bro cheat sheets

8/10/2019 Bro Cheat Sheets

1/6

og

dns.log

=GCritica

St ack

ww w

.

Crit icaiStack.co

sage o

popular w

b app

DNS query/response

detai ls

ts

ts_delta

app

uniq_hosts

hits

bytes

time

interval

string

count

count

count

Description

Measurement timestamp

Time difference from previous measurement

Name of application (YouTube, Netflix, etc.)

Number

of

unique hosts that used app

Number

of

visits

to

app

Total bytes transferred to/from app

capture_loss.log

Estimate

of packet loss

Dmllllllm ll

Description

ts

time Measurement

timestamp

ts_delta interval

Time difference

from

previous measurement

peer

string

Name

of

the Bro instance reporting loss

---

Description

ts

time Timestamp of the DNS request

uid string Unique id of

the

connection

id recor ID record

with

orig/resp host/port. See

d

proto

proto

Protocol

of

DNS

transaction-

TCP

or

UDP

trans_id count 16 bit identifier assigned by DNS client; responses match

query string Domain name subject of the query

qclass coun t Value specifying

the

query class

qclass_name string Descriptive name of the query class (e.g. (_INTERNET)

qtype count Value specifying the query type

qtype_name

string Name of

the

query type (e.g. A, AAAA,

PTR)

coun t Response code value in the

DNS

response

gaps

count

acks count

ACKs

seen without seeing data being

ACKed

Total number of

TCP

ACKs

rcode

rcode_name

QR

TC

RD

R

z

string Descriptive name ofthe response code (e.g.

NOERROR,

NXDOMAIN

bool Was this a query or a response? T =response, F

=query

percent_

oss string

gaps/acks, as a percentage. Estimate of loss.

cp.og

D C lease ac

ivi y

---

Description

ts

uid

id

time

Timestamp

of

request

answers

string Connection unique id

TTLs

rejected

ecord ID record

with

orig/resp host/port. See

mac string Client's hardwa re address

assigned_ip addr Client's actual assigned

IP

address

lease_time interval IP address lease time

trans_id

count Identifier assigned by the client; responses match

ts

time

uid

string

id.orig_h addr

id.orig_p

port

id.resp_h addr

id.resp_p

port

proto transport

_proto

service string

duration interval

orig_bytes count

resp_bytes

count

conn_state string

local_orig boo

missed_bytes count

history

string

orig_pkts

count

orig_ip_bytes

count

resp_pkts

count

resp_ip_bytes

count

tunnel_parents set

orig_cc

string

resp_cc string

Description - - ' :

Timestamp

Unique ID

of

Connection

Originating endpoint's IP address (AKA ORIG)

Originating endpoint's TCP/UDP

port

(or

ICMP

code)

Responding endpoint's IP address AKA RESP)

Responding endpoint 's TCP/UDP

port

(or ICMP code)

Transport layer protocol of connection

Dynamically detected application protocol,

if

any

Time

of

last packet seen

-t ime of

first packet seen

Originator payload bytes; from sequence numbers

if TCP

Responder payload bytes; from sequence numbers if TCP

Connection state (see conn.log:conn_state table)

If conn originated locally T;

if

remotely F.

If Site::local_nets empty, always unset.

Number

of

missing bytes in content gaps

Connection state history (see conn.log:h1story table)

Number of ORIG packets

Number of ORIG IP bytes (via IP total_length header field)

Number of RESP packets

Number

of

RESP

IP

bytes (via

IP

total_length header field)

If tunneled, connection UID of encapsulating pa rent s)

ORIG GeoiP Country Code

RESP GeoiP Country Code

bool Authoritat ive Answer. T = server is authoritative for query

bool Truncat ion. T = message was trunc ated

bool Recursion Desired. T = request recursive lookup

of

query

bool Recursion Available. T

=server

supports recursive queries

coun t Reserved field, should be zero

in

all queries responses

vector List of resource descriptions in answer to the query

vector Caching intervals of the answers

bool Whether the DNS query was rejected by the server

conn. og: conn_state

Connection attempt seen, no reply

Sl

Connection established, not terminated (0 byte counts)

SF

REJ

5

Normal establish & termination (>0 byte counts)

Connection

attempt

rejected

Established,

ORIG

attempts close, no reply

from

RESP .

53 Established, RESP attempts close, no reply from

ORIG.

