Baric's knowledge Base
  • Baric
  • Security Programs
    • OSINT
      • Web Server Search
        • Censys Search
        • Shodan Exploits Search
        • Criminal IP Search Engine
        • Shodan Search
        • Zoomeye search
        • FQFA Search
        • Odin Online Device Search
        • LeakIX a site for finding leaks
        • Site Email Finder
      • Url scanning / testing online sites
        • Web Check
        • URLDna
        • Cyscan
      • OSINT Websites
        • Hackers-Arise
        • Hunter.io
        • Darkdump
        • OSINT people data
        • VPN & Proxy IP Detection Tool
        • IP2Proxy Proxy Detection
        • IP Address Lookup
        • Use this Ip-locator
        • Library Of Leaks
        • Pugrecon
        • Advanced search for Youtube
        • FilePhish
      • Counter OSINT
      • The Inspector
      • Blackbird
      • Bruter IP locate
      • Cloudmare
      • Cr3dOv3r credential reuse attacks
      • EMM OSINT SUITE
      • Gvision image location finder
      • Infoooze Osint
      • Iplocation Lookup
      • Linkedin Dumper
      • Metabigor OSINT tool
      • Netlas.io
      • NetSoc_OSINT socal media
      • OpenSquat
      • (API) OSINT Mantra
      • OSINT SPY Search using OSINT
      • OSINTUI
      • Sherlock OSINT
      • Snoop Project OSINT
      • Sublist115R
      • Ominis OSINT Toolkit Web-Search
      • X-OSINT
      • Eyedex find open server files
      • WhatsMyName
      • LeakSearch Tool to search password dumps and breached DB
      • Skytrack track planes
      • Tookie-osint
      • Telegram Explorer
      • Telegram search
      • You-Get download media contents (videos, audios, images)
      • Hawker Osint
      • Git Leaks
      • ShipXplorer tracking ships
    • Security FrameWorks
      • (docker) OffensiveDocker
      • ICS Security training
      • Catherine framwork
      • Ducksploit framework
      • InviZzzible VM tester
      • KitSec Framework
      • Opencti
      • Opensearch
      • Spellbook Rapid Development of Reusable Security Tools
      • Metasploit
      • W3af (Web Application Attack and Audit Framework)
      • Metasploit
      • AttackGen
      • Ronin-Recon
      • BetterCap
    • Threat Hunting
      • AIMOD2 Threat Hunting Framework
      • (IR) Untitled Goose tool
      • Bitlocker attacks
      • MISP Threat Intelligence Sharing Platform
      • Threat Hunting keywords
      • Velociraptor threat hunter
      • Win32 Offensive Cheetsheet
      • Introducing the REx: Rule Explorer Project
      • Awesome Threat Detection and Hunting
    • Shells
      • (py rat) WCE Windows Commander and Exfiltrer
      • (proxy_reverse shell) Stowaway
      • CaveCarver
      • Hoaxshell Reverse Shell
      • JavaRat
      • Keres PE reverse shell
      • Ninja_shell Portknocking
      • RAT- Collection
      • Sandman NTP
      • SCShell
      • SharPersist Windows persistence shell toolkit
      • Shell GPT
      • SocialX
      • Spark RAT tool
      • Stormbreaker
      • Villain Backdoor generator
      • WMiexec pro shell
      • Reverse Shell Generator
    • Reverse Engineering
      • (file navigator) Eviltree remake of tree command
      • (debugger) DnSpyEX
      • (Forensics) Forensictools
      • (lib_tool) MemProcFS ram forensics
      • (RE) Capa
      • (RE) Cyberpipe
      • (RE) Docker packing box
      • wwwtree
      • BLINT ELF, EXE vuln scanner
      • Ciphey automated decryption tool
      • EaseUS Undeleter
      • IATelligence Import Address Table (IAT) from a PE
      • laZzzy shellcode loader
      • PyOneNote parser
      • RE android app apk.sh
      • Recuva Undeleter
      • Reverse Engeneering Tools and Addons
      • Ubsym Bin Vuln Scanner
      • Volumiser VDMK_HDD Explorer
      • X64DBG RE debugger
      • Forensics - RecoverPy Un-delete Data
      • YaraDbg
      • Interactive PDF Analysis
      • Indetectables Toolkit
      • Binwalk
      • lightweight multi-architecture assembly playground
    • Phishing
      • Phishing Sites
        • Fake Site URL lookup
        • Phishtank URL lookup
        • Cert.pl malicious domains
        • Free Online Tools for Looking up Potentially Malicious Websites
        • Openphish
        • Urlscan + api
        • CheckPhish URL Checker
        • Artists Against 419 spam
        • Find Certs of newly added sites
        • UrlDna Website Breakdown
        • Free Phone Validation Lookup
        • Phishing URL Checkers
        • Phishing with Google Calendar
        • Scamminder
      • BeEF
      • (defense) Conan account finder
      • (defense) Mailto analyzer
      • Clifty Phishing tool
      • Evil no vnc phishing
      • Evil Qr
      • Evilginx 3.0
      • Gophish
      • Poastal
      • Squarephish phishing
      • WhatMail email header analyzer
      • DNStwist phishing domain scanner
      • Discord-QR-Scam
      • CuddlePhish
      • domain-park
      • VOIP phone services
        • Jitsi phone
        • Microsip Phone
        • 3CX phone
        • BRIA formally X-lite phone
        • linphone phone
      • HEDnsExtractor
      • CyberPhish
      • PhishMailer
    • Browser Tools
      • Tamper Monkey Extension
      • Mercurial Grabber
      • (py) Decrypt Chrome Passwords
      • browser forensics
      • BrowserHistoryView
      • ChromePass
      • SharpWeb
      • Stalking inside of your chromium
      • HackBrowserData
      • Stratosphere Browser Recorder
      • Monolith
      • Browser.lol
      • Mitmproxy - open source interactive HTTPS proxy.
