Skip to content

Instantly share code, notes, and snippets.

View Und3rf10w's full-sized avatar

Und3rf10w

605 followers · 63 following
View GitHub Profile
@grugq
grugq / gist:03167bed45e774551155
Last active April 6, 2024 10:12
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@kalkin
kalkin / QubesOS Zsh Completion
Created October 23, 2014 09:13
_qvm-run() {
local app_vms
app_vms=( $(qvm-ls --raw-list|grep -v "^dom0$") )
local exc=
if (( words[(I)--all] )); then
exc="*--exclude=[When --all is used: exclude this VM name (may be repeated)]:QubesVMs:($app_vms)"
fi
_arguments -S '(-a --auto)'{-a,--auto}'[Auto start the VM if not running]'\
@Belphemur
Belphemur / iptables-tarpit.conf
Last active October 10, 2022 18:29
Tarpit Action for Fail2ban with rate limit
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
# made active on all ports from original iptables.conf
# Modified: Antoine Aflalo <antoine@aaflalo.me>
# Used the iptables-allports.conf as base for TARPIT.
#
#
@monoxgas
monoxgas / Rulz.py
Created October 14, 2015 17:31
#!/usr/bin/env python
# Rulz.py
# Author: Nick Landers (@monoxgas) - Silent Break Security
import os
import sys
import argparse
import re
import binascii
import codecs
@mattifestation
mattifestation / WMI_attack_detection.ps1
Last active March 16, 2021 23:02
BlueHat 2016 - WMI attack detection demo
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
@rsmudge
rsmudge / getexplorer.cna
Created March 18, 2016 20:47
# getexplorerpid($bid, &callback);
sub getexplorerpid {
bps($1, lambda({
local('$pid $name $entry');
foreach $entry (split("\n", $2)) {
($name, $pid) = split("\\s+", $entry);
if ($name eq "explorer.exe") {
# $1 is our Beacon ID, $pid is the PID of explorer.exe
[$callback: $1, $pid];
}
@SadProcessor
SadProcessor / Get-RickAstley.ps1
Created March 21, 2016 23:46
Not intended for nefarious purposes...
function Get-RickAstley(){
[console]::beep(440,150)#A
[console]::beep(493,150)#B
[console]::beep(587,150)#D
[console]::beep(493,150)#B
Start-Sleep -m 20
[console]::beep(698,400)#F
[console]::beep(698,400)#F
[console]::beep(659,500)#E
Start-Sleep -m 50
@rsmudge
rsmudge / getenv.cna
Last active December 11, 2019 19:45
#
# Aggressor Script means to parse/use environment vars in a Beacon session.
#
global('%bvars');
# request environment variables for every new Beacon that comes in.
on beacon_initial {
# ideally, we'd have a bshell that could take callbacks. We don't have
# this yet. Eventually though, we will.
@mattifestation
mattifestation / sample_drive_infector.ps1
Created April 2, 2016 18:18
A PoC drive infector using permanent WMI event subscriptions. I wrote this to demonstrate passing __EventFilter arguments to a CommandLineEventConsumer
$EventFilterArgs = @{
EventNamespace = 'root/cimv2'
Name = 'DriveChanged'
Query = 'SELECT * FROM Win32_VolumeChangeEvent'
QueryLanguage = 'WQL'
}
$Filter = Set-WmiInstance -Namespace root/subscription -Class __EventFilter -Arguments $EventFilterArgs
$CommandLineConsumerArgs = @{
@XMPPwocky
XMPPwocky / poc.py
Created April 20, 2016 23:36
import dpkt, socket, struct, binascii, sys, time, random
if len(sys.argv) < 2:
print "Usage: poc.py pcapfile"
print "PCAP file must contain only the UDP packets of a Steam connection."
sys.exit(1)
capture = dpkt.pcap.Reader(open(sys.argv[1]))
cap_messages_out = []
cap_messages_in = []