RSTO Established, ORIG aborted

RST)

RSTR

Established, RESP aborted RST)

RSTOS

ORIG sent SYN then

RST;

no

RESP

SYN-ACK

0

RSTRH

RESP sent SYN-ACK then

RST;

no

ORIG SYN

SH

ORIG sent SYN then

FIN;

no RESP SYN-ACK ("half-open")

SHR

OTH

RESP sent SYN-ACK then FIN; no

ORIG

SYN

No SYN, not closed . Midstream traffic. Partial

connection.

conn.

og:

history

Orig

UPPERCASE, esp lowercase,

uniq-e

lhi Meaning

S a SYN without the

ACK

bit set

H a SYN-ACK ("handshake")

A a pure ACK

D packet

with

payload ( data )

F packet

with FIN

bit set

R

c

packet with RST bit set

packet with a bad checksum

Inconsistent packet (Both SYN

& RST)

1

2014 Critical Stack

LLC.

All rights reserved . Version : 2


2/6

dnp3.1og

Distributed Network

Protocol industrial

control)

Description

ts

time

Timestamp

uid

interval Connection unique id

id string

ID

record with orig/resp host/port. See

fc_request

string

fc_reply string

The name of the request function message

The name

of

the reply function message

iin

count Response's internal indication number

fi es.

og

ts

time

fuid

string

tx_hosts

set

rx_hosts

set

conn_uids

set

source string

depth

count

analyzers

set

mime_type

string

filename string

duration

interval

local_orig boo

is_orig

boo

seen_bytes count

total_bytes count

missing_bytes

count

overflow_byte count

timedout boo

parent_fuid

string

mdS/shal/sha

string

56

extracted

string

f p.log

FTP

request/r

--11'. 11

ts

time

uid

string

id

record

user

string

password string

command string

arg

string

mime_type

string

file_size

count

reply_code

count

reply_msg

string

data_channel

record

fuid

string

Description

Timestamp when file was first seen

identifier for a single file

if

transferred via network, host(s) that sourced the data

if transferred via network, host(s) that received the data

Connection UID(s) over which the file was transferred

An identification of the source of the file data

Depth

of

file related

to

source; eg: SMTP MIME

attachment depth; HTIP depth of the request

Set

of

analysis types done during file analysis

Libmagic sniffed file t ype

If available, filename from source; frequently the

Content-Disposition headers

in

network protocols

The duration the file was analyzed for

If transferred via network, did data originate locally?

If transferred via network, was file sent by the originator?

Number

of

bytes provided to file analysis engine

Total number of bytes that should comprise the file

Number of bytes in the file stream missed; eg: dropped

packets

Number of not ali-in-sequence bytes in the file stream

delivered to file analyzers due to reassembly buffer

overflow

If the file analysis time out at least once per file

ID

associated w ith a container file from which this one

was extracted as a part

of

the analysis

MDS/SHA1/SHA256hash

of

file, if enabled

Local

filename

of

extracted files,

if

enabled

il

Description

Command timestamp

Connection unique id

ID record with orig/resp host/port. See

Username for current FTP

session

Password for current

FTP

session

Command issued by the client

Command argument if present

Libmagic sniffed file type if there's a file transfer

Size

of

transferred file

Reply code from server in response to the command

Reply

message from server

in

response to the command

Information about the data channel (orig, resp, is passive)

File

unique

ID

Field

ts

uid

id

trans_depth

method

host

uri

referrer

user_agent

request_

body_len

response_

body_len

status_code

status_msg

info_code

info_msg

filename

tags

username

password

proxied

orig_fuids

c r i t i c a l

S tack

www.CriticaiStack.com

Description

time Timestamp

of

request

string Connection unique

id

record ID record with orig/resp host/port.

See

count Pipelined depth into the connection

string HTIP Request verb:

GET

POST

HEAD

etc.

string Value

of

the

HOST

header

string URI used in the request

string

string

count

count

count

string

count

string

string

set

string

string

set

vector

Value of the referer header

Value of the User-Agent header

Actual uncompressed content

size

of the data

transferred from the client

Actual uncompressed c ontent

size of

the data

transferred from the server

Status code returned by the server

Status message returned by the server

Last seen

lxx info reply code by server

Last seen

lxx info reply message by server

Via

the Content-Disposition server header

Indicators of various attributes discovered

If basic-auth is performed for the request

If basic-auth is performed for the request

Headers that might indicate a proxied request

An

ordered vector

of

file unique

IDs

from orig

orig_mime_types vector

An

ordered vector

of

mime types from orig

resp_fuids vector An ordered vector

of

file unique IDs from resp

resp_mime_types vector An ordered vector of mime types from resp

ts

uid

id

fuid

file_mime_type

file_desc

seen indicator

time

string

record

string

string

string

string

Timestamp of hit


ID

record with orig/resp host/port.

