import random from colorama import Fore, Style TIPS = [ "🔐 Look for multiple failed login attempts followed by a success.", "👥 Monitor for the creation of suspicious or unusual accounts.", "🖋️ Keep an eye out for renamed files or sudden changes to file extensions.", "🛡️ Always investigate signs of persistence mechanisms like scheduled tasks or services.", "🔍 Check logs for lateral movement patterns within the network.", "📂 Look for data exfiltration attempts during off-hours.", "🕵️‍♂️ Watch for processes running in uncommon directories.", "🗂️ Review changes to sensitive directories like /etc or C:\\Windows\\System32.", "⚠️ Be alert to PowerShell scripts with obfuscation or base64 encoding.", "📥 Investigate unusual inbound or outbound traffic patterns.", "💻 Track the execution of unknown binaries or scripts.", "📊 Analyze event logs for sequences that indicate privilege escalation.", "🌐 Monitor for connections to known malicious IPs or domains.", "📈 Look for unusual spikes in network activity or CPU usage.", "🔑 Check for default or weak passwords in critical accounts.", "🔗 Watch for newly created symbolic links or junction points.", "🕒 Investigate task scheduler events outside of normal working hours.", "📦 Look for recently installed software that wasn’t approved.", "🔓 Monitor for attempts to disable antivirus or EDR tools.", "📜 Analyze browser history or bookmarks for connections to malicious sites.", "📂 Look for files with double extensions like `.exe.pdf`.", "🛠️ Check system startup items for unauthorized entries.", "📤 Investigate signs of data compression and outbound transfer.", "👀 Watch for registry modifications in persistence-related keys.", "🔍 Scan for unsigned drivers or DLLs in system directories.", "📡 Monitor DNS queries to unusual or high-risk domains.", "💽 Look for rogue virtual machines or snapshots.", "🖥️ Inspect remote desktop protocol (RDP) logs for unauthorized connections.", "🛡️ Review firewall logs for changes in access rules or port scans.", "📧 Analyze email headers for signs of phishing or spoofing.", "📌 Monitor USB activity for unauthorized devices.", "⚡ Look for processes with high privilege levels started by unprivileged users.", "🔗 Watch for changes to trusted system binaries.", "🛠️ Investigate event IDs related to new service installations.", "📂 Check shadow copies for deleted or modified files.", "🔍 Monitor account logins from unusual geographic locations.", "📂 Investigate tampering with backup files or schedules.", "🖥️ Look for signs of remote code execution (RCE) attempts.", "🌐 Review web server logs for suspicious parameter tampering.", "🚦 Monitor network flows for unusual traffic patterns or unexpected ports.", "📡 Be suspicious of repeated DNS queries to non-existent domains.", "🔒 Check for unauthorized changes to file or folder permissions.", "📤 Look for encrypted or compressed outbound traffic to unknown hosts.", "⚙️ Monitor changes in system startup configurations.", "🔍 Search for PowerShell scripts that include encoded commands.", "📁 Investigate files with zero-byte size in critical directories.", "🕒 Check for processes running at scheduled intervals outside business hours.", "📈 Review performance metrics for sudden resource spikes.", "🚀 Look for signs of process injection into legitimate applications.", "💻 Monitor for unauthorized changes to group memberships.", "🔗 Watch for symbolic links pointing to unexpected locations.", "🔍 Examine email attachments for hidden macros or scripts.", "⚠️ Scan for privilege escalation techniques in event logs.", "📦 Look for unexpected or unsigned updates to software packages.", "💾 Review logs for signs of removable media usage.", "🖥️ Investigate unusual usage of command-line utilities like `netstat` or `ipconfig`.", "📤 Track unusual outbound connections to high-risk countries.", "🔍 Look for registry keys with suspicious auto-start entries.", "🔧 Investigate changes to WMI subscriptions or filters.", "📊 Analyze account lockout patterns for brute-force attempts.", "🛡️ Monitor processes using suspicious parent-child relationships.", "📥 Investigate large file downloads from unusual IPs.", "⚡ Check for unauthorized applications installed via package managers.", "🔗 Look for SMB connections between unexpected hosts.", "🔍 Search for processes masquerading as system utilities.", "🖥️ Review logs for attempts to clear or disable event logging.", "📂 Look for hidden files in critical directories.", "🚦 Monitor outbound traffic for data transfers at odd hours.", "🔓 Check for unauthorized access to sensitive configuration files.", "🔧 Scan for unrecognized services or drivers in startup logs.", "🌐 Review web application logs for unauthorized access attempts.", "📜 Look for tampered audit logs or log file deletions.", "💡 Investigate systems with unusual uptime patterns.", "🕵️‍♂️ Monitor unusual changes to group policies.", "📂 Investigate abnormal growth in specific file directories.", "🛠️ Look for unusual process execution chains in forensic tools.", "📋 Check for clipboard monitoring or keylogging behavior.", "🚨 Monitor IDS/IPS alerts for common lateral movement patterns.", "🌍 Correlate login activity with geolocation inconsistencies.", "🔑 Investigate processes accessing security-critical files.", "📤 Look for repeated failed data upload attempts to unknown servers.", "🔍 Check for malicious scheduled tasks created recently.", "🛡️ Watch for unusual changes to user password policies.", "📈 Investigate sudden changes in user account activity levels.", "🖥️ Review temporary files for evidence of script execution.", "📦 Monitor endpoints for unauthorized package or library downloads.", "📂 Look for anomalies in recently accessed files.", "⚙️ Investigate mismatches in user-agent strings in web traffic.", "🔍 Look for attackers leaving test artifacts like `1.txt` or `test.ps1`.", "📜 Track file hashes for unauthorized changes to key binaries.", "🚦 Review network traffic for abnormal TTL values." ] COLORS = [Fore.RED, Fore.GREEN, Fore.BLUE, Fore.MAGENTA, Fore.CYAN, Fore.YELLOW, Fore.WHITE] def get_random_tip_with_color(): tip = random.choice(TIPS) color = random.choice(COLORS) return f"{color}{tip}{Style.RESET_ALL}"