mstoeck3/landing-page
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
landing-page/glance.yml

1417 lines
77 KiB
YAML
Raw Blame History

server:
# host: 0.0.0.0
# port: 8080
base-url: https://cc24.dev
assets-path: /home/svc-start-cc24/app/glance-assets
document:
head: |
<meta name="description" content="CC24.DEV - IT-Forensik">
branding:
custom-footer: |
<p>CC24.DEV - IT-Forensik der Zukunft</p><br>
<p>Contributions Welcome! <a href="https://git.cc24.dev/mstoeck3/landing-page">Click here: Gitea-CC24</a></p>
logo-url: https://cloud.cc24.dev/apps/theming/favicon/dashboard?v=4e09eb50
favicon-url: https://cloud.cc24.dev/apps/theming/favicon/dashboard?v=4e09eb50
theme:
background-color: 240 8 9
primary-color: 43 50 70
contrast-multiplier: 1.1
pages:
- name: "CC24"
width: wide
hide-desktop-navigation: false
center-vertically: false
columns:
- size: small
widgets:
- type: html
source: |
<div class="p-6 bg-opacity-20 bg-primary rounded mb-4">
<h1 class="size-h2 color-primary mb-2">CC24.DEV</h1>
<p class="size-h5">IT-Forensik Dashboard</p>
<p class="color-paragraph-faded mt-2">Last updated: June 24, 2025</p>
</div>
<br>
- type: clock
hour-format: 24h
- type: rss
title: "CVE Feeds"
feeds:
- url: https://cvefeed.io/rssfeed/latest.xml
title: Latest CVEs
limit: 8
collapse-after: 6
- size: full
widgets:
- type: search
search-engine: https://se.mikoshi.de/searxng/search?q={QUERY}
new-tab: true
autofocus: true
placeholder: "SEARX-NG - bangs: !cve, !exploit, !gh, !yt"
bangs:
- title: YouTube
shortcut: "!yt"
url: https://www.youtube.com/results?search_query={QUERY}
- title: CVE Database
shortcut: "!cve"
url: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword={QUERY}
- title: ExploitDB
shortcut: "!exploit"
url: https://www.exploit-db.com/search?q={QUERY}
- title: GitHub
shortcut: "!gh"
url: https://github.com/search?q={QUERY}
- type: bookmarks
groups:
- title: "Hochschule Mittweida"
color: 210 80 60
links:
- title: Moodle
url: https://learning.hs-mittweida.de/
icon: https://www.hs-mittweida.de/favicon.ico
- title: Studentenportal
url: https://www.intranet.hs-mittweida.de/sportal
icon: https://www.hs-mittweida.de/favicon.ico
- title: HSMW Homepage
url: https://hs.mw
icon: https://www.hs-mittweida.de/favicon.ico
- title: Springer Link
url: http://link.springer.com/
icon: https://link.springer.com/oscar-static/img/favicons/darwin/favicon-16x16-ed57f42bd2.png
- title: "Direktlinks"
color: 200 70 50
links:
- title: CC24-Cloud/Daten_Studium1
url: https://cloud.cc24.dev/apps/files/folders/24201?dir=/Daten_StudiumI
icon: https://cloud.cc24.dev/apps/theming/favicon/files?v=94ebd189
- title: CC24-Cloud/Bibliothek
url: https://cloud.cc24.dev/f/26615
icon: https://cloud.cc24.dev/apps/theming/favicon/files?v=94ebd189
- title: SANS Reading Room
url: https://www.sans.org/reading-room/
icon: si:pluralsight
- title: Matrix-Chat
url: https://element.cc24.dev/#/room/#deepdive:cc24.dev
icon: si:matrix
# CC24-Cloud
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "CC24-Cloud"
sites:
- title: Files & Office
url: https://cloud.cc24.dev
icon: https://cloud.cc24.dev/apps/theming/favicon/dashboard?v=4e09eb50
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">CC24-Cloud</h4>
<p class="color-paragraph text-sm">Gemeinsam Arbeiten und Daten teilen, Bibliothek u.v.m. Ein Account, viele Möglichkeiten.</p>
</div>
# Gitea
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "Gitea"
sites:
- title: CC24-Git
url: https://git.cc24.dev
icon: https://git.cc24.dev/assets/img/favicon.svg
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">Gitea</h4>
<p class="color-paragraph text-sm">Code teilen, Projekte entwickeln, gemeinsam arbeiten. Unterstützt SSO über CC24-NC.</p>
</div>
# ByteStash
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "ByteStash"
sites:
- title: Code Snippets
url: https://code.cc24.dev
icon: https://code.cc24.dev/logo192.png
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">ByteStash</h4>
<p class="color-paragraph text-sm">Speichern und abrufen eurer Code-Snippets. Unterstützt SSO über CC24-NC.</p>
</div>
# Matrix
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "Matrix Chat"
sites:
- title: Secure Messaging
url: https://element.cc24.dev
icon: https://element.cc24.dev/vector-icons/apple-touch-icon-76.d115188.png
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">Matrix Chat</h4>
<p class="color-paragraph text-sm">Ende-zu-Ende verschlüsselter Chat. Die sichere Discord-Alternative. Unterstützt SSO über CC24-NC.</p>
</div>
# BitVault
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "BitVault"
sites:
- title: BitVault Pastebin
url: https://bin.mikoshi.de/
icon: https://bin.mikoshi.de/static/favicon.ico
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">BitVault</h4>
<p class="color-paragraph text-sm">Passtebin zum unkomplizierten Teilen von Daten und Text. Unterstützt Ende-zu-Ende-Verschlüsselung.</p>
</div>
# KaraKeep
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "KaraKeep"
sites:
- title: Bookmarks
url: https://keep.cc24.dev
icon: https://keep.cc24.dev/favicon.ico
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">KaraKeep</h4>
<p class="color-paragraph text-sm">Sammeln eurer Bookmarks mit Archivierungsfunktionen und KI. Bringt Struktur in eure Webrecherche. Unterstützt SSO über CC24-NC.</p>
</div>
# MISP
- type: split-column
widgets:
- type: monitor
cache: 1m
title: "CC24-MISP"
sites:
- title: Threat Intelligence
url: https://misp.cc24.dev
icon: https://misp.cc24.dev/img/favicon.png
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<br>
<h4 class="size-h4 color-primary mb-2">CC24-MISP</h4>