      • BrowserGhost get browser data
      • BrowserAudit
      • I-See-You
      • DB Browser for SQLite
      • CursedChrome
      • SOC Multi-tool
    • Mobile
      • ApkHack Backdoor
      • (IOT) MQTT Explorer
      • APKLeaks Scanner
      • Ghost Track
      • Moriarty project
      • OWASP (MAS) Mobile Application Security
      • PCAPdroid
      • Phonesploit pro
      • R4ven mobile ip and location
      • Rafel Android RAT
      • Seeker get location
      • Striker app
      • Symbiote camera access
      • Tiny check
      • Android RAT with Firebasedb
      • NetGuard App internet limiter
      • BlueSpy
      • BlueToolkit
      • DH-Hackbar
      • Sippts VoIP Scanner
      • Frida Script Runner
      • B4Bomber Android Version
      • SocialSploit
      • ApkdeepLens Vuln scanner
    • Audit and Scanners
      • OpenVAS/Greenbone
      • Nikto Scanner
      • OpenSCAP
      • (linux) Vuls agentless vuln scanner
      • Lynis (Linux or mac) vuln scanner
      • Trivy scanner
      • Clair Scanner for docker containers
      • Sploitscan .py
      • OWASP Zap
      • ZMap Internet Scanner
      • nrich IP vuln scanner
      • Viper
      • kscan rdp bruite an network scanner
      • Above network vuln scanner
      • GoGo port scanner
      • GobyVuls
      • Flan scan network vulns
      • Goscan vuln scanner
      • aFrog vuln scanner
      • TPM 2.0 vuln scanner
      • osv-scanner by google
      • Sirius scanner vulnscan opensourced
      • Envizon network visual and pentesting
      • Arkime packet scanner
      • CredSweeper
      • WiDefend RAT scanner
      • Ludvig container,FS and github vuln scanner
      • Grype container img vuln scanner
      • extAnalysis vuln scanning
      • Python network port scanner
      • Universal Scanner network
      • Soldr endpoint detection scanner
      • dep-scan security audit
      • smbeagle filesahare audit tool
      • Fenrir linux incator of compremises scanner
      • Parchu web vuln checker
      • Angry IP scanner
      • Nuclei Scanner
      • rmap
      • Slooth Security Vulnerability Search and Management System
      • Wireshark
      • TcpDump
      • grype docker and file system scanner
      • APTRS vulnscanner
      • Microsoft Attack Surface Analyzer
    • Windows
      • NETworkManager
      • Ntlmscan
      • Onedrive_user_enum v2.00
      • PersistenceSniper
      • PingInfoView
      • Policyplus local gpo editor
      • PowerlessShell
      • PS2 powershell port scanner
      • Powersharppack
      • PXEThief
      • Pyrdp monster in the middle
      • RegistryExtraction py
      • Roadtools azure ad
      • SharpExchange Exchange server communicating
      • Snaffler AD sniffer
      • SharpRDPHijack
      • SSH Putty bruteforcer
      • AD - HEKATOMB scan and crack
      • AD - Pen-test Powershell Tools Modules
      • AD - Privileger
      • AD - LinWinPwn AD vulnScanner
      • (event log reader) APT Hunter
      • log - WELA (Windows Event Log Analyzer)
      • packer exploit - macropack community
      • powershell - DomainPasswordSpray
      • powershell - MFASweep
      • LocalAdminSharp
      • SMB - RSMBI Scanner
      • AD LDAPnomnom extract usernames
      • AADinternals
      • AD Ping castle
      • AD PywerView
      • AD scrape ScrapingKit
      • AuditPolCIS
      • AzureGoat vuln AD emulator
      • Azure AD password checker
      • BadZure misconfigured Azure AD
      • C# azure offensive tools list
      • Chainsaw
      • CrackMapExec
      • Dir2json directory listener
      • DNSTake scan for missing dns zones
      • ETWMonitor
      • Game of Active Directory
      • GetLAPSPassword
      • Grouper 3 find vulns in AD GPO
      • Hayabusa windows log analyser
      • Invoke ADEnum
      • Invoke PowerExtract
      • Isassy remote cred extractor
      • MFASweep powershell check user for mfa
      • Microsoft AttackSurfaceAnalyzer
      • TrlDNet file type finder
      • Windows computer basic security checks
      • Windows dedfender remover
      • Windows LOLDrivers scanner
      • WinPWN
      • StandIn AD post compromise toolkit
      • Starkiller
      • Token Universe
      • Go-Secdump
      • Microsoft Activation Scripts (MAS)
      • Total-Recall Microsoft recall reader
      • NetworkMiner
      • PowerHuntShare
