237537797
asterozawindows AD event log ID 4524 lateral movement detection security hacking penteting blueteam defensehttps://pinboard.in/u:asteroza/b:b94cc7541cda/GitHub - dlcowen/FSEventsParser: Parser for OSX/iOS FSEvents Logs2021-05-10T05:41:48+00:00
https://github.com/dlcowen/FSEventsParser
asterozaDFIR mac OSX file system event loghttps://pinboard.in/u:asteroza/b:259ddf21248e/GitHub - zarunbal/LogExpert: Windows tail program and log file analyzer.2021-04-09T01:31:08+00:00
https://github.com/zarunbal/LogExpert
asterozalarge file text editor viewer log sysadmin tools utilitieshttps://pinboard.in/u:asteroza/b:5368e91bfe50/EmEditor (Text Editor) – Text Editor for Windows supporting large files and Unicode!2021-04-09T01:30:18+00:00
https://www.emeditor.com/
asterozalarge file text editor log viewer sysadmin tools utilities windowshttps://pinboard.in/u:asteroza/b:5f49c31d443e/Free Large File Editor2021-04-09T01:28:42+00:00
https://www.liquid-technologies.com/large-file-editor
asterozalarge file text editor sysadmin tools utilities log viewerhttps://pinboard.in/u:asteroza/b:10d2d2c8b5e0/GitHub - n3x77/forensic-bloom-filters: This repository holds bloom filters that can be generated from various sources like NIST, MISP, etc. for quick lookups of hash sums2021-03-19T04:48:20+00:00
https://github.com/n3x77/forensic-bloom-filters
asterozabloom filter hash event log forensci DFIR IR incident response analysis SIEM securityhttps://pinboard.in/u:asteroza/b:73810f4d4153/Thomas Roccia 🤘 on Twitter: "Here is part 2 of my log parsing cheat sheet for your office! Let me know your favorite tools or your ninja commands! 📌 #DFIR #ThreatHunting #infosec #Linux https://t.co/Qck9CqAXOx" / Twitter2021-01-04T23:56:57+00:00
https://twitter.com/fr0gger_/status/1346040749763293189
asterozalog text parsing command line CLI cheatsheet tools utilitieshttps://pinboard.in/u:asteroza/b:4a77162269f5/LogFusion: Real-Time Log Monitoring Made Easy by Binary Fortress Software2021-01-04T07:14:21+00:00
https://www.logfusion.ca/
asterozasysadmin tips tricks tools utilities realtime log monitoring text file reader windowshttps://pinboard.in/u:asteroza/b:ec8c2a1d9cc7/The World's Largest Commercial Cylindrical Slide Rule has a Scale Length of 24m | blog@CACM | Communications of the ACM2020-11-17T03:43:17+00:00
https://cacm.acm.org/blogs/blog-cacm/244935-the-worlds-largest-commercial-cylindrical-slide-rule-has-a-scale-length-of-24m/fulltext#.X7Jr8tMkPXk.twitter
asterozahumor retro classic cylindrical log slide rule mathematics calculatorhttps://pinboard.in/u:asteroza/b:23bf6470747d/SSC Serv, the System Statistics Collection Service2020-11-17T01:32:38+00:00
https://ssc-serv.com/
asterozawindows collectd daemon log forwarding service tools utiltiies graphite monitoring metrics performancehttps://pinboard.in/u:asteroza/b:e01413ad6470/Features – collectd – The system statistics collection daemon2020-11-17T01:31:59+00:00
https://collectd.org/features.shtml
asterozawindows collectd daemon log forwarding service tools utiltiies graphitehttps://pinboard.in/u:asteroza/b:3f3bcb4cd439/Script to help in monitoring event IDs related to changes in Netlogon secure channel connections associated with CVE-2020-14722020-08-19T00:38:49+00:00
https://support.microsoft.com/en-us/help/4557233/script-to-help-in-monitoring-event-ids-related-to-changes-in-netlogon
asterozawindows AD secure Netlogon RPC sysadmin tips tricks monitoring event log scripthttps://pinboard.in/u:asteroza/b:d5c9d7ad9bc4/DCOM event ID 10016 is logged in Windows2020-08-18T23:32:06+00:00
https://support.microsoft.com/en-us/help/4022522/dcom-event-id-10016-is-logged-in-windows
asterozafail windows 10 DCOM error log sysadmin tips trickshttps://pinboard.in/u:asteroza/b:ec6b1aa56a94/abrignoni/iLEAPP: iOS Logs, Events, And Preferences Parser2020-08-03T03:22:55+00:00
https://github.com/abrignoni/iLEAPP
asterozaiOS log parser debug security opensourcehttps://pinboard.in/u:asteroza/b:e3602a55c7bd/Automating a RedELK Deployment Using Ansible | TrustedSec2020-05-29T00:53:26+00:00
https://www.trustedsec.com/blog/automating-a-redelk-deployment-using-ansible/?hss_channel=tw-403811306