See

The

UID

for a file associated with this hit, if any

A mime type if the hit is related to a file

Additional context for file, if available

The intelligence indica tor

seen indicator_type string The type of data the indicator represents

seen where

sources

string Where the data was discovered

set

Sources which supplied data for this match

ire.

og

C

communcation

tails

escription

ts time Timestamp

uid string Unique id

id record


nick

string Nickname given for this connection

user

string Username given for this connection

command string Command given by the client

value string

Value for the command given by the client

add

string

Any additional data for the command

dcc_file_name string DCC filename requested

dcc_file_size

count Size

of

the DCC transfer as indicated by the sender

dcc_mime_type string

Sniffed mime type of the file

fuid

string

File unique ID

2

2014 Critical Stack LLC. All rights reserved.

Version: 2.


3/6

known_certs log

Observed local Certs;

logged

xDay

escription

ts

time Measurement timestamp

host

addr Address that offered the certificate

port_num

port

If

server,

port that

server listening on

subject

string Certificate subject

issuer_subject string Certificate issuer subject

serial

string Serial number

for

the certificate

kno

n services lo

Observed local ervice

;

logged xDay

ts

host

port_num

port_proto

service

ts

uid

id

func

exception

ts

uid

id

fuid

Description

time

Timestamp

addr

Host address on which the service

is

running

port

Port number on which

the

service

is

running

transport

Transport-layer protocol service uses

_proto

set

Set of

protocol(s) that match the service s

connection payloads

time

Timestamp of request

string

Connection unique

id

record


n

string

Function message that was sent

string

Exception if there was a failure

Description

time

string

Timestamp


record

ID


See

string

file_mime_type string

File

unique identifier

Libmagic sniffed file type

file_desc

proto

note

msg

sub

src

dst

p

n

peer_descr

actions

suppress_for

dropped

string

transport

_proto

string

string

string

addr

addr

port

count

string

set

interval

boo

Additional context for file,

if

available

Transport protocol

The

type

of

the notice

Human readable message for the notice

Sub-message

for

the notice

Source address

Destination address

Associated port,

if

any

Associated count or status code

Description for peer that raised this notice

Actions

applied to this notice

Length

of

time dupes should

be

suppressed

If the src IP

was

blocked

cr i t i ca l

St ack

known ho

s og

www CriticaiStack com

Observed local

act1ve IPs; logged xDay

Description

ts

host

time Timestamp first

seen

IP

Address

of

hostddr

radius

log

Radius

authentication details

Fie ld

ts

uid

id

username

mac

remote_ip

connect_info

result

logged

Description

time Timestamp of the detection

string Unique

ID

for the connection

conn_id

ID

record with orig/resp host port. See

string

The

username,

if

present

string

MAC

address, if present

addr Remtoe IP address,

if

present

string Connect info, if present

string Successful or failed authentication

bool Whether this has already been logged ignored

reporter log

Bro internal errors

and

warnings

Description

ts time Message timestamp

level string Message severity (Info, warning, error, etc.)

