AniNIX/Wiki
AniNIX/Wiki
3
0
Fork 0
Code Issues 9 Pull Requests 3 Releases Activity

Compare commits

base: AniNIX:rss-validator-hook
Branches Tags
AniNIX:main
AniNIX:pentesting-team
AniNIX:lnl-ended
AniNIX:rss-validator-hook
AniNIX:hire
AniNIX:0.0
..
compare: AniNIX:main
Branches Tags
AniNIX:main
AniNIX:pentesting-team
AniNIX:lnl-ended
AniNIX:rss-validator-hook
AniNIX:hire
AniNIX:0.0

4 Commits
rss-valida ... main

Author SHA1 Message Date
DarkFeather
7e836a4f69
OSINT: 200.28.54.71 and 186.107.199.1 2024-09-18 15:34:33 -05:00
DarkFeather
ce5bf2bca8
Ending lunch-and-learns 2024-07-18 12:14:24 -05:00
DarkFeather
3b09dcc275
Merge branch '20240627' 2024-07-01 14:42:16 -05:00
DarkFeather
d87d492cdc
Resuming livestream notifications -- to be published 20240627 2024-04-25 12:19:48 -05:00
4 changed files with 103 additions and 17 deletions
Show Stats Expand all files Collapse all files

14
Articles/Lunch-And-Learns.md
View File

@ -1,14 +0,0 @@
I've had a request to do some lunch-and-learns about the AniNIX, how we self-host, and how we manage some of our tools. We'll burn roughly the first 30-45 minutes talking through some concepts of how the AniNIX does what it does -- the rest of the time will be an open floor to ask anything you'd like.
We are going to use [Discord](https://discord.gg/2bmggfR), just for bandwidth reasons and ease of setup, to host the call.
* If you don't have a Discord account, it's pretty easy to sign up. Just swing by our Discord link and ask for the Lunch&Learn role after creating your account.
* We are taking questions by IRC for those folks looking for a little more anonymity.
Due to real-life obligations, the livestream portions are paused but we will be opening the floor for discussions each week with a commit and some discussion on its relevance. Hope to see you in the channel!
<!--
We are testing live-streaming to [Twitch](https://www.twitch.tv/darkfeather0664) and [YouTube](https://www.youtube.com/channel/UCe-WNM2mbI51xoVZp3K_wFQ). If you're interested but not ready to join the Discord community, those options are open to you.
-->
<!-- We hope to see you there! [Click this Google Calendar link](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=bzk4YmplZWpvdW52NWNoZjZna2dtZTNlNWJfMjAyMzExMjNUMTgwMDAwWiBjeGZvcmRAbQ&tmsrc=cxford%40gmail.com&scp=ALL) to add it to your calendar -- we'll be meeting in the 1200-1300 [US Central](https://time.is/CT) block on Thursdays.
There's no listed schedule of topics right now -- request some on IRC or Discord!-->

3
precommit-hooks/rss
View File

@ -1,3 +0,0 @@
#!/bin/bash
# Implement https://cweiske.de/tagebuch/atom-validation.htm

11
rss/aninix.xml
View File

@ -11,6 +11,17 @@
<id>https://aninix.net/</id>
<entry>
<title>Lunch-and-Learns Ended</title>
<link href="https://aninix.net/aninix.xml#lnl-ended"></link>
<updated>2024-04-25T17:21:00Z</updated>
<id>https://aninix.net/aninix.xml#lnl-ended</id>
<summary>
AniNIX will be ending the Lunch-and-Learn series for the time being -- we aren't seeing enough engagement, and admins will be otherwise tasked for the near future. Please still reach out on Discord or IRC if there are topics you want to talk about, or open an issue or merge request with your ideas.
</summary>
</entry>
<entry>
<title>Lunch-and-Learns Paused 20240502 through 20240627</title>
<link href="https://aninix.net/aninix.xml#lnl-pause-20240502"></link>