asterozaoffensive security event log management alerting hacking pentesting server software opensource SIEM RedELK ELK elasticsearch logstash kibana dashboard automation deployment devops ansible playbook sysadmin tips trickshttps://pinboard.in/u:asteroza/b:e334c1b0ab4f/outflanknl/RedELK: Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.2020-05-29T00:51:39+00:00
https://github.com/outflanknl/RedELK
asterozaoffensive security event log management alerting hacking pentesting server software opensource SIEM RedELK ELK elasticsearch logstash kibana dashboardhttps://pinboard.in/u:asteroza/b:75a11ef83fd3/*clears throat* 99% of events generated on an edge firewall are generated by people scanning/attacking 0.0.0.0/0 (shodan, search engines, researchers, botnets) you can use GreyNoise to filter all that stuff out to find the people actually scanning2020-03-13T08:23:35+00:00
https://twitter.com/Andrew___Morris/status/1238180783065620484
asterozagreynoise internet scanning filter firewall attack log preprocessing security sysadmin tips trickshttps://pinboard.in/u:asteroza/b:1dddcf0a14d8/palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response2020-03-10T09:09:27+00:00
https://github.com/palantir/windows-event-forwarding
asterozasecurity palantir windows event forwarding subscription log monitoring logginghttps://pinboard.in/u:asteroza/b:c166b7efa913/Windows Event Forwarding for Network Defense - Palantir Blog - Medium2020-03-10T09:08:54+00:00
https://medium.com/palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f
asterozasecurity palantir windows event forwarding subscription log monitoring logginghttps://pinboard.in/u:asteroza/b:f8d06b380f25/Download Winlogbeat | Ship Windows Event Logs | Elastic | Elastic2020-01-31T01:35:43+00:00
https://www.elastic.co/downloads/beats/winlogbeat
asterozaelasticsearch windows event log forwarder forwarding security devopshttps://pinboard.in/u:asteroza/b:1ef550c07fc3/Use Windows Event Forwarding to help with intrusion detection (Windows 10) - Windows security | Microsoft Docs2020-01-31T01:29:41+00:00
https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection
asterozaWEF windows event log forwarding securityhttps://pinboard.in/u:asteroza/b:a87c3b7ea43f/Best practice of configuring EventLog forwarding performance2020-01-31T01:29:28+00:00
https://support.microsoft.com/en-us/help/4494356/best-practice-eventlog-forwarding-performance
asterozaWEF windows event log forwarding securityhttps://pinboard.in/u:asteroza/b:7f7440507191/Auditd Module | Auditbeat Reference [master] | Elastic2020-01-31T01:03:27+00:00
https://www.elastic.co/guide/en/beats/auditbeat/master/auditbeat-module-auditd.html
asterozasecurity elasticsearch linux log export collectorhttps://pinboard.in/u:asteroza/b:c003a693241b/Using Sysmon and ETW For So Much More - Binary Defense2020-01-21T04:05:14+00:00
https://www.binarydefense.com/using-sysmon-and-etw-for-so-much-more/
asterozaSysmon ETW windows security event log monitoring sysadmin tips trickshttps://pinboard.in/u:asteroza/b:95782aa90e37/alexhude/PeculiarLog: Lightweight log filtering tool supporting regular expressions and instant (as-you-type) results.2019-12-19T03:19:46+00:00
https://github.com/alexhude/PeculiarLog
asterozalog search filtering software regex hyperscan AVX512 PCREhttps://pinboard.in/u:asteroza/b:be157ddeb315/John Lambert on Twitter: "Sir, in case it's helpful.… "2019-12-10T01:58:47+00:00
https://twitter.com/JohnLaTwC/status/1204156364836065280
asterozawindows service security auditing event log sysadmin tips tricks SIEMhttps://pinboard.in/u:asteroza/b:09036107d5cb/windows-event-forwarding/Firewall.xml at master · palantir/windows-event-forwarding2019-12-06T04:44:02+00:00
https://github.com/palantir/windows-event-forwarding/blob/master/wef-subscriptions/Firewall.xml
asterozawindows firewall change notification event log collection collector security sysadmin tips trickshttps://pinboard.in/u:asteroza/b:aa1407499402/010 Editor template for parsing Windows Registry TxR (.regtrans-ms) files2019-11-25T07:49:30+00:00
