From 74fb0f1e0a3742ca8ab9fbe31e945a89520cedad Mon Sep 17 00:00:00 2001 From: Matthew Iverson Date: Sun, 24 Nov 2024 18:13:44 -0500 Subject: [PATCH] Upload files to "Assets" --- Assets/ascii_text_prompts.py | 20 +++---- Assets/random_tip.py | 103 +++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 10 deletions(-) create mode 100644 Assets/random_tip.py diff --git a/Assets/ascii_text_prompts.py b/Assets/ascii_text_prompts.py index 384c56d..393e70a 100644 --- a/Assets/ascii_text_prompts.py +++ b/Assets/ascii_text_prompts.py @@ -2,18 +2,18 @@ import os from colorama import Fore, Style full_ascii_art = f""" -{Fore.RED}{Style.BRIGHT} -┏┓┏┏ • ┏┓ ┓ ┏┓ • ┳┓ ┓ ┓ -┃┃╋╋┏┓┏┓┏┓┓┏┏┓ ┃ ┓┏┣┓┏┓┏┓ ┃┃┏┓┏┓┏┓┏┓╋┓┏┓┏┓┏ ┣┫┓┏┏┫┏┫┓┏ -┗┛┛┛┗ ┛┗┛┗┗┛┗ ┗┛┗┫┗┛┗ ┛ ┗┛┣┛┗ ┛ ┗┻┗┗┗┛┛┗┛ ┻┛┗┻┗┻┗┻┗┫ - ┛ ┛ ┛ +{Fore.BLUE}{Style.BRIGHT} +┓┏ ┏┓ •┏• • ┓ • ┓┓• +┣┫┓┏┏┓╋ ┣┫┏┓╋┓╋┓┏┓┏┓┃ ┓┏┓╋┏┓┃┃┓┏┓┏┓┏┓┏┏┓ +┛┗┗┻┛┗┗ ┛┗┛ ┗┗┛┗┗┗┗┻┗ ┗┛┗┗┗ ┗┗┗┗┫┗ ┛┗┗┗ + ┛ {Style.RESET_ALL}""" - + ascii_art = f""" -{Fore.RED}{Style.BRIGHT} -┏┓┏┓┏┓ ┳┓┳┳┳┓┳┓┓┏ -┃┃┃ ┃┃ ┣┫┃┃┃┃┃┃┗┫ -┗┛┗┛┗┛ ┻┛┗┛┻┛┻┛┗┛ +{Fore.BLUE}{Style.BRIGHT} +┓┏ ┏┓┳ +┣┫┓┏┏┓╋ ┣┫┃ +┛┗┗┻┛┗┗ ┛┗┻ {Style.RESET_ALL}""" infinitei = f""" diff --git a/Assets/random_tip.py b/Assets/random_tip.py new file mode 100644 index 0000000..1b27f0a --- /dev/null +++ b/Assets/random_tip.py @@ -0,0 +1,103 @@ +import random +from colorama import Fore, Style + +TIPS = [ + "🔐 Look for multiple failed login attempts followed by a success.", + "👥 Monitor for the creation of suspicious or unusual accounts.", + "🖋️ Keep an eye out for renamed files or sudden changes to file extensions.", + "🛡️ Always investigate signs of persistence mechanisms like scheduled tasks or services.", + "🔍 Check logs for lateral movement patterns within the network.", + "📂 Look for data exfiltration attempts during off-hours.", + "🕵️‍♂️ Watch for processes running in uncommon directories.", + "🗂️ Review changes to sensitive directories like /etc or C:\\Windows\\System32.", + "⚠️ Be alert to PowerShell scripts with obfuscation or base64 encoding.", + "📥 Investigate unusual inbound or outbound traffic patterns.", + "💻 Track the execution of unknown binaries or scripts.", + "📊 Analyze event logs for sequences that indicate privilege escalation.", + "🌐 Monitor for connections to known malicious IPs or domains.", + "📈 Look for unusual spikes in network activity or CPU usage.", + "🔑 Check for default or weak passwords in critical accounts.", + "🔗 Watch for newly created symbolic links or junction points.", + "🕒 Investigate task scheduler events outside of normal working hours.", + "📦 Look for recently installed software that wasn’t approved.", + "🔓 Monitor for attempts to disable antivirus or EDR tools.", + "📜 Analyze browser history or bookmarks for connections to malicious sites.", + "📂 Look for files with double extensions like `.exe.pdf`.", + "🛠️ Check system startup items for unauthorized entries.", + "📤 Investigate signs of data compression and outbound transfer.", + "👀 Watch for registry modifications in persistence-related keys.", + "🔍 Scan for unsigned drivers or DLLs in system directories.", + "📡 Monitor DNS queries to unusual or high-risk domains.", + "💽 Look for rogue virtual machines or snapshots.", + "🖥️ Inspect remote desktop protocol (RDP) logs for unauthorized connections.", + "🛡️ Review firewall logs for changes in access rules or port scans.", + "📧 Analyze email headers for signs of phishing or spoofing.", + "📌 Monitor USB activity for unauthorized devices.", + "⚡ Look for processes with high privilege levels started by unprivileged users.", + "🔗 Watch for changes to trusted system binaries.", + "🛠️ Investigate event IDs related to new service installations.", + "📂 Check shadow copies for deleted or modified files.", + "🔍 Monitor account logins from unusual geographic locations.", + "📂 Investigate tampering with backup