Rurik

# Automatically find XOR/SHL/SHR routines from an executable
# Uses IDAW (text IDA)
# @bbaskin - brian @ thebaskins.com
# While other, more powerful scripts like FindCrypt find known
# algorithms this is used to find custom encoding or modified
# encryption routines

""" 
Script results:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

adharris

package main

import (
	"database/sql"
	"errors"
	"fmt"
	_ "github.com/bmizerany/pq"
	"os"
	"regexp"
	"strings"

klange

Since this is on Hacker News and reddit...

• No, I don't distribute my résumé like this. A friend of mine made a joke about me being the kind of person who would do this, so I did (the link on that page was added later). My actual résumé is a good bit crazier.
• I apologize for the use of _t in my types. I spend a lot of time at a level where I can do that; "reserved for system libraries? I am the system libraries".
• Since people kept complaining, I've fixed the assignments of string literals to non-const char *s.
• My use of type * name, however, is entirely intentional.
• If you're using an older compiler, you might have trouble with the anonymous unions and the designated initializers - I think gcc 4.4 requires some extra braces to get them working together. Anything reasonably recent should work fine. Clang and gcc (newer than 4.4, at le

jvns

obj-m += rootkit.o

all:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean:
	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

aemkei

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2004

 Copyright (C) 2011 YOUR_NAME_HERE <YOUR_URL_HERE>

 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document, and changing it is allowed as long
 as the name is changed.

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE

lelandbatey

Description

This simple script will take a picture of a whiteboard and use parts of the ImageMagick library with sane defaults to clean it up tremendously.

The script is here:

#!/bin/bash
convert "$1" -morphology Convolve DoG:15,100,0 -negate -normalize -blur 0x1 -channel RBG -level 60%,91%,0.1 "$2"

Results

marktheunissen

This playbook has been removed as it is now very outdated.

mackwage

:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. 
:: Obligatory 'views are my own'. :) 
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key! 
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:

hrldcpr

One-line Tree in Python

Using Python's built-in defaultdict we can easily define a tree data structure:

def tree(): return defaultdict(tree)

That's it!