AniNIX/Wiki
3
0
Fork 0
Code Issues 9 Pull Requests 3 Releases Activity

Compare commits

base: AniNIX:rss-validator-hook
Branches Tags
AniNIX:main AniNIX:pentesting-team AniNIX:lnl-ended AniNIX:rss-validator-hook AniNIX:hire
AniNIX:0.0
..
compare: AniNIX:main
Branches Tags
AniNIX:main AniNIX:pentesting-team AniNIX:lnl-ended AniNIX:rss-validator-hook AniNIX:hire
AniNIX:0.0

5 Commits
rss-valida ... main

Author SHA1 Message Date
DarkFeather
e5ace2441c New indicators; geofencing; standards update 2025-12-18 09:36:21 -06:00
DarkFeather
7e836a4f69 OSINT: 200.28.54.71 and 186.107.199.1 2024-09-18 15:34:33 -05:00
DarkFeather
ce5bf2bca8 Ending lunch-and-learns 2024-07-18 12:14:24 -05:00
DarkFeather
3b09dcc275 Merge branch '20240627' 2024-07-01 14:42:16 -05:00
DarkFeather
d87d492cdc Resuming livestream notifications -- to be published 20240627 2024-04-25 12:19:48 -05:00
5 changed files with 138 additions and 51 deletions
Expand all files Collapse all files

14
Articles/Lunch-And-Learns.md
View File

@@ -1,14 +0,0 @@
I've had a request to do some lunch-and-learns about the AniNIX, how we self-host, and how we manage some of our tools. We'll burn roughly the first 30-45 minutes talking through some concepts of how the AniNIX does what it does -- the rest of the time will be an open floor to ask anything you'd like.
We are going to use [Discord](https://discord.gg/2bmggfR), just for bandwidth reasons and ease of setup, to host the call.
* If you don't have a Discord account, it's pretty easy to sign up. Just swing by our Discord link and ask for the Lunch&Learn role after creating your account.
* We are taking questions by IRC for those folks looking for a little more anonymity.
Due to real-life obligations, the livestream portions are paused but we will be opening the floor for discussions each week with a commit and some discussion on its relevance. Hope to see you in the channel!
<!--
We are testing live-streaming to [Twitch](https://www.twitch.tv/darkfeather0664) and [YouTube](https://www.youtube.com/channel/UCe-WNM2mbI51xoVZp3K_wFQ). If you're interested but not ready to join the Discord community, those options are open to you.
-->
<!-- We hope to see you there! [Click this Google Calendar link](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=bzk4YmplZWpvdW52NWNoZjZna2dtZTNlNWJfMjAyMzExMjNUMTgwMDAwWiBjeGZvcmRAbQ&tmsrc=cxford%40gmail.com&scp=ALL) to add it to your calendar -- we'll be meeting in the 1200-1300 [US Central](https://time.is/CT) block on Thursdays.
There's no listed schedule of topics right now -- request some on IRC or Discord!-->

6
PKGBUILD
View File

@@ -3,12 +3,8 @@ makedepends=('make>=4.2','gcc','mono')
checkdepends=()
optdepends=()
pkgname="$(git config remote.origin.url | rev | cut -f 1 -d '/' | rev | sed 's/.git$//')"
pkgver="$(git describe --tag --abbrev=0)"."$(git rev-parse --short HEAD)"
pkgver="$(git describe --tag --abbrev=0)"."$(( `git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit` + 1 ))"."$(git rev-parse --short HEAD)"
pkgrel=1
pkgrel() {
echo $(( `git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit` + 1 ))
}
epoch="$(git log | grep -c commit)"
pkgdesc="$(head -n 1 README.md)"
arch=("x86_64")
url="$(git config remote.origin.url | sed 's/.git$//')"

3
precommit-hooks/rss
View File

@@ -1,3 +0,0 @@
#!/bin/bash
# Implement https://cweiske.de/tagebuch/atom-validation.htm

