curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity
1,432 Commits 5 Branches 0 Tags 39 MiB
Commit Graph

633 Commits

Author SHA1 Message Date
Ming Di Leom f36554abe8
feat(threat-hunting): Defender Incident 2025-03-13 10:08:59 +00:00
Ming Di Leom f2b06016c1
feat(threat-hunting): Regasm.exe execution 2025-03-08 07:23:15 +00:00
Ming Di Leom 556ee14d9f
feat(threat-hunting): Excessive RDP 2025-02-26 05:47:41 +00:00
Ming Di Leom ec7268cf85
chore(threat-hunting): updated date 2025-02-16 10:18:04 +00:00
Ming Di Leom b5a08380d4
feat(threat-hunting): WinrsHost.exe execution 2025-02-16 10:17:08 +00:00
Ming Di Leom 7da3ce2538
feat(threat-hunting): CDB.exe execution 2025-02-16 10:15:05 +00:00
Ming Di Leom 976d1457d1
chore(rmm-monitor): RealVNC & Dameware 2025-02-16 10:04:07 +00:00
Ming Di Leom 9ea18b1495
page(threat-hunting): cmd without extension 2025-02-08 01:07:45 +00:00
Ming Di Leom 9c02132f68
page(threat-hunting): "Rundll32 Scheduled Task" 2025-02-03 06:46:56 +00:00
Ming Di Leom afbf7f6428
page(threat-hunting): SimpleHelp,Netop,Impero 2025-02-03 06:31:29 +00:00
Ming Di Leom 42ba8a01de
page(threat-hunting): rename snow_cmdb_lookup to cmdb_ci_list_lookup 2025-02-03 06:24:49 +00:00
Ming Di Leom 7e161ee130
post(atlassian-jira-sso): clarify agent is a paid user 2025-02-02 21:33:40 +00:00
Ming Di Leom 5ad8199507
post: Atlassian and Jira portal-only SSO 2025-02-02 00:11:17 +00:00
Ming Di Leom ea7d24b3c0
page(threat-hunting): move status monitor to gitlab 
https://gitlab.com/curben/splunk-scripts/-/blob/main/itsi_im_metrics/savedsearches.conf
 2025-02-01 03:35:43 +00:00
Ming Di Leom 16b0ed9e69
chore(robots): exclude non-pages 2025-01-28 09:24:07 +00:00
Ming Di Leom d25e9662ab
page(threat-hunting): "Unusual printui.exe path" 2025-01-28 08:59:40 +00:00
Ming Di Leom 6c2d590207
post(caddy-nixos-3): intercept http 302 on gitlab pages 2025-01-26 06:37:44 +00:00
Ming Di Leom ec24fc8cb1
post(caddy-nixos-3): cloudflare images for image resizing 2025-01-19 07:29:51 +00:00
Ming Di Leom 9d88e33f02
post(caddy-nixos-3): remove more headers 2025-01-19 06:39:15 +00:00
Ming Di Leom 11da1f9216
page(about): remove teddit 2025-01-18 10:16:04 +00:00
Ming Di Leom b75c9eaf91
fix(heading-link): follow upstream example 
https://marked.js.org/using_pro#renderer
 2025-01-16 11:19:38 +00:00
Ming Di Leom bd36476125
page(threat-hunting): some queries require custom data model 2025-01-15 11:06:33 +00:00
Ming Di Leom a9c575817e
page: Splunk Threat Hunting 
migrated from https://gitlab.com/curben/splunk-scripts/-/tree/main/threat-hunting
 2025-01-15 10:59:11 +00:00
Ming Di Leom a3dbad82db
post(caddy-nixos-3): dedup config 2025-01-15 08:44:54 +00:00
Ming Di Leom 1b55924a30
chore(headers): update permissions-policy 2025-01-14 09:14:12 +00:00
Ming Di Leom 8807522149
post(splunk-app-update): update title 2025-01-05 00:32:10 +00:00
Ming Di Leom 5e7228b28c
post(splunk-app-upgrade): update title 2024-12-20 09:43:13 +00:00
Ming Di Leom e37e79b21f
post: Splunk app-level changes during an app upgrade 2024-12-12 09:46:16 +00:00
Ming Di Leom 613682c389
page(about): links to splunk threat hunting 2024-10-29 07:19:47 +00:00
Ming Di Leom b79f818ac5
fix(highlight.js): conf lang/alias does not exist 2024-10-12 22:32:46 +00:00
Ming Di Leom bdc4a74c79
post(nts-openwrt): require nts sources 2024-10-12 22:30:38 +00:00
Ming Di Leom 8e5ed045cc
post: Configuring NTS in OpenWRT 2024-10-12 02:34:27 +00:00
Ming Di Leom 5fbbd85b12
feat: cloudflare pages function 2024-10-06 20:06:16 +00:00
