Skip to content

Instantly share code, notes, and snippets.

View FlyingBlueMonkey's full-sized avatar
:octocat:
A fool thinks himself to be wise, but a wise man knows himself to be a fool

Matt Egen FlyingBlueMonkey

:octocat:
A fool thinks himself to be wise, but a wise man knows himself to be a fool
13 followers · 25 following
View GitHub Profile
@mttaggart
mttaggart / nimjector.nim
Created December 21, 2021 04:07
NimShellCodeInjector
# With special thanks to byt3bl33d3r for Offensive Nim!
import winim/lean
import osproc
import base64
import sequtils
import strutils
import strformat
import httpclient
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active June 24, 2024 22:11
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@IanColdwater
IanColdwater / twittermute.txt
Last active May 23, 2024 18:37
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@bohops
bohops / manage-bde.wsf.txt
Last active September 26, 2022 23:28
Abusing manage-bde.wsf
I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32.
Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways.
Here are a few examples that you may or may not find useful -
1) Replace ComSpec Variable
set comspec=c:\windows\system32\calc.exe
cscript manage-bde.wsf
@Davidblkx
Davidblkx / LevenshteinDistance.cs
Created November 10, 2016 17:45
Levenshtein Distance in c#
using System;
namespace Algorithms
{
public static class LevenshteinDistance
{
/// <summary>
/// Calculate the difference between 2 strings using the Levenshtein distance algorithm
/// </summary>
/// <param name="source1">First string</param>
@pzb
pzb / user-agents.txt
Created December 19, 2015 01:03
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9
Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0)
@renancouto
renancouto / exploit-urls.md
Last active February 1, 2023 09:36
A collection of weird URLs that I think are used to exploit security vulnerabilities on web apps
  • /manager/html (Apache Tomcat)
  • http://123.249.24.233/POST_ip_port.php
  • /tmUnblock.cgi
  • /HNAP1/
  • /phpMyAdmin/scripts/setup.php (PHPMyAdmin)
  • /pma/scripts/setup.php
  • /myadmin/scripts/setup.php
  • /MyAdmin/scripts/setup.php
  • /vyvy/vyv/vy.php
  • /cgi-sys/php5