Tim Sonner timsonner

Remove bloat from Gnome/Debian Trixie

sudo apt purge --autoremove -y \
  gnome-software gnome-software-plugin-deb gnome-software-plugin-fwupd \
  "libreoffice*" "mythes-*" "hyphen-*" "hunspell-*" \
  "fcitx*" "mozc*" "anthy*" ibus-anthy "hdate*" \
  "dict-*" "goldendict*" \
  "mlterm*" xiterm+thai \
  thunderbird yelp \
  gnome-calendar gnome-weather gnome-contacts gnome-maps gnome-dictionary \

Bash Bangers

Copy 1st line from file, insert into first line of another file

awk 'NR==1' test.py | xargs -I{} sed -i '1s/.*/{}/' slice.py

Setup Python debugger pdb in file

Parse failed logins - Linux

Extract IP addresses from /var/log/secure

grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' /var/log/secure | sort| uniq -u

Extract usernames from failed login attempts from lastb

lastb | awk '{print $1}' | sort | uniq -u

Kali setup

# Get rid of Kali xfce
apt remove kali-desktop-xfce --allow-remove-essential
apt purge kali-desktop-xfce --autoremove
# Install xfce
apt install xfce4 lightdm
# Get rid of firefox
apt remove firefox-esr --allow-remove-essential

Linux SSH server setup and key pair generation

SSH server setup

# Install SSH server
apt install openssh-server
# Enable SSH server on startup
systemctl enable ssh
# Check SSH server status
systemctl status ssh

OpenCTI docker setup for MacOS

Clone OpenCTI repo

git clone https://github.com/OpenCTI-Platform/docker.git
cd docker

Create .env file for OpenCTI setup for MacOS (use official docs for windows/linux)

create-env.sh

ProxMox Developer Workstation setup

Install ProxMox as usual
Edit /etc/network/interfaces to reflect the correct IP and interface of ethernet adapter
Edit /etc/resolv.conf to reflect DNS server, likely gateway of router or switch

Once internet connection established, install gnome

apt install gnome

PowerShell - View Windows Security Event Logs

A reference for triaging security alerts

Common Event IDs

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx

Event ID	Description
4624	An account was successfully logged on
4625	An account failed to log on

	OPENCTI_ADMIN_EMAIL=admin@opencti.io
	OPENCTI_ADMIN_PASSWORD=ChangeMePlease
	OPENCTI_ADMIN_TOKEN=$(cat /proc/sys/kernel/random/uuid)
	OPENCTI_BASE_URL=http://localhost:8080
	OPENCTI_HEALTHCHECK_ACCESS_KEY=$(cat /proc/sys/kernel/random/uuid)
	MINIO_ROOT_USER=$(cat /proc/sys/kernel/random/uuid)
	MINIO_ROOT_PASSWORD=$(cat /proc/sys/kernel/random/uuid)
	RABBITMQ_DEFAULT_USER=guest
	RABBITMQ_DEFAULT_PASS=guest
	ELASTIC_MEMORY_SIZE=4G

	# CVE-2024-25600 (Bricks Builder RCE)

	import requests
	import sys
	import urllib3
	import re

	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

	def fetch_nonce(target_url):