      • SharpBruteForceSSh
      • AzureGraph
      • MDEtester
      • HDCleaner
      • TweakPower
      • RegCool
      • EventLogViewer
      • RegShot
      • Process Monitor
      • Process Hacker
      • AutoRun
      • TCPView
      • Dependency Walker
      • Sandboxie Malware Sandbox
      • Windirstat
      • HXD Hexeditor
      • Unlocker File Unlocker
    • Bug Bounty
      • Online Resources
        • Dorking
          • List OL Dorks
      • Burp Community (free version)
      • Caido (burp alt)
      • Ghauri SQL injection
      • Open bullet pen-testing tool
      • FirebaseExploiter
      • Easy Scan website scanner
      • (git) Nosey Parker
      • Artemis web vulnerability scanner
      • PHP Cookie Stealer
      • Lookyloo website tree graph
      • Jira-scan
      • Stealerium key logger
      • Naabu site port scanner
      • Socialhunter
      • Klyda form password spray
      • WordPress scanning tool
      • Jbin-website-secret-scraper
      • ReconBulk subdomain
      • PyMeta site extracter
      • Interactsh opensourced burp
      • WafWoof
      • WhatWaf waf finder
      • Endext endpoint scraper
      • Python recon scripts web auditing
      • DomoArigato audit robox.txt
      • Amass OWASP web scanner
      • Feroxbuster
      • FOFA Viewer web scanner
      • BHEH's SecretOpt1c scanner
      • (bugbounty) Wildcrawl
      • CMSmap website vulnscan
      • SQLMap
      • GraphQLmap
      • (vuln scanner) Web Security Scanner
      • FFUF fuzzer
      • Shodan Scrapper
      • TruffleHog
      • Kiterunner
      • Arescan Advanced Directory Discovery Tool
      • Caido web app audit
      • Gungnir - Domain cert monitor
      • Scilla
      • WebCopilot
      • Subdominator
      • Web-Check: The Ultimate Toolkit for Website Analysis and Security Assessment
      • DorkGPT
      • Hexa Keylogger
      • Lazy Dork
      • AdminDirectoryFinder
    • Privacy
      • Privacy Sites
        • Fake Name and Information generator
        • Fake Profile Picture Generator
        • Burner Emails
        • Burner Phones Numbers
        • Mailfence
      • Tor
        • Tor-Bot Dark-web scanner
        • OnionScan - Tor
      • I2P
      • OpenVPN
      • Proxxy - a proxy scraper
      • Opera-proxy
      • Gluetun VPN client
      • Mullvard browser VPN
      • Tailscale VPN
      • Google Results about you
      • Fireprox
      • Proxycannon-ng
      • Gigaproxy
      • White Intel - A DATA ANALYTICS TOOL FOR DETECTING BREACHES FROM INFORMATION STEALERS
      • (Paid) Private Internet Access
      • Privacy.sexy
      • Personal privacy checklist
    • Useful Online Links
      • Hugging face AI LLM models
      • Hunter internet device finder, like Shodan
      • JSONcrack
      • Knowledge Base by offsec
      • Microsoft Build code examples
      • MITRE ATT&CK information
      • Proxy Servers Site
      • Russian Search Engine
      • There's a AI for that
      • Tiny Tools
      • World Eventmap
      • Youtube Downloader
      • TinEye Reverse Image Search
      • Browser exploit CTF challenges
      • Blackhat Russia Tools
    • Spiders and Scrapers
      • NodeCraw
      • WebPalm
      • SpiderSuite
      • SmbCrawler
      • Bright data web scraper browser
      • Webscrape get email and phone
      • Jsoup: java HTML parser/scraper
      • HttpLoot
      • Katana Spider
      • G-Scraper
      • Email Crawler
      • creepyCrawler
      • Maxun auto web-scraper
      • Scraperr Spider
      • Scrapling Web-Scraper
    • Command and Control
      • Merlin C2
      • Periscope C2
      • ShadowForge C2
      • Primus C2
      • C2 Hunter RE
      • SharpFTPC2
      • Google calender Rat (C2)
      • MaccaroniC2
      • Nimbo-C2
      • Havoc C2 Server
      • Mystic C2
      • Silver C2
      • Striker C2 Recon & Vulnerability Scanning Suite
      • Hades c2
      • Phoenix C2
      • Supershell C2
      • Emp3r0r C2
      • C# Hardhat C2
      • AM0N-Eye C2
      • Python Pupy RAT
      • Python TrevorC2
      • Python Weasel DNS beacon C2
      • Cisco ASA Anyconnect faker
      • C# rasta-mouse SharpC2 server
      • Overlord - red team automation
      • Redblood C2
      • Nemo post-exploitation framework
      • Discord as a C2
      • Octopus C2 Server
      • Empire C2 framework
      • RedGuard C2