39
rss/aninix.xml
View File

@@ -4,24 +4,27 @@
<logo>https://foundation.aninix.net/assets/img/AniNIX.png</logo>
<link rel="self" href="https://aninix.net/aninix.xml" />
<link href="https://aninix.net/" />
<updated>2022-04-14T20:30:20Z</updated>
<updated>2025-11-30T04:25:00Z</updated>
<author>
<name>AniNIX</name>
<name>DarkFeather</name>
</author>
<id>https://aninix.net/</id>
<entry>
<title>Lunch-and-Learns Paused 20240502 through 20240627</title>
<link href="https://aninix.net/aninix.xml#lnl-pause-20240502"></link>
<updated>2024-04-25T17:21:00Z</updated>
<id>https://aninix.net/aninix.xml#lnl-pause-20240502</id>
<title>Geofencing to the US</title>
<link href="https://aninix.net/AniNIX/Kapisi/issues/42"></link>
<updated>2025-11-30T04:25:00Z</updated>
<id>https://aninix.net/AniNIX/Kapisi/issues/42</id>
<author>
<name>DarkFeather</name>
</author>
<summary>
AniNIX will be pausing Lunch-and-Learns effective 20240502 through 20240627 for real-life training. We will merge AniNIX/Wiki#24 on our return.
Due to legal challenges posed by a number of world powers, including the Chinese PLA, Russia, the UK, and the UN, the AniNIX network will be geofenced to the US. Users using VPNs will need a US exit node or an alternate method of connecting to services. We will test this with the less user-facing services first and gradually roll it out to all.
</summary>
</entry>
<entry>
<entry>
<title>CVE-2024-3094 Follow-up</title>
<link href="https://aninix.net/aninix.xml#CVE-2024-3094"></link>
<updated>2024-04-17T20:15:00Z</updated>
@@ -41,24 +44,4 @@
</summary>
</entry>
<entry>
<title>GPG Key Distribution</title>
<link href="https://foundation.aninix.net/AniNIX/ShadowArch/src/branch/main/EtcFiles/aninix.gpg"></link>
<updated>2022-01-19T00:10:00Z</updated>
<id>https://foundation.aninix.net/AniNIX/ShadowArch/src/branch/main/EtcFiles/aninix.gpg</id>
<summary>
The SKS keyservers have been shut down -- some recent attacks on the network have made their hosting untenable for the providers. We will be distributing our GPG public key via the AniNIX/ShadowArch package and on our repo. Please add it to your own keyrings.
</summary>
</entry>
<entry>
<title>Warrant Canary</title>
<link href="https://foundation.aninix.net/AniNIX/WarrantCanary"></link>
<updated>2019-12-10T12:28:00Z</updated>
<id>https://foundation.aninix.net/AniNIX/WarrantCanary</id>
<summary>
We want everyone to know that, despite recent law enforcement and Senate cries that they can't do their job without backdoors into encrypted communications, the AniNIX is committed to protecting your communications with our network. We do offer proxies of some semipublic information to outside sources -- Discord and GitHub -- but our internal services over SSH, IRCS, and HTTPS are hardened and audited. We are now additionally offering a warrant canary. This is a GPG-based device for users to know that our communications have not been compromised. If you are cybersecurity-minded, please watch the linked repo.
</summary>
</entry>
</feed>