<p class="color-paragraph text-sm">Malware Information Sharing Platform - Threat Intelligence. Ein Expertensystem für Forensiker. Arbeitet derzeit nur mit einem automatischen SSH-Honeypot.</p>
</div>
- name: "News"
width: wide
columns:
- size: full
widgets:
- type: rss
title: "Heise Security News"
style: horizontal-cards
feeds:
- url: https://www.heise.de/security/feed.xml
title: Heise Security
limit: 8
collapse-after: 6
- type: split-column
widgets:
- type: rss
title: "Digital Forensics"
style: vertical-list
feeds:
- url: https://digiforensics.blogspot.com/feeds/posts/default?alt=rss
title: Digital Forensics Blog
- url: https://forensic4cast.com/feed/
title: Forensic 4cast
- url: https://dfir300.blogspot.com/feeds/posts/default?alt=rss
title: DFIR_300
- url: https://digitalforensicsmagazine.com/blogs/?feed=rss2
title: Digital Forensics Magazine
limit: 10
collapse-after: 8
- type: rss
title: "BSI & German Security"
style: vertical-list
feeds:
- url: https://www.bsi.bund.de/SiteGlobals/Functions/RSSFeed/RSSNewsfeed/RSSNewsfeed_Presse_Veranstaltungen.xml
title: BSI News
- url: https://wid.cert-bund.de/content/public/securityAdvisory/rss
title: BSI Security Advisories
limit: 8
collapse-after: 6
- type: rss
title: "German Politics & Digital Policy"
style: vertical-list
feeds:
- url: https://newsfeed.zeit.de/politik/index
title: ZEIT Politik
- url: https://www.spiegel.de/politik/index.rss
title: Spiegel Politik
- url: https://rss.focus.de/politik
title: FOCUS Politik
- url: https://netzpolitik.org/feed/
title: netzpolitik
limit: 8
collapse-after: 6
- type: rss
title: "Latest CVE Vulnerabilities"
style: horizontal-cards
feeds:
- url: https://cvefeed.io/rssfeed/latest.xml
title: Latest CVEs
limit: 10
collapse-after: 8
- size: small
widgets:
- type: rss
title: "Recent Threats & Incidents"
style: vertical-list
feeds:
- url: https://commons.bcit.ca/forensics/feed/
title: BCIT Forensics
limit: 8
collapse-after: 6
- type: bookmarks
groups:
- title: "Key Resources"
color: 160 80 60
links:
- title: BSI IT-Security
url: https://www.bsi.bund.de/EN/Home/home_node.html
icon: https://www.bsi.bund.de/SharedDocs/Images/DE/_config/bsi-logo.png
- title: CERT-Bund
url: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Services-und-Angebote/CERT-Bund/cert-bund_node.html
icon: https://www.bsi.bund.de/SharedDocs/Images/DE/_config/bsi-logo.png
- name: "Linux Cheatsheet"
width: wide
columns:
- size: small
widgets:
- type: bookmarks
groups:
- title: "Linux-Dateisystem"
color: 150 80 60
links:
- title: "/bin/ - Systembefehle"
url: "#"
- title: "/boot/ - Kernel & Bootloader"
url: "#"
- title: "/dev/ - Gerätedateien"
url: "#"
- title: "/etc/ - Konfigurationsdateien"
url: "#"
- title: "/home/ - Benutzerverzeichnisse"
url: "#"
- title: "/lib/ - Bibliotheken"
url: "#"
- title: "/media/ - Ext. Speichermedien"
url: "#"
- title: "/mnt/ - Temp. Einhängepunkte"
url: "#"
- title: "/opt/ - Optionale Pakete"
url: "#"
- title: "/proc/ - Prozessinformationen"
url: "#"
- title: "/root/ - Root-Verzeichnis"
url: "#"
- title: "/sbin/ - Admin-Programme"
url: "#"
- title: "/sys/ - Kernel-Informationen"
url: "#"
- title: "/tmp/ - Temporäre Dateien"
url: "#"
- title: "/usr/ - User-Programme"
url: "#"
- title: "/var/ - Variable Daten, Logs"
url: "#"
- type: bookmarks
groups:
- title: "Pfade & Shortcuts"
color: 220 80 60
links:
- title: "~ (Home-Verzeichnis)"
url: "#"
- title: ". (Aktuelles Verzeichnis)"
url: "#"
- title: ".. (Übergeordnetes Verzeichnis)"
url: "#"
- title: "- (Vorheriges Verzeichnis)"
url: "#"
- title: "/ (Root-Verzeichnis)"
url: "#"
- title: "$PATH (Systemvariable)"
url: "#"
- title: "Pfadtypen"
color: 220 80 60
links:
- title: "Absolute Pfade - /home/user/Documents"
url: "#"
- title: "Relative Pfade - ./Documents"
url: "#"
- size: full
widgets:
- type: html
source: |
<div class="p-6 bg-opacity-10 bg-primary rounded mb-6">
<h1 class="size-h1 color-primary mb-4">Linux Basics & Terminal Cheatsheet</h1>
<p>Eine Übersicht wichtiger Linux-Befehle, Dateisystemstrukturen und Terminal-Shortcuts für die IT-Forensik</p>
</div>
- type: split-column
max-columns: 3
widgets:
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Terminal-Bedienung</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+C</td>
<td class="pb-2">Aktuellen Prozess abbrechen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+L</td>
<td class="pb-2">Bildschirm leeren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Tab</td>
<td class="pb-2">Autovervollständigung</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+Shift+C</td>
<td class="pb-2">Text kopieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+Shift+V</td>
<td class="pb-2">Text einfügen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+R</td>
<td class="pb-2">Befehlsverlauf durchsuchen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+A</td>
<td class="pb-2">Zum Zeilenanfang springen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+E</td>
<td class="pb-2">Zum Zeilenende springen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+U</td>
<td class="pb-2">Zeile vor Cursor löschen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">Strg+K</td>
<td class="pb-2">Zeile nach Cursor löschen</td>
</tr>
</tbody>
</table>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Navigation</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">pwd</td>
<td class="pb-2">Aktuelles Verzeichnis anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">cd [Verzeichnis]</td>
<td class="pb-2">Verzeichnis wechseln</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">cd ..</td>