message string Message tex t

location string

The

script location where tev ent occurred,

if

available

smtp log

S P

transactions

Field

ts

uid

id

trans_depth

helo

mailfrom

rcptto

date

from

to

reply_to

msg_id

in_reply_to

subject

x_originating_ip

first_received

second_received

last_reply

path

user_agent

tis

fuids

is_webmail

Description

time Timestamp when the message was first

seen


record ID record with orig/resp host/port. See

count Depth

of

message transaction if multiple messages transferred

string Contents of the

HELO

header

string Contents

of

the MAIL

FROM

header

set

Contents of the RCPT TO header

string Contents

of

the

DATE

header

string Contents of the

FROM

header

set Contents

of

the

TO

header

string Contents of the ReplyTo header

string Contents

of

the Msgl D header

string Contents of the In-Reply-To header

string Contents

of

the Subject header

addr Contents of the X-Originating-IP header

string Contents

of

the first Received header

string Contents

of

the second Received header

string Last message that the server sent to the client

vector Message transmission path, extracted from the headers

string Value of the User-Agent header from the clien t

bool Connection

has

switched to using

TLS

vector File unique IDs seen attached to this message

bool Indicates

if

the message

was

sent through a webmail interface

3

2014 Critical Stack LLC All rights reserved. Version :

2


4/6

sig

atches

e

Description

ts time

Timestamp of match

src_addr

addr

Host triggering the signature match event

src_port port

Host port on which the match occurred

dst_addr

addr Host which was sent the matching

payload

dst_port port

Port which was sent the matching payload

note

string Notice associated with the signature event

sig_id string Name of the signature that matched

event_msg string

More descriptive message

of

the event

sub_msg

string

Extracted payload data or extra message

sig_count count

Number

of sigs

host_count

count

Number of hosts

ts

uid

id

duration

version

community

get_requests

get_bulk_requests

get_responses

set_requests

display_string

up_since

ss.

og

time

string

conn_id

interval

string

string

count

count

count

count

string

time

Timestamp tunnel was detected


ID record with orig/resp host/port.

See

Amount of time between first/latest packet in session

The version

of

SNMP being used

Community string

of

the first SNMP packet associated

w session; v & v2c only

Number

of

variable bindings in GetRequest/Next

Number of variable bindings in GetBulkRequest PDU

Number of variable bindings

in

GetResponse/Response PDUs

Number of variable bindings in SetRequest PDUs

System description of the SNMP responder endpoint

Time the

SNMP

responder claims it

has

been up since

SSL handshakes

v2.2

only;

v2.3

x509.1og)

Field

ts

uid

id

version

cipher

server_name

session_id

subject

issuer_subject

not_

valid_before

not_valid_after

last_alert

client_subject

clnt_issuer_subject

cert_hash

va I dation_status

-

Description

time Timestamp when the SSL connection was detected


record ID record with orig/resp host port. See

string

SSL

version that the server offered

string SSL cipher suite tha t the server chose

string Value

of

the Server Name Indicator

SSL

extension

string Session ID offered by the client for session

string

string

time

time

string

string

string

string

vector

resumption

Subject

of

the X.509 cert offered by the server

Signer Subject

of

the cert offered by the server

NotValidBefore field value from the server cert

NotValidAfter field value from the server cert

Last alert that was seen during the connection

Subject of the X.509 cert offered by the client

Subject

of

the signer

of

the cert offered by the client

MDS

hash

of

the raw server certificate

Certificate validation for this connection

=GCritica

~ t ack

software.

og

www.CriticaiStack.co

Software

identified by the software framework

Field

ts

host

host_p

software_ ype

name

version.major

version.minor

version.minor2

version.minor3

version.addl

unparsed_version

ssh.log

Description

time Timestamp of the detection

addr IP address running the software

port Port on which the software is running (for servers

string Type

of

software (e.g. HTIP::SERVER

string Name of the software

count

Major

version number of the software

count Minor version number of the software

count Minor subversion number of the software

count

Minor

update number of the software

string Additional version string (e.g. beta42)

string The full, unparsed version

of

the software

SSH

handsha es

Description

ts

time

Timestamp when the

SSH

connection was detected

uid

string Connection unique ID

id record

ID

record

with

orig/resp host/port.

See

status string

If the login was heuristically guessed to

be

a success

o

a failure .

direction

string Outbound or inbound connection

client string Software string from the client

server string

Software string from the server

resp_size

count Amount

of

data returned by the server

socks.log

SOCKS proxy requests

escription

ts time

uid

string

id record

version

count

user string

status string

request. host addr

request. name string

request_p

port

bound.host addr

bound.name

string

bound_p

port

syslog.log

Timestamp

of

request

Connection unique

id

ID


See

Protocol version of SOCKS

Username for proxy, if available

Server status for the

attempt

using proxy

Client requested address

Client requested name

Client requested port

Server bound address

Server bound name

Server bound port

Syslog essag s

I M M ~

Description

ts time Timestamp when the message was seen

uid

id

proto

facility

severity

string

record

transport_prot

string

string


ID

record with orig/resp host/port. See

Protocol over which message was seen. Only

UDP

is

currently supported.

Syslog

facility for the message

Error

output

logging- LogAscii: :output_

to

_stdout

=

F&redef message string

Syslog

severi

ty for

the message

The plain text syslog message

4 2014 Critical Stack

LLC.