      • convoC2
    • HoneyPots
      • Honeypots
      • Respotter
      • HoneyDB
      • Dionaea honeypot - Building a Honeypot to Capture Zero-Day Exploits
      • HoneyPots 20+
  • Development
    • BOF and Coff Executers
      • COFF Loader
      • (golang) Doge-COFFLdr
      • community BOF plugins colbolt strike
      • kernal coff loader
      • Running Cobalt Strike BOFs from Python
      • RunOF BOF executer
      • BOF.NET - A .NET Runtime for Cobalt Strike's Beacon Object Files
    • Code Scanners
      • Mobsfscan android safe code scanner
      • Sourcegraph search github codebase
      • grepmarx
    • Databases
      • MySQL Fake Server
      • Beekeeper studio remote SQL viewer
      • SQLite and Nodejs
      • ChartDB
      • Metabase
    • Docker
      • Remap Ports
      • Basic commands
      • Security Playground
      • Install docker-compose on linux
      • Awesome Compose Docker
      • Nginx-proxy-manager docker
      • Compose Craft
      • Docker Linux Server
      • ntfy.sh | Send push notifications to your phone or desktop via PUT/POST
      • Docker Self hosted collection
    • API and Scraping Sources
      • Scraping
        • CVE feeds
        • CVEDetails - site
        • CVE PoC - github
        • NVD CVE Search - site
        • Packet-storm Exploits search - site
        • CVE shodan JSON endpoint
        • Cisco Talos CVE reports and zero-days
        • Zero-Day.cz
        • Zero-Day Initiative
      • Github Data Sources
        • Pinokio AI Collection
        • Mail checker list of bad email domains
        • Motikan2010 (sec)
        • C2-tracker
        • Nomi Sec (Exploits)
        • IPsum bad IP's
        • romainmarcoux bad IP addresses
        • Data-cve-poc Exploits
        • Free Threat Intel/IOC Feeds
      • (paid) Text message api
      • (api) internetdb.shodan.io
      • Awesome-security-Apis
      • Clemiller ATT&CK v12.1 Enterprise
      • Cve Score API
      • Dummy Json products
      • Password Purgatory
      • REGEX pattern database
      • (api) Scamadvisor api
      • Telegram-API: a Python-based open-source tool for Telegram
      • Vuln feed alot abit
      • VX-underground malware API
      • Markdown badges API
      • Weather alerts Api
      • Wordlist API
      • Alienvault threat feed API
      • IP2Location
      • WebCheck API
      • Wordlists specially for API routes fuzzing
      • (paid) Netify Network intel
      • (semi free)IPHQ Fraud and Cyber Threats API
      • API-Security-Checklist
      • Scamalytics IP Search API
      • AbuseIPDB API IP checking
    • Microsoft KQL
      • KQL hunting email Queries
      • KQL hunting with Azure and Log Analytics
      • KQL Hunting URLS Queries
      • KQL Identity-based Attacks
      • KQL search
      • KQL Github Pages
      • Generate KQL queries
      • KQL Hunting-Queries-Detection-Rules
      • KQL Sources
    • AD PS Commands
      • Microsoft online Cloud Shell
        • Commands
        • Help
        • 365 Powershell Commands
      • ( AD ) Active Directory Powershell Commands
      • AD command website
      • Azure Active Directory Powershell Commands
      • Network Powershell Commands
      • Powershell port scanner
      • Set service recovery options in powershell
      • Powershell Gallery
      • Basic Powershell commands
      • Push notification Windows ps1
      • Run app with Admin creds through powershell
      • Powershell Auditing Commands
    • HomeLab
      • Awesome-Self hosted collection
      • Docker Apps
        • Rancher Kubernetes cluster
        • Portainer Docker Management
        • DocCat
        • Dashy HomeLab Home page
        • Huginn Agents
      • ISO's
        • (windows) atlas OS
        • (Paid) Acronis True Image
        • Chimera Linux gaming OS
        • Commando-VM pen-testing suite for windows
        • Cyberpunk OS osint
        • Flare-VM Malware reverse engineering image
        • Hiren BootCD PE
        • KVM hypervisor Ubuntu
        • MedCatUsb live disk
        • OSINT VM
        • Pxeboot
        • Qubes OS hypervisor 1, Vm
        • Sherlock Osint os
        • ShredOS -Disk Eraser
        • Slingshot Linux Distribution
        • Sonatype Nexus3 Docker
        • ThreatPursuit-VM threat hunting suite for window
        • Ventoy
