Skip to content

Instantly share code, notes, and snippets.

View RC1140's full-sized avatar
🎿
NOP Sledding

Jameel RC1140

🎿
NOP Sledding
74 followers · 262 following
View GitHub Profile
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@svch0stz
svch0stz / defenderwatch.ps1
Last active November 18, 2022 01:03
WMI Watcher for Windows Defender RealtimeMonitoring
$WMI = @{
Query = "SELECT * FROM __InstanceModificationEvent WITHIN 5 WHERE TargetInstance ISA 'MSFT_MpPreference' AND TargetInstance.DisableRealtimeMonitoring=True"
Action = {
#$Global:Data = $Event
Write-Host "Defender Configuration change - DisableRealtimeMonitoring:"$Event.SourceEventArgs.NewEvent.TargetInstance.DisableRealtimeMonitoring"(Old Value:"$Event.SourceEventArgs.NewEvent.PreviousInstance.DisableRealtimeMonitoring")"
}
Namespace = 'root\microsoft\windows\defender'
SourceIdentifier = "Defender.DisableRealtimeMonitoring"
}
$Null = Register-WMIEvent @WMI
@afdalwahyu
afdalwahyu / main.go
Last active July 20, 2023 09:31
golang dynamic port forward ssh socks5 tunnel
package main
import (
"context"
"fmt"
"net"
"os"
"os/signal"
"syscall"
@olafhartong
olafhartong / sysmon-7-schema.xml
Created June 7, 2018 19:37
<manifest schemaversion="4.0" binaryversion="1.01">
<configuration>
<options>
<!-- Command-line only options -->
<option switch="i" name="Install" argument="optional" noconfig="true" exclusive="true" />
<option switch="c" name="Configuration" argument="optional" noconfig="true" exclusive="true" />
<option switch="u" name="UnInstall" argument="none" noconfig="true" exclusive="true" />
<option switch="m" name="Manifest" argument="none" noconfig="true" exclusive="true" />
<option switch="t" name="DebugMode" argument="none" noconfig="true" />
<option switch="s" name="PrintSchema" argument="optional" noconfig="true" exclusive="true" />
@mackwage
mackwage / windows_hardening.cmd
Last active April 17, 2024 09:05
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@dekobon
dekobon / Getting Started with the JDK on SmartOS.md
Last active September 26, 2018 17:20
Installing Java 8 on SmartOS

Installing the Oracle Java 8 JDK on SmartOS

  1. Go to: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
  2. Download the "Solaris x64 XX.X MB jdk-8u66-solaris-x64.tar.gz" tarball from the Oracle Java SE site. You won't be able to paste the URL into curl on your SmartOS instance unless you click it first to get the authentication parameter. Regardless, get the tarball any way that you prefer and copy it onto your SmartOS instance.
  3. Extract the tarball and copy it to the location of your choosing.
  4. Globally set the value of the environment variable JAVA_HOME to the path of the JVM.
  5. Update your PATH to include the Java bin directory by setting it to PATH=$PATH:$JAVA_HOME/bin
@johanndt
johanndt / upgrade-postgres-9.3-to-9.5.md
Last active July 15, 2022 12:35 — forked from dideler/upgrade-postgres-9.3-to-9.4.md
Upgrading PostgreSQL from 9.3 to 9.5 on Ubuntu

TL;DR

Install Postgres 9.5, and then:

sudo pg_dropcluster 9.5 main --stop
sudo pg_upgradecluster 9.3 main
sudo pg_dropcluster 9.3 main
@koreno
koreno / README.md
Last active April 1, 2020 10:44
'rebaser' improves on 'git rebase -i' by adding information per commit regarding which files it touched.

Prebase

git-prebase improves on 'git rebase -i' by adding information per commit regarding which files it touched.

  • Each file gets an alpha-numeric identifier at a particular column, a list of which appears below the commit list. (The identifiers wrap around after the 62nd file)
  • Commits can be moved up and down safely (without conflicts) as long as their columns don't clash (they did not touch the same file).

Installation

Add the executable to your path and git will automatically expose it as

@denji
denji / golang-tls.md
Last active March 29, 2024 03:03 — forked from spikebike/client.go
Simple Golang HTTPS/TLS Examples

Moved to git repository: https://github.com/denji/golang-tls

Generate private key (.key)
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
@amlweems
amlweems / gist:6e78d03810548b4867d6
Created January 27, 2015 17:32
ghost.c
/*
* Qualys test program to check for presence of GHOST vulnerability
* For more info: http://www.openwall.com/lists/oss-security/2015/01/27/9
*/
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>