<td class="pb-2">Ein Verzeichnis nach oben</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">cd ~</td>
<td class="pb-2">Zum Home-Verzeichnis</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ls</td>
<td class="pb-2">Verzeichnisinhalt auflisten</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ls -l</td>
<td class="pb-2">Detaillierte Auflistung</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ls -a</td>
<td class="pb-2">Auch versteckte Dateien zeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ls -h</td>
<td class="pb-2">Größen menschenlesbar anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ls -R</td>
<td class="pb-2">Rekursive Auflistung</td>
</tr>
</tbody>
</table>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Dateioperationen</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">cp [Quelle] [Ziel]</td>
<td class="pb-2">Dateien/Verzeichnisse kopieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">cp -r</td>
<td class="pb-2">Rekursives Kopieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">rm [Datei]</td>
<td class="pb-2">Dateien löschen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">rm -r</td>
<td class="pb-2">Rekursives Löschen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">rm -f</td>
<td class="pb-2">Forciertes Löschen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">mv [Quelle] [Ziel]</td>
<td class="pb-2">Dateien verschieben/umbenennen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">mkdir [Verzeichnis]</td>
<td class="pb-2">Verzeichnis erstellen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">touch [Datei]</td>
<td class="pb-2">Leere Datei erstellen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">chmod</td>
<td class="pb-2">Zugriffsrechte ändern</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">chown</td>
<td class="pb-2">Besitzer ändern</td>
</tr>
</tbody>
</table>
</div>
- type: split-column
max-columns: 3
widgets:
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Suchen & Finden</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">find [Pfad] [Optionen]</td>
<td class="pb-2">Dateien suchen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">find . -name "*.txt"</td>
<td class="pb-2">Alle .txt Dateien finden</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">find . -type d</td>
<td class="pb-2">Nur Verzeichnisse finden</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">grep [Muster] [Datei]</td>
<td class="pb-2">Text in Dateien suchen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">grep -r</td>
<td class="pb-2">Rekursive Suche</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">grep -i</td>
<td class="pb-2">Groß-/Kleinschreibung ignorieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">locate [Datei]</td>
<td class="pb-2">Schnelle Dateisuche (Datenbank)</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">which [Befehl]</td>
<td class="pb-2">Pfad eines Befehls finden</td>
</tr>
</tbody>
</table>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Textverarbeitung</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">nano [Datei]</td>
<td class="pb-2">Einfacher Texteditor</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">vim [Datei]</td>
<td class="pb-2">Fortgeschrittener Texteditor</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">echo [Text]</td>
<td class="pb-2">Text ausgeben</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">cat [Datei]</td>
<td class="pb-2">Dateiinhalt anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">less [Datei]</td>
<td class="pb-2">Datei seitenweise anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">head [Datei]</td>
<td class="pb-2">Erste Zeilen anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">tail [Datei]</td>
<td class="pb-2">Letzte Zeilen anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">tail -f</td>
<td class="pb-2">Datei kontinuierlich überwachen</td>
</tr>
</tbody>
</table>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Operatoren</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">&</td>
<td class="pb-2">Prozess im Hintergrund ausführen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">&&</td>
<td class="pb-2">Befehl nur wenn vorheriger erfolgreich</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">||</td>
<td class="pb-2">Befehl nur wenn vorheriger fehlgeschlagen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">|</td>
<td class="pb-2">Output als Input für nächsten Befehl</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">></td>
<td class="pb-2">Output in Datei umleiten (überschreiben)</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">>></td>
<td class="pb-2">Output an Datei anhängen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary"><</td>
<td class="pb-2">Input aus Datei lesen</td>
</tr>
</tbody>
</table>
</div>
- type: split-column
max-columns: 3
widgets:
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Paketverwaltung (apt)</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt update</td>
<td class="pb-2">Paketlisten aktualisieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt upgrade</td>
<td class="pb-2">Installierte Pakete aktualisieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt search [Paket]</td>
<td class="pb-2">Nach Paketen suchen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt install [Paket]</td>
<td class="pb-2">Paket installieren</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt remove [Paket]</td>
<td class="pb-2">Paket entfernen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt autoremove</td>
