Karol Mróz
Karol Mróz
DoH and DoT. TODO: DNSCrypt
Makes use of https://metrics.torproject.org/onionoo.html to obtain active Tor relays. Underlying simulation is carried out by TCPConnectSimulator.
Sister commit to https://github.com/alphasoc/open-wisdom/pull/31
Something along these lines: ``` $ ./flightsim run imposter [...] 05:54:16 [imposter] Done (5/5) All done! Check your SIEM for alerts using the timestamps and details above. $ echo $?...
Add some concept of pre-checks. If interfaces are invalid, etc, die before running any simulations. Allow an override for this though (ie. --nochecks) or something along those lines.
-format cols 5 -format json
This would help ensure we don't kick off a release from something like `flightsim@[email protected]`. Can dump context as below: ``` foo.yml: ... jobs: ... steps: - name: Dump GitHub context...
Initial discussions moving toward key/value pairs. `./flightsim run ssh-transfer:sz=1MB:tgt=foo.bar.com:9999`
`polling alerts failed: write tcp 127.0.0.1:55128->127.0.0.1:12202: write: broken pipe` indicating an attempted send over a closed connection.