Upload files to "Modules"
This commit is contained in:
152
Modules/tips.py
Normal file
152
Modules/tips.py
Normal file
@ -0,0 +1,152 @@
|
||||
import random
|
||||
import re
|
||||
|
||||
|
||||
TIPS = [
|
||||
"🔐 Look for multiple failed login attempts followed by a success.",
|
||||
"👥 Monitor for the creation of suspicious or unusual accounts.",
|
||||
"🖋️ Keep an eye out for renamed files or sudden changes to file extensions.",
|
||||
"🛡️ Always investigate signs of persistence mechanisms like scheduled tasks or services.",
|
||||
"🔍 Check logs for lateral movement patterns within the network.",
|
||||
"📂 Look for data exfiltration attempts during off-hours.",
|
||||
"🕵️♂️ Watch for processes running in uncommon directories.",
|
||||
"🗂️ Review changes to sensitive directories like /etc or C:\\Windows\\System32.",
|
||||
"⚠️ Be alert to PowerShell scripts with obfuscation or base64 encoding.",
|
||||
"📥 Investigate unusual inbound or outbound traffic patterns.",
|
||||
"💻 Track the execution of unknown binaries or scripts.",
|
||||
"📊 Analyze event logs for sequences that indicate privilege escalation.",
|
||||
"🌐 Monitor for connections to known malicious IPs or domains.",
|
||||
"📈 Look for unusual spikes in network activity or CPU usage.",
|
||||
"🔑 Check for default or weak passwords in critical accounts.",
|
||||
"🔗 Watch for newly created symbolic links or junction points.",
|
||||
"🕒 Investigate task scheduler events outside of normal working hours.",
|
||||
"📦 Look for recently installed software that wasn’t approved.",
|
||||
"🔓 Monitor for attempts to disable antivirus or EDR tools.",
|
||||
"📜 Analyze browser history or bookmarks for connections to malicious sites.",
|
||||
"📂 Look for files with double extensions like `.exe.pdf`.",
|
||||
"🛠️ Check system startup items for unauthorized entries.",
|
||||
"📤 Investigate signs of data compression and outbound transfer.",
|
||||
"👀 Watch for registry modifications in persistence-related keys.",
|
||||
"🔍 Scan for unsigned drivers or DLLs in system directories.",
|
||||
"📡 Monitor DNS queries to unusual or high-risk domains.",
|
||||
"💽 Look for rogue virtual machines or snapshots.",
|
||||
"🖥️ Inspect remote desktop protocol (RDP) logs for unauthorized connections.",
|
||||
"🛡️ Review firewall logs for changes in access rules or port scans.",
|
||||
"📧 Analyze email headers for signs of phishing or spoofing.",
|
||||
"📌 Monitor USB activity for unauthorized devices.",
|
||||
"⚡ Look for processes with high privilege levels started by unprivileged users.",
|
||||
"🔗 Watch for changes to trusted system binaries.",
|
||||
"🛠️ Investigate event IDs related to new service installations.",
|
||||
"📂 Check shadow copies for deleted or modified files.",
|
||||
"🔍 Monitor account logins from unusual geographic locations.",
|
||||
"📂 Investigate tampering with backup files or schedules.",
|
||||
"🖥️ Look for signs of remote code execution (RCE) attempts.",
|
||||
"🌐 Review web server logs for suspicious parameter tampering.",
|
||||
"🚦 Monitor network flows for unusual traffic patterns or unexpected ports.",
|
||||
"📡 Be suspicious of repeated DNS queries to non-existent domains.",
|
||||
"🔒 Check for unauthorized changes to file or folder permissions.",
|
||||
"📤 Look for encrypted or compressed outbound traffic to unknown hosts.",
|
||||
"⚙️ Monitor changes in system startup configurations.",
|
||||
"🔍 Search for PowerShell scripts that include encoded commands.",
|
||||
"📁 Investigate files with zero-byte size in critical directories.",
|
||||
"🕒 Check for processes running at scheduled intervals outside business hours.",
|
||||
"📈 Review performance metrics for sudden resource spikes.",
|
||||
"🚀 Look for signs of process injection into legitimate applications.",
|
||||
"💻 Monitor for unauthorized changes to group memberships.",
|
||||
"🔗 Watch for symbolic links pointing to unexpected locations.",
|
||||
"🔍 Examine email attachments for hidden macros or scripts.",
|
||||
"⚠️ Scan for privilege escalation techniques in event logs.",
|
||||
"📦 Look for unexpected or unsigned updates to software packages.",
|
||||
"💾 Review logs for signs of removable media usage.",
|
||||
"🖥️ Investigate unusual usage of command-line utilities like `netstat` or `ipconfig`.",
|
||||
"📤 Track unusual outbound connections to high-risk countries.",
|
||||
"🔍 Look for registry keys with suspicious auto-start entries.",
|
||||
"🔧 Investigate changes to WMI subscriptions or filters.",
|
||||
"📊 Analyze account lockout patterns for brute-force attempts.",
|
||||
"🛡️ Monitor processes using suspicious parent-child relationships.",
|
||||
"📥 Investigate large file downloads from unusual IPs.",
|
||||
"⚡ Check for unauthorized applications installed via package managers.",
|
||||
"🔗 Look for SMB connections between unexpected hosts.",
|
||||
"🔍 Search for processes masquerading as system utilities.",
|
||||
"🖥️ Review logs for attempts to clear or disable event logging.",
|
||||
"📂 Look for hidden files in critical directories.",
|
||||
"🚦 Monitor outbound traffic for data transfers at odd hours.",
|
||||
"🔓 Check for unauthorized access to sensitive configuration files.",
|
||||
"🔧 Scan for unrecognized services or drivers in startup logs.",
|
||||
"🌐 Review web application logs for unauthorized access attempts.",
|
||||
"📜 Look for tampered audit logs or log file deletions.",
|
||||
"💡 Investigate systems with unusual uptime patterns.",
|
||||
"🕵️♂️ Monitor unusual changes to group policies.",
|
||||
"📂 Investigate abnormal growth in specific file directories.",
|
||||
"🛠️ Look for unusual process execution chains in forensic tools.",
|
||||
"📋 Check for clipboard monitoring or keylogging behavior.",
|
||||
"🚨 Monitor IDS/IPS alerts for common lateral movement patterns.",
|
||||
"🌍 Correlate login activity with geolocation inconsistencies.",
|
||||
"🔑 Investigate processes accessing security-critical files.",
|
||||
"📤 Look for repeated failed data upload attempts to unknown servers.",
|
||||
"🔍 Check for malicious scheduled tasks created recently.",
|
||||
"🛡️ Watch for unusual changes to user password policies.",
|
||||
"📈 Investigate sudden changes in user account activity levels.",
|
||||
"🖥️ Review temporary files for evidence of script execution.",
|
||||
"📦 Monitor endpoints for unauthorized package or library downloads.",
|
||||
"📂 Look for anomalies in recently accessed files.",
|
||||
"⚙️ Investigate mismatches in user-agent strings in web traffic.",
|
||||
"🔍 Look for attackers leaving test artifacts like `1.txt` or `test.ps1`.",
|
||||
"📜 Track file hashes for unauthorized changes to key binaries.",
|
||||
"🚦 Review network traffic for abnormal TTL values."