<td class="pb-2">Nicht mehr benötigte Pakete entfernen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt list --installed</td>
<td class="pb-2">Installierte Pakete auflisten</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">apt show [Paket]</td>
<td class="pb-2">Paketinformationen anzeigen</td>
</tr>
</tbody>
</table>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Systeminformationen</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">uname -a</td>
<td class="pb-2">Kernel-Version anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">lsb_release -a</td>
<td class="pb-2">Distributionsinformationen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">df -h</td>
<td class="pb-2">Festplattennutzung</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">free -h</td>
<td class="pb-2">Arbeitsspeichernutzung</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">top</td>
<td class="pb-2">Prozessübersicht</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">htop</td>
<td class="pb-2">Erweiterte Prozessübersicht</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ps aux</td>
<td class="pb-2">Prozessliste</td>
</tr>
</tbody>
</table>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Netzwerk</h3>
<table class="w-full">
<tbody>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ip a</td>
<td class="pb-2">Netzwerkschnittstellen anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ping [Host]</td>
<td class="pb-2">Verbindung testen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">netstat -tuln</td>
<td class="pb-2">Offene Ports anzeigen</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">ss</td>
<td class="pb-2">Socket-Statistiken</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">curl [URL]</td>
<td class="pb-2">HTTP-Anfragen senden</td>
</tr>
<tr>
<td class="pb-2 pr-2 font-semibold color-primary">wget [URL]</td>
<td class="pb-2">Dateien herunterladen</td>
</tr>
</tbody>
</table>
</div>
- size: small
widgets:
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Linux-Dateisystem</h3>
<div class="font-mono text-sm pl-2">
/
<br/>├── bin/
<br/>├── boot/
<br/>├── dev/
<br/>├── etc/
<br/>├── home/
<br/>│ └── &lt;userX&gt;/
<br/>│ ├── Desktop/
<br/>│ ├── Documents/
<br/>│ ├── Downloads/
<br/>│ ├── Music/
<br/>│ ├── Pictures/
<br/>│ ├── .bash_history
<br/>│ ├── .cache/
<br/>│ ├── .config/
<br/>│ └── .local/
<br/>│ └── &lt;userY&gt;/
<br/>│ ├── Desktop/
<br/>│ └── .../
<br/>├── lib/
<br/>├── media/
<br/>├── mnt/
<br/>├── opt/
<br/>├── proc/
<br/>├── root/
<br/>├── sbin/
<br/>├── sys/
<br/>├── tmp/
<br/>├── usr/
<br/>└── var/
</div>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded mt-4">
<h3 class="size-h3 color-highlight mb-3">Forensische Bedeutung</h3>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/home/</span> - Hauptquelle für Benutzeraktivitäten, versteckte Dateien und persönliche Daten</p>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/var/</span> - Enthält kritische Logdateien für die forensische Analyse</p>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/etc/</span> - Zentral für die Analyse von Systemkonfigurationsänderungen</p>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/tmp/</span> - Oft eine Goldgrube für temporäre Daten von Interesse</p>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/root/</span> - Enthält kritische administrative Aktivitäten</p>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/boot/</span> - Änderungen hier können auf Root-Kits hindeuten</p>
<p class="text-sm mb-2"><span class="font-semibold color-primary">/bin/ & /sbin/</span> - Modifikationen können auf Systemmanipulationen hinweisen</p>
</div>
- type: bookmarks
groups:
- title: "Wichtige Befehle für die Forensik"
color: 0 80 60
links:
- title: "find - Dateien nach Kriterien suchen"
url: "#"
- title: "grep - Text in Dateien finden"
url: "#"
- title: "dd - Festplatten-Imaging"
url: "#"
- title: "ls -la - Alle Details von Dateien"
url: "#"
- title: "chmod/chown - Rechte analysieren"
url: "#"
- title: "cat/less - Dateiinhalte anzeigen"
url: "#"
- title: "tail -f - Logs überwachen"
url: "#"
- name: "Regex"
width: wide
columns:
- size: full
widgets:
- type: html
source: |
<div class="p-6 bg-opacity-10 bg-primary rounded mb-6">
<h1 class="size-h1 color-primary mb-4">Forensic Regex Patterns Reference</h1>
<p>A comprehensive collection of regex patterns for digital forensics and security analysis</p>
</div>
- type: split-column
max-columns: 3
widgets:
# Network Addresses
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Network Addresses</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">IPv4</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IPv4 Private Ranges</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:10\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}|172\.(?:1[6-9]|2[0-9]|3[01])\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)|192\.168\.(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.)\b(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IPv4 with Port</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?):[0-9]{1,5}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IPv6 (Simplified)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IPv6 (Full)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}|[0-9a-fA-F]{1,4}::(?:[0-9a-fA-F]{1,4}:){0,5}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}::(?:[0-9a-fA-F]{1,4}:)?[0-9a-fA-F]{1,4})</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IPv6 Private/Local</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:f[cd][0-9a-fA-F]{2}:|fe80:|::1)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">MAC Address</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:[0-9a-fA-F]{2}[:-]){5}[0-9a-fA-F]{2}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">CIDR Notation</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(?:3[0-2]|[12]?[0-9])\b</code></pre>