        • Windows 7 and 8 Download
        • Windows keys cheep
        • Windows security sandbox tools testing Vulns
        • wiztree hdd analysis windows
        • CSI Linux OSINT OS
        • UUP dump
      • Zabbix Monitoring
        • Agent install
          • Windows
          • Linux
      • Pi Weather Station
      • NetAlertX
      • MISP threat Management/Hunting
      • PiholeBlockList
      • Windows Development Server
      • Education Labs
        • VulHub Vulnerable docker Image
      • Media Server Torrents
      • Gitea Self-hosted Github
      • Performa Network Monitoring
      • Cockpit Project Headless Linux Server Controller
      • ipam server
      • PRTG network solutions
      • Monitoring domain controller with TIG suite
      • How to install NetHunter on TicWatch Pro
      • Sniffnet network monitor
      • openDns Web filter home
      • Exchange Server
        • Install exchange server
        • Exchange Create incident reports
      • Cisco Catalyst Switch
        • Finding Device IP
        • Adding and deleting VLANS
        • Turn on telnet and web UI
        • Modding config file
        • Show Command
        • Basic Commands
        • Connect to Switch
      • Rath Data Analysis and Visualization tools
      • BlueWave Uptime
      • Windmill Automation
      • Activity Watch
      • Checkmate
      • JetKVM IP based KVM
      • Myspeed testing and keep network speeds
      • GOSINT - Open Source Threat Intelligence Gathering and Processing Framework
      • GGH
    • Compliance
      • Self Audit Procedures
        • Cmmc
          • Level 1 assessment
          • Level 2 assessment
          • Level 1 and 2 task list
        • Nist
          • NIST SP 800-171r3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organiza
          • Nist 800-171 R2 task list
          • NIST 800-171 PDF
        • Audit Reporting
          • pwndoc-ng
          • MSTIC Jupyter and Python Security Tools
          • APTRS reporter
          • SYSreporter
          • Kracken cracked PW reporter
          • Security Incident Handling Guide
          • DFIR TEMPLATES
          • Sans Policy template list
          • Pentest report template
        • Risk Management
          • Top misconfiguration networks
          • Control Categories
          • IT Disaster Recovery Plan
          • Assessment & Auditing Resources
          • (EPSS) Exploit Prediction Scoring System
          • What is zero trust
          • Risk Management basic steps
        • Dora - Digital Operational Resilience Act
        • FAR Federal Acquisition Regulations
        • Epeat Usable Devices
        • Harden Windows Security
        • Active Directory security assessment using PowerShell
        • What is EDR and XDR
        • What is IAM (Identity and access management)
        • What is PPI (Private Personal Information)
        • What is PAM (Privileged access management)
        • Account compromise procedure
        • End of life policy
        • (SPRS) Supplier Performance Risk System
      • PDQ
        • Commands
      • Entra Admin Center - Conditional Access
        • Conditional Access Manage named locations and IP ranges
        • Conditional Access - Block unknown or unsupported device platform
        • Microsoft Entra conditional access: block access by location
        • Azure AAD create a alert to email when conditional access and Audit logs catch a oddity
        • Apply Conditional Access Policy to Microsoft Copilot
        • Conditional Access block Microsoft Azure CLI
      • Password Auditing
        • DSInternals
      • GRC Tools (Governance, Risk, and Compliance)
        • CISO Assistant
        • Soc Chef Policy Creator
    • Siems and EDR
      • Splunk
        • Install
        • Splunk forwarder
          • Install forwarder via Powershell
          • Windows Defender event-viewer and logs
          • Powershell History Logs
        • Log Locations
        • Search Queries
          • Windows Detailed activity properties in the audit log
          • SPL Breakdown
          • SPL
        • Create a email alert
        • Monitoring a file from a PC
        • Resources
          • Detecting Business Email Compromise Using Splunk
          • Install Splunk AI Assistant for SPL
          • Turning on File Folder Auditing