|
||||
]
|
||||
|
||||
# Cybersecurity jokes
|
||||
JOKES = [
|
||||
"🤖 Why did the hacker cross the road? To get to the other .NET.",
|
||||
"❄️ Why was the computer cold? It left its Windows open.",
|
||||
"🪥 How do hackers freshen their breath? With CyberTic Tac!",
|
||||
"❤️🩹 Why don't hackers ever get into relationships? They're afraid of commitments.",
|
||||
"🐾 What do you call a hacker who loves animals? A purr-sistence threat!",
|
||||
"💸 Why did the server go broke? It lost all its cache.",
|
||||
"😂 How do you make a malware laugh? Give it a worm joke!",
|
||||
"📉 Why did the sysadmin go broke? Too many root expenses.",
|
||||
"🥣 What’s a hacker’s favorite kind of cereal? Spy-ders!",
|
||||
"🛡️ Why did the password break up with the hacker? It was too weak.",
|
||||
"🔒 Why are cybersecurity experts bad at telling jokes? They always encrypt the punchline.",
|
||||
"🎵 What’s a hacker’s favorite music genre? Phishing!",
|
||||
"👓 Why do hackers wear glasses? Because they lost their focus.",
|
||||
"📶 Why did the WiFi break up with the laptop? It found a stronger connection.",
|
||||
"😌 Why was the antivirus program so relaxed? It knew how to quarantine stress.",
|
||||
"🍁 What’s a hacker’s favorite season? Phall.",
|
||||
"🌑 Why do programmers prefer dark mode? Because light attracts bugs.",
|
||||
"🚩 What’s a hacker’s favorite game? Capture the flag!",
|
||||
"☠️ Why don’t hackers get along with pirates? Too many patches.",
|
||||
"🎉 How do you throw a cybersecurity party? Invite everyone to the LAN!",
|
||||
"🔥 Why was the firewall so happy? It finally blocked its ex.",
|
||||
"🔑 Why was the keyboard locked out of the server room? Too many CAPS.",
|
||||
"🍺 What’s a hacker’s least favorite drink? Root beer.",
|
||||
"⚾ Why was the hacker bad at baseball? It couldn’t handle the curve (encryption).",
|
||||
"☕ How do cybersecurity experts like their coffee? Encrypted.",
|
||||
"😭 Why did the antivirus cry? It couldn’t handle the worm.",
|
||||
"🤫 Why don’t hackers tell secrets? They’re worried about key-loggers.",
|
||||
"🏕️ Why don’t hackers go camping? Too many phishing attacks.",
|
||||
"💃 What’s a hacker’s favorite dance? The worm.",
|
||||
"🐴 Why was the Trojan horse so good at infiltration? It always had the ‘write’ access.",
|
||||
"🧗 What’s the cybersecurity expert’s favorite sport? Fire-wall climbing.",
|
||||
"🕵️♂️ Why was the hacker great at hide-and-seek? It always hid in the registry.",
|
||||
"🛜 What did the router say to the server? You’ve got the bandwidth for this!",
|
||||
"🍽️ What’s a phishing scammer’s favorite dish? Spam.",
|
||||
"🌞 Why don’t hackers get sunburned? They stay in the shadows.",
|
||||
"🧑🔬 What do you call a group of math and science geeks at a party? Social engineers.",
|
||||
"🌐 What’s the best way to catch a runaway robot? Use a botnet.",
|
||||
"🐛 Why did the programmer leave the camping trip early? There were too many bugs."
|
||||
]
|
||||
|
||||
ANSI_ESCAPE_REGEX = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
|
||||
|
||||
def get_random_tip_or_joke(clean=False):
|
||||
# Pick a random tip or joke and assign a color
|
||||
item = random.choice(TIPS + JOKES)
|
||||
formatted_item = f"{item}"
|
||||
|
||||
if clean:
|
||||
# Remove ANSI escape codes if clean output is requested
|
||||
return ANSI_ESCAPE_REGEX.sub('', formatted_item)
|
||||
|
||||
return formatted_item
|
||||
Reference in New Issue
Block a user