Ming Di Leom a4e4507882
refactor: remove microblog/ rewrite 
microblog/ is now available on mirrors
3d45602df9
 2024-10-06 08:48:59 +00:00
Ming Di Leom e6c9bc5597
fix: path-level rewrite 
gitlab pages does not support domain-level rewrite
https://docs.gitlab.com/ee/user/project/pages/redirects.html#debug-redirect-rules
 2024-10-06 07:56:48 +00:00
Ming Di Leom c0ee49adca
fix(netlify): site assets are now served from root 
433b00def7
 2024-10-06 02:42:00 +00:00
Ming Di Leom bc1d6323ea
docs: microblog branch 2024-10-04 22:49:22 +00:00
Ming Di Leom 764f66341c
build: fallback for /images/ on mirrors 
not routed by cf worker
 2024-10-04 22:21:38 +00:00
Ming Di Leom d83fd626b5
feat: prepare for /microblog/ 2024-09-28 07:09:11 +00:00
Ming Di Leom 453bcc7b39
post(aad-snow): wording 2024-09-28 04:19:49 +00:00
Ming Di Leom ab0dc636d1
post(aad-snow): AAD is Entra ID 
also fix markdown syntax
 2024-09-28 04:18:05 +00:00
Ming Di Leom 0d6c35405a
short: 24 Sep 2024 2024-09-24 09:23:03 +00:00
Ming Di Leom 27447145de
short(2024-09-15): ARA-M applet 2024-09-16 11:17:56 +00:00
Ming Di Leom 2bc80663f2
short: 15 Sep 2024 2024-09-15 06:16:12 +00:00
Ming Di Leom a728d6452f
short(2024-09-08): remove version 
applies to all versions
 2024-09-15 06:00:45 +00:00
Ming Di Leom 5b50589dc3
short(2024-09-08): remove kernel version 2024-09-08 12:11:50 +00:00
Ming Di Leom b357e71e16
short: 8 Sep 2024 2024-09-08 09:32:25 +00:00
Ming Di Leom fd96e36793
post(cf-tunnel-nixos): HTTPS SNI 
update title and links
 2024-08-25 02:22:55 +00:00
Ming Di Leom f980c7bb95
short: 23 Aug 2024 2024-08-23 09:28:58 +00:00
Ming Di Leom 86b3c6f9e6
page(about): update hexo-yam intro 2024-08-18 10:18:02 +00:00
Ming Di Leom 0f728e8067
page(about): intro to splunk-scripts & aws-scripts 2024-08-17 22:49:08 +00:00
Ming Di Leom 6fd9e236b8
post(centos-dnf-auto): mention oracle linux 2024-08-16 07:23:42 +00:00
Ming Di Leom 143367ae02
chore(post): update date 2024-07-25 12:40:53 +00:00
Ming Di Leom 4b09ff2d36
post(nixos): rename passwordFile to hashedPasswordFile 
introduced in nixos v23.11
 2024-07-25 11:06:56 +00:00
Ming Di Leom f038f71a97
post(nixos): use yescrypt password hashing only 2024-07-25 11:01:53 +00:00
Ming Di Leom d2c6db25d3
post(nixos): discourage nix-env 2024-07-25 10:55:33 +00:00
Ming Di Leom df9009f987
post(nixos): enable totp for ssh 2024-07-25 10:41:43 +00:00
Ming Di Leom 1ec281168b
page(services): add dumb & intellectual 
https://github.com/rramiachraf/dumb
https://github.com/Insprill/intellectual
 2024-07-22 10:24:47 +00:00
Ming Di Leom 58f562063d
short: 22 Jul 2024 2024-07-22 10:04:49 +00:00
Ming Di Leom f33c0a0988
page(projects): link to splunkbase 2024-07-20 09:14:45 +00:00
Ming Di Leom 48ce02ab08
page(services): add biblioreads & mozhi 2024-07-20 09:11:13 +00:00
Ming Di Leom 945d205c8d
page(services): remove nitter & libreddit 
libreddit has been discontinued
in favour of redlib
https://github.com/libreddit/libreddit?tab=readme-ov-file#%EF%B8%8F-discontinued-use-redlib-instead
 2024-07-20 06:04:24 +00:00
Ming Di Leom 3cf4e9319c
short: 18 Jul 2024 2024-07-18 08:52:49 +00:00
Ming Di Leom 4483415865
post(centos-dnf-auto): mention updateinfo.cefs.steve-meier.de 2024-07-17 09:50:21 +00:00
Ming Di Leom fbc6200c6c
short: 16 Jul 2024 2024-07-16 10:19:28 +00:00
Ming Di Leom b1c1af0af8
short: first post 2024-07-16 10:19:13 +00:00
Ming Di Leom 94cf9a7022
post: centos stream dnf-automatic 2024-07-15 12:50:33 +00:00
Ming Di Leom 4f26c5e813
style(slugize): follow gfm & vscode 
lowercase & remove dot