          • Uploading lookup table csv file
          • Export Splunk results to CSV file
          • Open-source detection rules like SigmaRules and Splunk ESCU rules
          • Splunk research Detection, Analytics Playbooks and stats
          • Teams Detailed activity properties in the audit log
        • Creating Graphs and Dashboards
        • Splunkbase Apps
          • Splunkbase App Values
          • Verkada Splunk Integration
          • Microsoft teams add-on for Splunk
          • Add Bit-warden to Splunk
          • Top Splunk Apps
          • MITRE ATT&CK App for Splunk
          • Splunk Enterprise Security
        • Create/Modify User account
        • Stop auto logout
        • Splunk Deployment Server
          • Deployment Resources
          • Other Types of Deployment Servers that can be used
        • Calling Rest API from Splunk
        • Splunk Python Lookup Script app Development
        • (Settings) Data Inputs + Scripting Examples
        • Splunk Soar
          • Install SOAR
          • Connect Splunk Enterprise With SOAR
      • Wazuh
        • Default register agent config
        • Monitoring process to look for a app running
        • Alert number in wazuh
        • Custom Rules
        • Adding windows defender logs
        • Malware test files
        • Wazuh training
        • Wazuh remote commands endpoint agent
        • Wazuh to allow ssh to machine
        • Wazuh osquery
        • Wazuh manager server and agent upgrade
        • Wazuh download
        • Wazuh API
        • Wazuh agent (edit)
        • Custom Log File
        • location of config file
        • Make a user in wazuh and adding perms
        • Proof of concept guide
        • Wazuh endpoint agent custom config elements
        • Wazuh debug logs
        • Wazuh email notification
        • Wazuh moniter office 360
        • Wazuh making and modifying user groups
        • Wazuh Siem/EDR
      • Gravwell
        • Queries
        • Gravwell Docker Install
      • OpenEDR
      • Data for SIEM
        • IP from Companies
          • Microsoft
          • Google
          • misp-warninglists and tools to scrape
          • Azure cloud IP Addresses
          • T-mobile IP Geo location
          • Verizon Wireless IP Geo Location
        • VPN IP
          • VPN (nord, proton, ...)
          • Proton VPN and Data Centers
        • IP Block-Lists
          • domainthreat
          • Blocklist.de
          • Scam-Blocklist
          • Blocklist-ipsets
        • Malicious User Agents
          • User Agents
        • Proofpoint Emerging Threats Rules
    • Graphing Tools
      • Figma Program Graphing
      • Photopea
      • Mind map creating diagrams
      • OpenFreeMap
      • Data Formulator turn CSV files to graphs
    • Website Dev
      • RevolverMaps
      • Emailerjs
      • Kaspersky CYBERTHREAT REAL-TIME MAP
      • SafeLine WAF
      • (build this)fake captcha page
      • Bunker Web Waf
      • thttpd - tiny/turbo/throttling HTTP server
    • Lanuages
      • Node
        • Lets Encrypt
        • Quick start node
        • Gmail API retrieve emails from gmail
      • Golang
        • Quick start Go
      • Library
        • Mercy Rust lib pentesting
        • Offensive cpp
        • Graftcp
      • Python
        • Python to EXE file
        • Pwntools python lib
        • Python-For-Cybersecurity
        • How to Launch an HTTP Server in One Line of Python Code
        • Virus-Builder
        • Server Agent example Squidnet bot
        • Impacket Pentesting lib
        • NiceGUI python UI Lib
        • Mac - Python starting a venv
      • bash
        • Check for Leaked Passwords on HaveIBeenPwned
    • GitHub
      • Make Personal tokens for use in your programs
      • OpenSauced github repository finder
    • Gaming
      • Ryujinx Switch Emulator
      • Runescape Botting
        • osBot
          • {1} how to begin
          • {2} basic script
          • {4} helper methods
          • {3} building script
          • {5} accessing the Inventory, Bank, Player, etc. instances
          • {6} Positions, areas and moving the player
          • {7} Entities (Players, RS2Objects, NPCs and GroundItems)
          • {8} Interactions
          • {9} Sleeping
          • {10} Items and ItemContainers (Inventory, Bank, Equipment, Store, ...)