</div>
# Cryptocurrency Addresses
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Cryptocurrency Addresses</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Bitcoin (P2PKH/P2SH)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Bitcoin Bech32</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bbc1[a-z0-9]{39,59}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Ethereum</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b0x[a-fA-F0-9]{40}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Monero</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b4[0-9AB][0-9a-zA-Z]{93}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Litecoin</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Ripple</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\br[a-zA-Z0-9]{24,34}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Dogecoin</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bD[5-9A-HJ-NP-U][a-km-zA-HJ-NP-Z1-9]{25,34}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Dash</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bX[a-km-zA-HJ-NP-Z1-9]{33}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Tether (USDT) on Ethereum</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b0x[a-fA-F0-9]{40}\b</code></pre>
</div>
# Web & Email
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Web &amp; Email</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">URL (HTTP/HTTPS)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>https?://[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}(?:/[^&quot;\s]*)?</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Domain Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Email Address</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">FTP URL</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>ftp://[a-zA-Z0-9.-]+(?:/[^&quot;\s]*)?</code></pre>
</div>
- type: split-column
max-columns: 3
widgets:
# Hash Values
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Hash Values</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">MD5</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{32}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SHA1</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{40}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SHA256</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{64}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SHA512</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{128}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 String</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z0-9+/]{4}*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?</code></pre>
</div>
# File Paths & Names
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">File Paths &amp; Names</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Path</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z]:\\(?:[^\\/:*?&quot;&lt;&gt;|\r\n]+\\)*[^\\/:*?&quot;&lt;&gt;|\r\n]*</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Unix/Linux Path</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:/[^/\0]+)+/?</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">UNC Path</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\\\\[a-zA-Z0-9.-]+\\[^\\/:*?&quot;&lt;&gt;|\r\n]+(?:\\[^\\/:*?&quot;&lt;&gt;|\r\n]+)*</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">File Extension</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\.[a-zA-Z0-9]{1,5}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Registry Key</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>HKEY_[A-Z_]+(?:\\[^\\]+)*</code></pre>
</div>
# Timestamps & Dates
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Timestamps &amp; Dates</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">ISO 8601</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{4}-\d{2}-\d{2}[T ]\d{2}:\d{2}:\d{2}(?:\.\d{3})?(?:Z|[+-]\d{2}:?\d{2})?</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Unix Timestamp</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b1[0-9]{9}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Apache/CLF Log Date</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{2}/[A-Za-z]{3}/\d{4}:\d{2}:\d{2}:\d{2} [+-]\d{4}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Event Log Date</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Syslog Date</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}</code></pre>
</div>
- type: split-column
max-columns: 3
widgets:
# Log Patterns
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Log Patterns</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Apache Common Log</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>^(\S+) \S+ \S+ \[([^\]]+)\] &quot;([^&quot;]+)&quot; (\d{3}) (\d+|-)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Apache Combined Log</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>^(\S+) \S+ \S+ \[([^\]]+)\] &quot;([^&quot;]+)&quot; (\d{3}) (\d+|-) &quot;([^&quot;]*)&quot; &quot;([^&quot;]*)&quot;</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Nginx Access Log</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>^(\S+) - (\S+) \[([^\]]+)\] &quot;([^&quot;]+)&quot; (\d{3}) (\d+) &quot;([^&quot;]*)&quot; &quot;([^&quot;]*)&quot;</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SSH Failed Login</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>Failed password for (?:invalid user )?(\S+) from (\S+) port (\d+)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Security Event ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>EventID:\s*(\d+)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Event XML</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>&lt;Event[^&gt;]*&gt;.*?&lt;/Event&gt;</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IIS Log Entry</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2}\s+\S+\s+\S+\s+\S+\s+\d+\s+\S+\s+\S+\s+\S+\s+\d+\s+\d+\s+\d+\s+\d+\s+\S+\s+\S+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Exchange Message ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>&lt;[A-Za-z0-9$_.-]+@[A-Za-z0-9.-]+&gt;</code></pre>