92
rss/osint.xml
View File

@ -11,6 +11,17 @@
<id>https://aninix.net/</id>
<entry>
<title>200.28.54.71 and 186.107.199.1</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#200.28.54.71"></link>
<updated>2024-06-27T17:25:00Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#200.28.54.71</id>
<author><name>DarkFeather</name></author>
<summary>
Two Chilean IPs, 200.28.54.71 and 186.107.199.1, were observed using a wide spectrum of attacks, including network trojans, PHP file inclusion attempts, web shells, and Apache exploits, against our web front. Both showed a sophisticated and diverse exploit set, but neither were attempting to exploit toolchains used by our network. Both have been banned at edge. Total event count is 264.
</summary>
</entry>
<entry>
<title>84.239.54.49</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#84.239.54.49"></link>
@ -64,4 +75,85 @@
</summary>
</entry>
<entry>
<title>Attack Flood from CN, BR, KZ, and DigitalOcean</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23"></link>
<updated>2022-12-23T18:19:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#attack-flood-2022-12-23</id>
<summary>
<p>Starting 2022/12/18, the AniNIX saw a rapid increase of threat traffic from subnets attributed to CN, BR, and KZ country codes -- this coincided with a concerted campaign being run from hosting provider DigitalOcean. While APT-style campaigns from CN are more or less expected, the large amount of traffic from DigitalOcean suggests the advent of a new campaign from that vendor. Other AniNIX users have reported similar attacks originating from DigitalOcean, but blocking the entire provider cuts off access to some local resources.</p>
<p>We are blocking the following subnets in response to this threat data: 8.213.129.0/24, 36.92.107.0/24, 43.157.15.0/24, 45.162.216.0/22, 46.101.128.0/17, 46.101.80.0/20, 61.177.0.0/16, 62.87.132.0/22, 64.227.0.0/17, 82.180.132.0/23, 85.152.0.0/17, 92.46.64.0/18, 159.223.0.0/16, and 218.92.0.0/16. If you have legitimate resources living in these spaces, we recommend hardening those resources and contacting us via Discord or IRC to receive an exception.</p>
</summary>
</entry>
<entry>
<title>78.128.113.166/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166"></link>
<updated>2022-12-15T01:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#78.128.113.166</id>
<summary>
78.128.113.166/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection methods and cross-site scripting. Total attack volume was 363.
</summary>
</entry>
<entry>
<title>141.98.9.24/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#141.98.9.24</id>
<summary>
141.98.9.24/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL queries by URI, including "Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI". Total attack volume was 184.
</summary>
</entry>
<entry>
<title>31.184.195.114/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#31.184.195.114</id>
<summary>
31.184.195.114/32 was detected using a variety of attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as attempted administrator gain, lwp-download, and CVE-2014-6271 exploits. Total attack volume was 254.
</summary>
</entry>
<entry>
<title>81.19.136.5/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#81.19.136.5</id>
<summary>
81.19.136.5/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1079.
</summary>
</entry>
<entry>
<title>194.165.16.68/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68"></link>
<updated>2022-09-30T21:59:59Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.16.68</id>
<summary>
194.165.16.68/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
</summary>
</entry>
<entry>
<title>91.191.209.54/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54"></link>
<updated>2022-09-26T02:16:20Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#91.191.209.54</id>
<summary>
91.191.209.54/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 1080.
</summary>
</entry>
<entry>
<title>194.165.17.9/32</title>
<link href="https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9"></link>
<updated>2022-09-26T02:16:20Z</updated>
<id>https://aninix.net/AniNIX/Wiki/raw/branch/main/rss/osint.xml#194.165.17.9</id>
<summary>
194.165.17.9/32 was detected using web application attacks against our 80/tcp/http listener for AniNIX/WebServer. Suricata detection rules classified the incoming threats as a variety of SQL injection attacks. Total attack volume was 184.
</summary>
</entry>
</feed>