          • {11} Filtering
          • {12} Widgets
          • {13} Painting, messagebox
          • {14} Putting it all together
          • {15} Adding a GUI
          • osrs botting software
          • resources
          • Where to mine
        • OSRSBot
          • OSRSBot basics
        • runeLite
          • Runlite dev setup
      • World of Warcraft on a Steam deck
    • Cursor AI code editor
  • IT Help
    • Windows
      • SYSAdmin
        • Tools
          • Psfile
          • Active Directory Explorer v1.52
          • ShareEnum file share Enum
          • ADRestore
          • Autologon
          • Active Directory Download link
          • notMyFault windows crashing tool
          • TestLimit
          • Windows password recovery tools
          • Install Active Directory Tools 10 and 11
        • Export OneDrive usage report in Microsoft 365
        • How to Configure High Volume Email in Microsoft 365
        • Monitor connected remote clients for activity and status
        • Windows common commands enum
        • Commands Group policy updating an checking status
        • Audit Active Directory in windows
        • Common Microsoft Resources in Azure Active Directory
        • Audit Microsoft 365 logs
        • Windows Triaging with Powershell — Part 1: Parsing Event Logs
        • How to Give OneDrive Access to Another User
        • List of devices connected to Microsoft
        • Check who has remoted in to a PC
        • Diskpart Format Disk
        • Active Directory – How to track down why and where the user account was locked out
        • Take User out of cached exchange mode in settings
        • Commands Group policy updating an checking status
        • Clear Windows Creds
        • (Purview) Microsoft 365 - How to create an alert policy
        • Making a AD group and adding a security policy
        • Azure event codes
        • Delaying a service starting in Microsoft
        • Block a message from being sent or received based on the file name extension of the attachment
        • Renew a root CA certificate
        • Plan and deploy on-premises Microsoft Entra Password Protection
        • How To Make An Automated Windows 11 Install USB, Updated for 2025
      • Office Product
        • Classic Outlook desktop can't read encrypted email
        • Create a desktop shortcut for an Office program
        • How to Disable access to install Office add-ins
        • Outlook shared email location
        • Excel Developer Tab in ribbon
        • Create Outlook Rule to Forward Incoming E-mails
        • How to Create Distribution Lists in Outlook
        • Hard delete mailbox without deleting user account in Microsoft 365
        • Send automatic out of office replies from Outlook.com or Outlook on the web
        • How to remove a saved email address from Outlook's autocomplete List
        • Outlook 365 unthreading email replies
        • How to Force Outlook(Classic) to Update the Job Title
        • Block or unblock senders in Outlook
        • Install Microsoft Projects
        • Outlook Send as or as behalf Email
        • How to make lined paper in Microsoft word
      • Group Policy
        • Configure User’s Folder Redirection with Group Policy
        • Make Edge open a custom site
        • How to unlink and link GPO policies
        • Creating a Security Group, adding to folder and Disabling Inheritance
      • How to uninstall a program through windows command prompt
      • Change Password in windows and mac
      • Reinstalling RDP on a windows machine
      • Microsoft .net 3.5 keeps popping up and wont install
      • Flare-VM Sandbox Guide: Creating an Isolated Lab Environment for Malware Analysis & Reverse Engineer
      • Add swap memory to lower ram devices
      • Limit what the account can logon to an hours accessed
      • How to delete user profiles windows
      • "HTTP Error 503. The service is unavailable" then browsing to /ECP "exchange 2019"
      • How to disable "shake to minimize" on Win10
      • Check who has remoted in to a pc
      • Download and exe payloads from DNS
      • C# 2013 Default certificate could not be created. Publish aborting
      • Windows S mode disable
      • EventLogging
      • TCP packet cheat sheet
      • Common ports and services
      • Edge How to create a shortcut that launches a non-default-browser to a website
      • Windows 11 camera not working Error: 0xA00F429F
      • Native Bypass CredGuard
      • Schedule Automatic Reboots Using Task Scheduler Reboot
      • Windows server 2022 not able to default view image files like png, jpeg and ext ...