files or schedules.", + "🖥️ Look for signs of remote code execution (RCE) attempts.", + "🌐 Review web server logs for suspicious parameter tampering.", + "🚦 Monitor network flows for unusual traffic patterns or unexpected ports.", + "📡 Be suspicious of repeated DNS queries to non-existent domains.", + "🔒 Check for unauthorized changes to file or folder permissions.", + "📤 Look for encrypted or compressed outbound traffic to unknown hosts.", + "⚙️ Monitor changes in system startup configurations.", + "🔍 Search for PowerShell scripts that include encoded commands.", + "📁 Investigate files with zero-byte size in critical directories.", + "🕒 Check for processes running at scheduled intervals outside business hours.", + "📈 Review performance metrics for sudden resource spikes.", + "🚀 Look for signs of process injection into legitimate applications.", + "💻 Monitor for unauthorized changes to group memberships.", + "🔗 Watch for symbolic links pointing to unexpected locations.", + "🔍 Examine email attachments for hidden macros or scripts.", + "⚠️ Scan for privilege escalation techniques in event logs.", + "📦 Look for unexpected or unsigned updates to software packages.", + "💾 Review logs for signs of removable media usage.", + "🖥️ Investigate unusual usage of command-line utilities like `netstat` or `ipconfig`.", + "📤 Track unusual outbound connections to high-risk countries.", + "🔍 Look for registry keys with suspicious auto-start entries.", + "🔧 Investigate changes to WMI subscriptions or filters.", + "📊 Analyze account lockout patterns for brute-force attempts.", + "🛡️ Monitor processes using suspicious parent-child relationships.", + "📥 Investigate large file downloads from unusual IPs.", + "⚡ Check for unauthorized applications installed via package managers.", + "🔗 Look for SMB connections between unexpected hosts.", + "🔍 Search for processes masquerading as system utilities.", + "🖥️ Review logs for attempts to clear or disable event logging.", + "📂 Look for hidden files in critical directories.", + "🚦 Monitor outbound traffic for data transfers at odd hours.", + "🔓 Check for unauthorized access to sensitive configuration files.", + "🔧 Scan for unrecognized services or drivers in startup logs.", + "🌐 Review web application logs for unauthorized access attempts.", + "📜 Look for tampered audit logs or log file deletions.", + "💡 Investigate systems with unusual uptime patterns.", + "🕵️‍♂️ Monitor unusual changes to group policies.", + "📂 Investigate abnormal growth in specific file directories.", + "🛠️ Look for unusual process execution chains in forensic tools.", + "📋 Check for clipboard monitoring or keylogging behavior.", + "🚨 Monitor IDS/IPS alerts for common lateral movement patterns.", + "🌍 Correlate login activity with geolocation inconsistencies.", + "🔑 Investigate processes accessing security-critical files.", + "📤 Look for repeated failed data upload attempts to unknown servers.", + "🔍 Check for malicious scheduled tasks created recently.", + "🛡️ Watch for unusual changes to user password policies.", + "📈 Investigate sudden changes in user account activity levels.", + "🖥️ Review temporary files for evidence of script execution.", + "📦 Monitor endpoints for unauthorized package or library downloads.", + "📂 Look for anomalies in recently accessed files.", + "⚙️ Investigate mismatches in user-agent strings in web traffic.", + "🔍 Look for attackers leaving test artifacts like `1.txt` or `test.ps1`.", + "📜 Track file hashes for unauthorized changes to key binaries.", + "🚦 Review network traffic for abnormal TTL values." +] + +COLORS = [Fore.RED, Fore.GREEN, Fore.BLUE, Fore.MAGENTA, Fore.CYAN, Fore.YELLOW, Fore.WHITE] + +def get_random_tip_with_color(): + tip = random.choice(TIPS) + color = random.choice(COLORS) + return f"{color}{tip}{Style.RESET_ALL}" \ No newline at end of file