 2024-06-08 04:45:34 +00:00
Ming Di Leom 0fe2cfc996
page(about): fork of wikiless 
https://github.com/Metastem/wikiless
 2024-03-29 04:23:17 +00:00
Ming Di Leom 895ae8256b
page(about): redlib 
https://github.com/redlib-org/redlib
 2024-03-29 04:20:20 +00:00
Ming Di Leom 0a7f4979fc
post(splunk-app-acl): non-removable lookup 2024-03-10 08:52:52 +00:00
Ming Di Leom 5ea22c0f6d
post(splunk-app-acl): read vs write access 2024-02-24 09:43:26 +00:00
Ming Di Leom 570b22ad79
post: Applying default-deny ACL in Splunk app 2024-02-24 09:42:10 +00:00
Ming Di Leom 2bb509cd7a
page(about): update onion addresses 
nitter,teddit,libreddit,wikiless,rimgo
 2024-02-02 02:37:24 +00:00
Ming Di Leom 2d5d9c9260
page(about): add libmedium source 2024-01-28 09:37:26 +00:00
Ming Di Leom eb82ee427f
page(about): libretranslate 2024-01-28 03:54:48 +00:00
Ming Di Leom bd366c3b4b
page(about): quetre, libremdb, anonymousoverflow 2024-01-27 07:18:22 +00:00
Ming Di Leom 8db5b8f373
post(json-splunk-uf): clarify indexing pipeline order 2024-01-05 08:04:02 +00:00
Ming Di Leom 816702f3f8
post(json-splunk-uf): ingest json-formatted api response 2023-12-05 11:26:12 +00:00
Ming Di Leom 7e84f19a3b
page(about): phishing-filter is not enabled in uBO 2023-11-04 02:38:47 +00:00
Ming Di Leom d701439f92
page(about): mark pup-filter as inactive 2023-11-01 07:56:23 +00:00
Ming Di Leom 396a77f5a6
post(json-splunk-uf): props.conf can be deployed through a custom app 2023-10-02 02:47:53 +00:00
Ming Di Leom 860155fa55
post: Query LOCKOUT and PASSWORD_EXPIRED flags on Splunk SA-ldapsearch 2023-09-30 21:45:33 +00:00
Ming Di Leom 1aea0927bf
post: Azure AD SSO integration with ServiceNow 2023-08-27 11:53:04 +00:00
Ming Di Leom 67a19d7844
post(json-splunk-uf): source type can be configured through Splunk Web 
especially for Splunk Cloud that provides no access to props.conf
 2023-08-13 10:13:03 +00:00
Ming Di Leom c96f348ca5
post(ctrl-h-backspace): add more tags 2023-08-06 06:05:32 +00:00
Ming Di Leom 4097fcc273
docs(services): add LibMedium 
https://github.com/realaravinth/libmedium
 2023-07-22 09:28:20 +00:00
Ming Di Leom ac5fccf505
post: Mapping Ctrl+H to Backspace in terminal emulator 2023-07-17 10:40:41 +00:00
Ming Di Leom d47131e6b7
post: Configure Splunk Universal Forwarder to ingest JSON files 2023-06-17 11:09:52 +00:00
Ming Di Leom 483c071f01
post: Malicious website detection on Splunk using malware-filter 2023-04-16 06:08:55 +00:00
Ming Di Leom bb1a561060
page(about): details on website architecture 2023-02-26 11:10:54 +00:00
Ming Di Leom 8af4676245
post(caddy-plugins): clarify Nix sandbox 2023-02-26 04:55:58 +00:00
Ming Di Leom 45942ebafb
page(about): update architecture diagram 2023-02-25 06:54:58 +00:00
Ming Di Leom 658261f619
post(caddy-plugins): xcaddy workaround in 22.11 
- https://github.com/NixOS/nixpkgs/issues/89268#issuecomment-1435642986
 2023-02-23 10:54:47 +00:00
Ming Di Leom 94da2a438e
post(ssh-cert): nixos should use AuthorizedPrincipalsFile 2023-02-21 07:00:41 +00:00
Ming Di Leom 7b19b136c7
post(ssh-cert): consistent example domain 
and simpler title
 2023-02-18 09:39:33 +00:00
Ming Di Leom 3775e75d90
post(ssh-cert): updated date 2023-02-16 09:03:46 +00:00
Ming Di Leom 72b5cdcc67
post(ssh-cert): matching email to different user 2023-02-16 09:03:15 +00:00
Ming Di Leom 26228eba94
post(ssh-cert): usage monitoring 2023-02-14 09:04:08 +00:00
Ming Di Leom 392170d9ca
post: SSH authentication using short-lived certificate through Cloudflare Tunnel 2023-02-13 10:50:06 +00:00