</div>
# Identifiers & Keys
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Identifiers &amp; Keys</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">UUID/GUID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Credit Card (Basic)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:\d[ -]*?){13,19}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SSN (US)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b\d{3}-\d{2}-\d{4}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">JWT Token</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+</code></pre>
</div>
# System & Process
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">System &amp; Process</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">PID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\bPID\s*[:=]?\s*(\d+)\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Process Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:^|\s)([a-zA-Z0-9_-]+\.exe)\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Memory Address</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>0x[0-9a-fA-F]{8,16}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Port Number</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5]?[0-9]{1,4})\b</code></pre>
</div>
- type: split-column
max-columns: 3
widgets:
# Database & SQL
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Database &amp; SQL</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">SQL Injection Pattern</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:'|&quot;)?(?:;|--|OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP|EXEC)(?:\s|$)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Connection String</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:Server|Data Source|User ID|Password|Database|Initial Catalog)=[^;]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SQL Server Connection</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:Data Source|Server)=(?:(?:tcp:)?[a-zA-Z0-9.-]+(?:\\[a-zA-Z0-9_]+)?(?:,\d+)?);</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">MongoDB Connection</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>mongodb(?:\+srv)?://(?:[^:]+:[^@]+@)?[a-zA-Z0-9.-]+(?::\d+)?(?:/[^?]+)?</code></pre>
</div>
# Malware Indicators
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Malware Indicators</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Suspicious PowerShell</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:-e[ncodedcommand]*\s+|iex|invoke-expression|downloadstring|downloadfile)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 Encoded Executable</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TVqQAAMAAAAEAAAA</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Suspicious User Agent</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:bot|crawler|spider|scraper|curl|wget|python|java)</code></pre>
</div>
# Cloud & Infrastructure
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Cloud &amp; Infrastructure</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">AWS ARN</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>arn:aws:[a-z0-9-]+:[a-z0-9-]*:[0-9]{12}:[a-zA-Z0-9-_/:.]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">S3 Bucket URL</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:s3://|https?://s3[.-])([a-z0-9.-]+)(?:/[^&quot;\s]*)?</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Azure Resource ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>/subscriptions/[a-f0-9-]{36}/resourceGroups/[^/]+/providers/[^/]+/[^/]+/[^/\s]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Docker Container ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[0-9a-f]{64}\b|\b[0-9a-f]{12}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Kubernetes Pod Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:-[a-z0-9]{5,10})?</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">VMware UUID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}</code></pre>
</div>
- type: split-column
max-columns: 3
widgets:
# Authentication & Keys
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Authentication &amp; Keys</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">PEM Private Key</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>-----BEGIN (?:RSA |EC )?PRIVATE KEY-----</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">SSH Public Key</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>ssh-(?:rsa|ed25519|ecdsa) [A-Za-z0-9+/]+={0,2}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">OAuth2 Bearer Token</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>Bearer [A-Za-z0-9\-._~+/]+=*</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">GitHub Personal Access Token</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>ghp_[A-Za-z0-9]{36}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">AWS Access Key</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>AKIA[0-9A-Z]{16}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">AWS Secret Key (Context)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z0-9/+=]{40}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Azure Storage Key</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Za-z0-9+/]{86}==</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Google API Key</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>AIza[0-9A-Za-z\-_]{35}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Slack Webhook</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>https://hooks\.slack\.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[A-Za-z0-9]{24}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Telegram Bot Token</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[0-9]{8,10}:[A-Za-z0-9_-]{35}</code></pre>
</div>
# Geographic & Tracking
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Geographic &amp; Tracking</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">GPS Coordinates</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[-+]?(?:[0-8]?[0-9]|90)\.[0-9]+,\s*[-+]?(?:1[0-7][0-9]|[0-9]?[0-9])\.[0-9]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IMEI Number</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:35[0-9]{13}|01[0-9]{13}|86[0-9]{13}|99[0-9]{13})\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">VIN (Vehicle)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[A-HJ-NPR-Z0-9]{17}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">IBAN</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[A-Z]{2}[0-9]{2}[A-Z0-9]{1,30}</code></pre>
</div>
# Social Media & Messaging
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Social Media &amp; Messaging</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Twitter/X Handle</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>@[A-Za-z0-9_]{1,15}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Telegram Username</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>@[a-zA-Z][a-zA-Z0-9_]{4,31}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Discord ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>&lt;@!?[0-9]{17,19}&gt;</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Bitcoin Transaction ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-fA-F0-9]{64}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">TLS Certificate Fingerprint (SHA256)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>SHA256:[A-F0-9]{2}(?::[A-F0-9]{2}){31}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">X509 Certificate Subject</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:CN|O|OU|C|ST|L)=[^,]+(?:,\s*(?:CN|O|OU|C|ST|L)=[^,]+)*</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Kerberos Principal</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z0-9._-]+(?:/[a-zA-Z0-9._-]+)?@[A-Z0-9.-]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">LDAP DN</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:CN|OU|DC|O)=[^,]+(?:,(?:CN|OU|DC|O)=[^,]+)*</code></pre>
</div>
- type: split-column
max-columns: 3
widgets:
# Mobile Forensics
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Mobile Forensics</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Android Package Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z][a-z0-9_]*(?:\.[a-z0-9_]+)+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">iOS Bundle ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-zA-Z][a-zA-Z0-9-]*(?:\.[a-zA-Z0-9-]+)+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Android ADB Device</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[0-9A-F]{8,16}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Mobile Country/Network Code</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>MCC:\s*\d{3}\s*MNC:\s*\d{2,3}</code></pre>
</div>
# Forensic Artifacts
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Forensic Artifacts</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows SID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>S-1-[0-59]-\d{1,10}(?:-\d{1,10})*</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">NTFS MFT Reference</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b\d{1,10}-\d{1,5}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">USB Device ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:VID|PID)_[0-9A-F]{4}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows GUID (Registry Format)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Process Command Line (Suspicious)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:cmd|powershell|wscript|cscript|mshta|rundll32)\.exe.*(?:http|ftp|\\\\|base64|encode)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Named Pipe</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\\\\\\.\\pipe\\[a-zA-Z0-9_-]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Memory Region</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>0x[0-9a-fA-F]+\s*-\s*0x[0-9a-fA-F]+</code></pre>
</div>
# Additional Patterns
- type: html
source: |
<div class="p-4 bg-opacity-10 bg-primary rounded">
<h3 class="size-h3 color-highlight mb-3">Additional Patterns</h3>