127
rss/osint.xml
View File

@@ -4,13 +4,57 @@
<logo>https://foundation.aninix.net/assets/img/AniNIX.png</logo>
<link rel="self" href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml" />
<link href="https://aninix.net/" />
<updated>2022-09-26T02:16:20Z</updated>
<updated>2025-08-21T12:09:04Z</updated>
<author>
<name>AniNIX</name>
</author>
<id>https://aninix.net/</id>
<entry>
<title>193.142.147.0/24</title>
<link href="https://pulsedive.com/indicator/?iid=74597502"></link>
<updated>2025-12-18T15:28:00Z</updated>
<id>https://pulsedive.com/indicator/?iid=74597502</id>
<author><name>DarkFeather</name></author>
<summary>
193.142.147.209 was observed attempting CVE 2025-55182 "React2Shell" against our web front. Total event count was three. Entire /24 has been blocked.
</summary>
</entry>
<entry>
<title>147.182.128.0/17</title>
<link href="https://pulsedive.com/indicator/?iid=71233732"></link>
<updated>2025-12-18T15:28:00Z</updated>
<id>https://pulsedive.com/indicator/?iid=71233732</id>
<author><name>DarkFeather</name></author>
<summary>
This DigitalOcean IP was observed running an extensive SSH brute-force from California. We are blocking the related /17 subnet as the provider is in poor reputation. Total event count was 112.
</summary>
</entry>
<entry>
<title>93.123.109.245</title>
<link href="https://pulsedive.com/ioc/93.123.109.245"></link>
<updated>2025-08-21T12:09:04Z</updated>
<id>https://pulsedive.com/ioc/93.123.109.245</id>
<author><name>DarkFeather</name></author>
<summary>
A Bulgarian IP was observed using a suspicious user agent (l9explore) and has been classified as known bad traffic. The related /24 was blocked. Total event count is 127.
</summary>
</entry>
<entry>
<title>200.28.54.71 and 186.107.199.1</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#200.28.54.71"></link>
<updated>2024-06-27T17:25:00Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#200.28.54.71</id>
<author><name>DarkFeather</name></author>
<summary>
Two Chilean IPs, 200.28.54.71 and 186.107.199.1, were observed using a wide spectrum of attacks, including network trojans, PHP file inclusion attempts, web shells, and Apache exploits, against our web front. Both showed a sophisticated and diverse exploit set, but neither were attempting to exploit toolchains used by our network. Both have been banned at edge. Total event count is 264.
</summary>
</entry>
<entry>
<title>84.239.54.49</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49"></link>
@@ -64,4 +108,85 @@
</summary>
</entry>
<entry>
<title>Attack Flood from CN, BR, KZ, and DigitalOcean</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23"></link>
<updated>2022-12-23T18:19:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23</id>
<summary>
<p>Starting 2022/12/18, the AniNIX saw a rapid increase of threat traffic from subnets attributed to CN, BR, and KZ country codes -- this coincided with a concerted campaign being run from hosting provider DigitalOcean. While APT-style campaigns from CN are more or less expected, the large amount of traffic from DigitalOcean suggests the advent of a new campaign from that vendor. Other AniNIX users have reported similar attacks originating from DigitalOcean, but blocking the entire provider cuts off access to some local resources.</p>
<p>We are blocking the following subnets in response to this threat data: 8.213.129.0/24, 36.92.107.0/24, 43.157.15.0/24, 45.162.216.0/22, 46.101.128.0/17, 46.101.80.0/20, 61.177.0.0/16, 62.87.132.0/22, 64.227.0.0/17, 82.180.132.0/23, 85.152.0.0/17, 92.46.64.0/18, 159.223.0.0/16, and 218.92.0.0/16. If you have legitimate resources living in these spaces, we recommend hardening those resources and contacting us via Discord or IRC to receive an exception.</p>
</summary>
</entry>
<entry>
<title>78.128.113.166/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166"></link>
<updated>2022-12-15T01:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166</id>
<summary>
78.128.113.166/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 363.
</summary>
</entry>
<entry>
<title>141.98.9.24/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24</id>
<summary>
141.98.9.24/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL queries by URI, including "Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI". Total attack volume was 184.
</summary>
</entry>
<entry>
<title>31.184.195.114/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114</id>
<summary>
31.184.195.114/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as attempted administrator gain, lwp-download, and CVE-2014-6271 exploits. Total attack volume was 254.
</summary>
</entry>
<entry>
<title>81.19.136.5/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5</id>
<summary>
81.19.136.5/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1079.
</summary>
</entry>
<entry>
<title>194.165.16.68/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68</id>
<summary>
194.165.16.68/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
</summary>
</entry>
<entry>
<title>91.191.209.54/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54"></link>
<updated>2022-09-26T02:16:20Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54</id>
<summary>
91.191.209.54/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1080.
</summary>
</entry>
<entry>
<title>194.165.17.9/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9"></link>
<updated>2022-09-26T02:16:20Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9</id>
<summary>
194.165.17.9/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
</summary>
</entry>
</feed>