https://gist.github.com/williballenthin/eeeb2796c112b9b12f09af782e7b91fb
asterozawindows scheduled tasks transactional registry log forensic artifact security hacking pentestinghttps://pinboard.in/u:asteroza/b:d2fe19f432d3/[PowerShell] 1..2 | % { [PSCustomObject] @{ 1 = Get-Random 2 = Get-Random 3 = - Pastebin.com2019-11-12T06:39:30+00:00
https://pastebin.com/cqf3iJFU
asterozaoffice365 audit log conversion powershell script excel securityhttps://pinboard.in/u:asteroza/b:189ba0466597/wercker/stern: ⎈ Multi pod and container log tailing for Kubernetes2019-11-06T05:40:17+00:00
https://github.com/wercker/stern
asterozakubernetes log viewer query software devops logging sysadmin tools utilitieshttps://pinboard.in/u:asteroza/b:e085f24d21d9/google/eventid-js: Monotonically increasing per machine, globally unique eventids for JavaScript2019-10-23T23:28:48+00:00
https://github.com/google/eventid-js
asterozaunique ID alternative timestamp javascript webdev event log markerhttps://pinboard.in/u:asteroza/b:db1c2a47b09b/google/glog: C++ implementation of the Google logging module2019-10-23T07:56:58+00:00
https://github.com/google/glog
asterozaC++ log logger logging libraryhttps://pinboard.in/u:asteroza/b:fe98000f0a82/google/mtail: extract whitebox monitoring data from application logs for collection in a timeseries database2019-10-23T07:55:15+00:00
https://github.com/google/mtail
asterozalog metrics middleware export monitoring logging devops go prometheushttps://pinboard.in/u:asteroza/b:e7ac4406a93a/google/logger: Cross platform Go logging library.2019-10-23T07:50:23+00:00
https://github.com/google/logger
asterozago logging library event log logger sysloghttps://pinboard.in/u:asteroza/b:763265006b3e/google/breakpad: Mirror of Google Breakpad project2019-10-23T07:10:06+00:00
https://github.com/google/breakpad
asterozaprogram crash error reporting client server software debugging event loghttps://pinboard.in/u:asteroza/b:a0d86703b7b4/google/amt-forensics: Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password.2019-10-23T06:33:43+00:00
https://github.com/google/amt-forensics
asterozaintel AMT log retrieval DFIR forensichttps://pinboard.in/u:asteroza/b:9567d596e55a/LOGbinder Blog - Supercharger Free Edition is Now Available2019-10-23T05:55:41+00:00
https://www.logbinder.com/blog?p=a180b070-7067-4d06-aa83-eeed08d13d54
asterozawindows event log collector third party accelerator software sysadmin tips tricks tools utilities freehttps://pinboard.in/u:asteroza/b:33da9243bea3/Uncovering The Unknowns - Posts By SpecterOps Team Members2019-10-14T07:04:40+00:00
https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971
asterozaeducation learning sysmon windows event log ID mapping sysadmin tips tricks securityhttps://pinboard.in/u:asteroza/b:80e98055dd21/jsecurity101/Windows-API-To-Sysmon-Events: A repository that maps API calls to Sysmon Event ID's.2019-10-14T07:04:24+00:00
https://github.com/jsecurity101/Windows-API-To-Sysmon-Events
asterozaeducation learning sysmon windows event log ID mapping sysadmin tips tricks securityhttps://pinboard.in/u:asteroza/b:af38c399bfae/Fluentd | Open Source Data Collector | Unified Logging Layer2019-10-11T05:44:11+00:00
https://www.fluentd.org/
asterozalogging aggregator agent devops opensource log deliveryhttps://pinboard.in/u:asteroza/b:80f1ef7d7bad/Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic2019-10-11T05:43:42+00:00
https://www.elastic.co/products/beats/filebeat
asterozalog delivery agent software devops elasticsearch logging ELKhttps://pinboard.in/u:asteroza/b:71fa1a852753/Azure-Sentinel/Detections at master · Azure/Azure-Sentinel2019-08-23T03:54:37+00:00
https://github.com/Azure/Azure-Sentinel/tree/master/Detections
asterozaAzure sentinel SIEM log query opensource securityhttps://pinboard.in/u:asteroza/b:bf94797af252/Windows RDP-Related Event Logs: Identification, Tracking, and Investigation | Ponder The Bits2019-08-17T02:18:31+00:00
https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/
asterozawindows RDP DFIR security defense event log search recerence informationhttps://pinboard.in/u:asteroza/b:a2c3a16def2b/