    • Mobile
      • Enter Android’s Bootloader
      • Set Up Microsoft Authenticator
    • Programs
      • Make A OVA file from you virtual box VM
      • Adobe XI redact location
      • Yubikey Manager
      • Security Camera ExacqVision Key Shortcuts
      • Forensic Analysis of LNK Files
      • How to Enable and Disable Sync in Chrome and Edge
      • Cisco Wi-Fi not working how to Unblock IP in barracuda
      • Chrome & Edge Import export bookmarks
      • How to Create Multiple Chrome Profile Shortcuts on Your Desktop
      • 7zip opening vdmk file
      • Add VMware tools to Debian
      • Forensics make a live copy of PC
      • Forensics get LM hash from windows PC
      • Hyper-V
      • Resetting Windows 8.1 Password Hack
      • Finding encrypted files on PC
      • PDQ
        • PDQ Connect
          • Install Agent
          • Offline Computer Target
          • Deploy to Device
      • Hyper-v Make Linux full screen
      • Linux Firewall commands
      • PowerDNS and PowerAdmin rocky linux
      • Find saved passwords on PC
      • How to Fix “iMessage is Signed Out” Error on iPhone
      • How To: Connect To A Network Shared Folder With Mac OS X
      • Install Cisco AnyConnect Secure Mobility Client on a Mac Computer
      • Bitwarden Import Data from LastPass
      • Create a desktop shortcut to open a specific URL in Chrome while default browser is Edge
      • Removing Edge popups
      • Chrome clear cashed browser data
      • Dropbox taking up storage on physical devices
    • Networking
      • DNS
        • Overview
        • Configure forwarders, delegation and root hints
        • Root servers with map in the world
        • Primary and Secondary DNS Zones
        • Zones and SOA(state of Authority)
        • Types of records
        • Record Management and Updates
        • Single- Label Name Resolution and Suffix
        • Server Properties
        • Protection
        • Policies
        • Monitoring and Troubleshooting
      • TCP/IP
        • IPv4
        • IPv6
        • IPv4-to-IPv6 Transitional Technologies
      • DHCP
        • Install DHCP and Sending Order
        • DHCP Scopes
        • DHCP Options
        • Advanced Scopes - Super-scopes, Multicast Scopes and IPv6
        • Centralized DHCP and PXE
        • DHCP Policies
        • Maintain the DHCP Database
        • Troubleshooting DHCP
    • Resume tools
      • Latex resume builder
      • Eforms
      • eSign
      • MarkItDown
  • Security Education
    • Monthly Security topics Outline
    • Do not call number spam
    • Games
      • Cyber Awareness Challenge
      • Cyber Crosswords
      • Damn Vulnerable Restaurant
      • Education arcade cyber security Game
      • Nova Games Cyber Security
      • Texas A&M cyber security games
      • CTF time
      • National Cyber League CTF game
      • Forensics Simulation Compromised Windows server 2022
    • Sec News
      • The Tor Times
      • Darkfeed.io Ransomware
      • All Info-sec News
      • Write-ups - Pen-tester Land
      • Dark Reading
      • Defcon Site
      • The Sysadmin Channel
      • Security Affairs
      • Malware Gallery, History of Malware
      • meterpreter.org
    • Online Learning
      • pwn.college
      • Cisco Ethical hacker lab
      • Windows Privilege Escalation Crash Course
      • Hack the box
      • Try hack me
      • Hacknetics Pentesting Gitbook
    • Comics
    • Communities
      • Onniforums
      • Morioh programmer social media
      • Null.to
      • (ru) Xxs.is blog
      • Breached forums
      • D4rk forums
      • Hack Forums
      • Ohio Infosec
      • Doxbin
      • Bug Bounty Community
    • Videos
      • Barracuda
      • Microsoft
Powered by GitBook
On this page
  1. Development
  2. Siems and EDR
  3. Wazuh

Wazuh remote commands endpoint agent

custom config elements if you have execute remote scripts off on a endpoint these commands will have to be manually put on the agent

getting hdd fullness data

note need to set a <interval> or a <frequency>

without frequency tag it will be a default of 360s or 6 mins

<localfile>
   	<log_format>command</log_format>
   	<command>Powershell -c "Get-Volume -DriveLetter C | Select-Object -Property @{'Name' = '% Free'; Expression = {'{0:P}' -f ($_.SizeRemaining / $_.Size)}}"</command>
   	<alias>check_win_disk_space</alias>
   	<frequency>44000</frequency>
</localfile>

the frequency 44000 means every 12 hours about

rule

<group name="disk_space_utilization,">
 <!-- Rule to check C: Drive free space -->
 <rule id="100014" level="7">
   <if_sid>530</if_sid>
   <match>^ossec: output: 'check_win_disk_space': </match>
   <regex type="pcre2">[0-1]\d.\d+%$</regex>
   <description>C: Drive free space less than 20%.</description>
 </rule>

 <!-- Rule for disk space between 20% and 50% -->
 <rule id="100015" level="5">
   <if_sid>530</if_sid>
   <match>^ossec: output: 'check_win_disk_space': </match>
   <regex type="pcre2">[2-4]\d.\d+%$</regex>
   <description>C: Drive free space between 20% and 50%.</description>
 </rule>

 <!-- Rule for disk space between 50% and 80% -->
 <rule id="100016" level="3">
   <if_sid>530</if_sid>
   <match>^ossec: output: 'check_win_disk_space': </match>
   <regex type="pcre2">[5-7]\d.\d+%$</regex>
   <description>C: Drive free space between 50% and 80%.</description>
 </rule>

 <!-- Rule for disk space above 80% -->
 <rule id="100017" level="10">
   <if_sid>530</if_sid>
   <match>^ossec: output: 'check_win_disk_space': </match>
   <regex type="pcre2">[89]\d.\d+%$</regex>
   <description>C: Drive free space above 80%.</description>
 </rule>
 
 
</group>
PreviousWazuh trainingNextWazuh to allow ssh to machine

Last updated 1 year ago