All rights reserved. Version: 2.


5/6

r

o

time

src

addr

dst addr

proto

string

ts

uid

id

tunnel_type

action

time

string

trace

route

Description

Timestamp traceroute was detected

Address initiating the traceroute

Destination address

of the

trace route

Protocol used

for the

trace route

Timestamp tunnel was detected


record

ID

record

with

orig/resp host/port.

See

string

The type of tunnel (e.g. Teredo,

IP

string The activity

that

occurred (discovered, closed)

x509 1og

x509

Certificate Analyzer Output

Field

-

Description

ts time Timestamp

of

the

detection

id Stri

ng

File

id of

this certificate

certif icate . record Certificate details

.version count Version numbe r

.serial string Serial number

.issuer string Certificate issuer

.not_valid_before time Timestamp before when certificate

is not

valid

.not_

valid_after

time Timestamp after when certificate

is

not

valid

.key_alg string Name of the key algorithm

.sig_alg

string

Name

of

the signature algorithm

.key_type string

Key

type,

if

key parseable openssl (rsa,

dsa or ec

.key_length

count Key

length

in

bits

.expo nent string Exponent,

if

RSA-certificate

.curve

string

Curve,

if

EC-certificate

san. record Subject Alternative Name

.dns string_vec

List

of DNS

entries

in

the

SAN

.ur i string_vec List of

URI

entries in the SAN

.email string_vec

List of email entries in the SAN

.ip

addr_vec List of

IP

entries

in

the

SAN

.other

_fields boo True

if

certificate contained other, unrecognized fields

basicconstraints.

record Basic

constraints extension of the certificate

.ca

boo

CA

fla set?

.path_len

count

Maximum path length

logcert boo T (present if policy/protocols/ssl/log-hostcerts-only.bro)

bro one liners

Field

=a critic l

t ack

Welrd log

www CriticaiStack co

Anomalies and protocol violations

s

time

uid

string

id record

name string

add string

notice boo

peer string

dex

Description

Timestamp

of

message


ID


See

The name

of

the weird

that

occurred

Additional information accompanying the weird, if any

Indicate

if

this weird was also turned into a notice

The peer

that

generated this weird

Description

capture_loss 1

cluster

communication

dhcp 1

dnp3

dpd

known_certs

known_devices

known_hosts

known_services

loaded_scripts

packet_ ilter

radius

reporter

signatures

socks

software

ssh

ss

l

stats

stderr stdout

x509

weird

2

3

3

3

3

3

4

4

4

4

5

5

Estimate of packet loss

Diagnostics for cluster operation

Diagnostics

for

inter-process communications

DHCP

lease activity

Distributed

Network

Protocol {industrial control)

Diagnostics

for

dynamic protocol detection

Observed local SSL certs.

Each is

logged once/day

Observed local devices.

Each

is logged

once/day

Observed local active

IPs. Each

is logged

once/day

Observed local serv1ces.

Each IS

logged once/day

A list of scripts that

were

loaded at

startup

Any filters to limit the

traffic

being analyzed

radius authentic ation details

Internal errors and warnings

Matches

from the

signatures

framework

SOCKS proxy requests

Software identified

by the

software

framework

SSH

handshakes

SSL

handshakes (v2.2 only;

v2

.3 x509 .

1og

Diagnostics such

as mem

usage, packets seen, etc.

Output

1ogging

x509 Certificate Analyzer

Output

Anomalies and protoco l violations

bro

-C

-r

file.pcap local extract-all-files.bro Site::local_nets += {10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16}

Hey bro, ignore checksums and then read in file .pcap using the current local.bro and also load extract-all-files .bro

ADDING

the following subnets to your list of local_nets

less conn .log

I

bro-cut -d

I awk

'{split($0,

a,

\t );

if

{a[S]

==

10.2.2.2 ) print $0}'

First prin t

out

the conn.log and

send

the

output to

bro-cut; bro-cut replace the unix epoch time column

with

a human readable date (-d) and send the

output to

awk; awk

chop up

that

string at each tab and put each column int o

an

array

a;

if the fifth element,

a[S

is 10.2.2.2 please print the whole log line.

bro -C

-r http-partial-content-transfer .pcap policy/misc/dump-events.bro Packetfilter::default_capture_filter =\ host 54.230.103.187\

dump-events-host.log

Hey bro, read in this pcap and also load dump-events.bro, running with a BPF

so

you only look at traffic with this host and then append the

output

into this file.

cat conn.log

I

bro-cut id.orig_h id.resp_h or ig_bytes resp_bytes missed_bytes

I awk

'$5

>

10000'

Let

' s look for connections with high packet

loss

.