<h4 class="size-h5 color-primary mt-3 mb-2">XML/HTML Tag</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>&lt;([a-zA-Z][a-zA-Z0-9]*)\b[^&gt;]*&gt;.*?&lt;/\1&gt;</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">JSON Object</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\{(?:[^{}]|(?:\{[^{}]*\}))*\}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">CVE ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>CVE-\d{4}-\d{4,}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">MITRE ATT&amp;CK ID</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>T\d{4}(?:\.\d{3})?</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Tor Address</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z2-7]{16}\.onion\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Magnet Link</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>magnet:\?xt=urn:[a-zA-Z0-9]+:[a-fA-F0-9]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Git Commit Hash</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b[a-f0-9]{40}\b|\b[a-f0-9]{7,8}\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Stack Trace Line</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\s+at\s+[a-zA-Z0-9.$_]+\([^)]*\)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">HTTP Method</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE)\b</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">HTTP Response Status</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>HTTP/[0-9.]+\s+[1-5][0-9]{2}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">DNS Query</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\b(?:A|AAAA|CNAME|MX|NS|PTR|SOA|SRV|TXT)\s+(?:IN\s+)?[a-zA-Z0-9.-]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">PE File Magic</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>MZ.{58}PE\x00\x00</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">ELF File Magic</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>\x7fELF</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Mutex Pattern (Malware)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:Global\\|Local\\)?[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{12}</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">PowerShell Encoded Command</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>-[Ee](?:ncodedcommand|c)\s+[A-Za-z0-9+/=]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">YARA Rule Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>rule\s+[a-zA-Z_][a-zA-Z0-9_]*\s*(?::\s*[a-zA-Z_][a-zA-Z0-9_]*\s*)*\{</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Windows Service Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:SERVICE_NAME|DISPLAY_NAME):\s*([^\r\n]+)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Scheduled Task Name</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TaskName:\s*\\([^\r\n]+)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">MIME Type</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>[a-z]+/[a-z0-9.+-]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Browser User-Agent (Suspicious Tools)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>(?:sqlmap|nmap|nikto|havij|acunetix|nessus|metasploit|burp|owasp)</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Python Script Shebang</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>#!/usr/bin/(?:env )?python[0-9.]*</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Bash Script Shebang</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>#!/bin/(?:ba)?sh</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 Encoded PE Header</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TVqQAAMAAAAEAAAA</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Base64 Encoded MZ Header</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>TVo[A-Za-z0-9+/]</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">ZIP Archive Header</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>PK\x03\x04</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">RAR Archive Header</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>Rar!\x1a\x07</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">PDF Header</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>%PDF-[0-9.]+</code></pre>
<h4 class="size-h5 color-primary mt-3 mb-2">Office Document (OOXML)</h4>
<pre class="bg-black p-2 rounded overflow-x-auto text-xs"><code>PK\x03\x04.{26}(?:word|xl|ppt)/</code></pre>
</div>
- type: html
source: |
<div class="p-4 bg-opacity-20 bg-primary rounded mt-4">
<h3 class="size-h3 color-highlight mb-3">Usage Notes</h3>
<ul class="text-sm space-y-2">
<li>• All patterns are POSIX-compatible for C regex.h</li>
<li>• Use raw strings in Python: r'pattern'</li>
<li>• For C, escape backslashes: \\b becomes \\\\b</li>
<li>• Test patterns with your specific data format</li>
<li>• Some patterns simplified for compatibility</li>
<li>• Consider case-insensitive flags where appropriate</li>
</ul>
<br>
<br>
<h3 class="size-h3 color-highlight mb-3 mt-4">Important Considerations</h3>
<ul class="text-sm space-y-2">
<li><span class="font-semibold color-primary">Pattern Overlap:</span> Some patterns may overlap (e.g., SHA256 hash vs Bitcoin transaction ID). Use context and length constraints.</li>
<li><span class="font-semibold color-primary">Context Required:</span> Many patterns need context (Git hashes vs other 40-char hex strings, SHA256 hashes vs Bitcoin transaction IDs)</li>
<li><span class="font-semibold color-primary">Performance:</span> Complex patterns on large datasets may be slow. Consider pre-filtering or indexing.</li>
<li><span class="font-semibold color-primary">Validation:</span> These patterns match format, not validity. Additional validation needed for checksums, network addresses, certificates.</li>
<li><span class="font-semibold color-primary">Privacy:</span> Many patterns match sensitive data. Handle with appropriate security measures.</li>
</ul>
</div>
Reference in New Issue View Git Blame Copy Permalink