5

20

14

Cr

it i

cal

Stack

LLC.

All rights reserved . Version : 2.


6/6

Navigating

in less

Command

q

up/down

arrow

left/right arrow

page up/down

g

G

F

/SSL

/ SSL

?malware

n

N

Description

Quit

Move up/down one line

Move left/right Y page; requires

less

-5

Move up/down one page

Go

to

the first line

Go to the last line

Go

to the last line; display any new lines. Ctri C

to exit

Search- go to the next line containing

'SSL'

Search- go

to

the next line NOT containing 'SSL'

Search- go

to

the previous line containing 'SSL'

Repeat a previous search

Repeat a previous search

in

the opposite direction

git

comman s

Command

git clone

[uri]

git status

git diff

git

add [file]

git diff -staged

git

reset [file]

gitcommit

git

branch

git branch [name]

git checkout [branch]

git merge [branch]

Descri

ption

Downloads a project and the entire version history

Lists all new or modified files

to

be committed

Shows file differences

not

yet staged

Snapshots the file in preparation for versioning

Shows file differences between staging & last version.

Unstages the file and preserves contents

Records snapshot; add

m

msg for comment

Show all branches in current repo; -a

for

all branches

Create a new branch

Switches to the specified branch updates the working

directory.

Comines the specified branch's history into the current branch.

g

t

all toge er

Command Description

Command

cdlogs

cd /logs

cd ..

cd-

cd -

acritic

t a ck

www CriticaiStack co

Move to the logs directory, which

is

located in

the

current directory.

Move to the logs directory, which is located in the

top-level directory.

Move up one directory.

Move

to

your home directory ( tilde is

to the

left of

the 1 key).

Move to the directory you were previously in .

ewi an

rc

Command

cat conn.log

cat *.log

head conn.log

head -n 20 conn log

tail conn.log

tail

-n

30 conn.log

tail -F conn.log

grep SSL notice.log

grep -v SSL notice.log

grep 'mal

ware'

data.

xt

grep -F 1.2.3.4

grep

c

dosexec files log

less conn.log

less -s conn.log

Description

Display data.txt

Display all files that end in .log

Display the first 10 lines of conn.log

Display the first 20 lines of conn.log

Display the last 10 lines of conn.log

Display

the

last 30 lines

of

conn.log

Display last 10 lines cont inue new lines

Note:

Ctrl

C

o

exit

Display lines in notice.log that contain SSL

Display lines in notice.log with out SSL

Search item w/ spaces using single quotes .

Search for phrases

with

periods

How many lines in files.log contain dosexec

Display conn.log in less (see right)

Display

with

side-to-side scrolling

I aka pipe

grep SSL notice.log I tail

-n

30

grep SSL notice.log I grep

i

google

cat data. xt I sort

Pass the output of one command to another command.

Display the last 30 lines in notice.log

that

contain SSL .

Display lines in notice.log containing SSL and google in any case (upper/lower mix).

Display data. xt, sorted alphabetically.

cat data.txt I sort I

uniq

cat data.txt I sort I uniq

c

Display data. xt, sorted alphabetically, with duplicates removed .

Display data. xt, sorted alphabetically, with duplicates removed and a count of each occurrence.

Display, sort, count of distinct, ordered from least

to

most

at data.txt

I

sort

I uniq c I sort -n

cat notice.log

I

bro-cut note

I sort I uniq c I sort

-n

cat http log I bro-cut

d

ts method host uri

What are the most popular notices?

Only display timestamp, method, host and URI and convert timestamp to human readable.

Command

Phone:

Email:

Web:

Git:

Twitter:

pgp

6

Contact Critical

Stack

Descri tion

202-559-5200

[email protected]

http://www.CriticaiStack.com

https ://githu

b.com/

Critica ISta ck/

@CriticaiStack

Oxc255d63501b80df9

Consulting

Training

Support

for the ra Platform

Developing high performance

solutions around the ra Platform

2014 Critical Stack

LLC.

All rights reserved. Version : 2

bro cheat sheets

Documents