Source: https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/
Large amounts of RAM:
top
actus10
/ shadowbrokers-processes.csv
Created
June 10, 2024 21:01
— forked from Te-k/shadowbrokers-processes.csv
ShadowBrokers list of processes
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 000stthk.exe|Toshiba Hotkey Configuration|NONE | |
| 007ssinstall.exe|007 Spy Software|NONE | |
| 00thotkey.exe|Toshiba Keyboard Helper|NONE | |
| 123downloadsuk[1].exe|123Mania Hijacker|NONE | |
| 12popup.exe|12Ghosts Popup-Killer|NONE | |
| 153.exe|??? Dialer.W32.153 ???|MALICIOUS_SOFTWARE | |
| 180sainstalleradperform.exe|180Solutions Zango|NONE | |
| 180sainstallernusac.exe|180SearchAssistant|NONE | |
| 1xconfig.exe|SCM MicroSystems Helper|NONE | |
| 2portalmon.exe|2wSysTray|NONE |
actus10
/ forensics-cheatsheet.md
Created
March 11, 2022 02:54
— forked from mihalyr/forensics-cheatsheet.md
Linux Compromise Assessment Command Cheat Sheet
actus10
/ networktweaks.ps1
Created
June 25, 2021 12:55
— forked from nirinium/networktweaks.ps1
network tweaks via CMD/PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| netsh interface teredo set state disabled | |
| netsh interface 6to4 set state disabled | |
| netsh winsock reset | |
| netsh interface isatap set state disable | |
| netsh int tcp set global timestamps=disabled | |
| netsh int tcp set heuristics disabled | |
| netsh int tcp set global autotuninglevel=disable | |
| netsh int tcp set global congestionprovider=ctcp | |
| netsh int tcp set supplemental Internet congestionprovider=CTCP | |
| netsh int tcp set global chimney=disabled |
actus10
/ epoll_server.py
Created
August 9, 2018 18:42
— forked from dtoma/epoll_server.py
epoll tcp server in python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """Simple server using epoll.""" | |
| from __future__ import print_function | |
| from contextlib import contextmanager | |
| import socket | |
| import select | |
actus10
/ gist:71cc56f7182dc93c10d662d397859759
Created
July 18, 2018 22:26
— forked from kashyapc/gist:7926517
tcpdump analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On Controller node | |
| $ tcpdump -envi eth0 | grep -i gre | |
| $ tcpdump -envi br-int | |
| $ tcpdump -envi br-tun | |
| $ ip netns exec qrouter-d72adddf-4c02-4916-ae6d-16bfdaf59d99 tcpdump -nn -i qr-63ea2815-b5 icmp | |
| $ ip netns exec qrouter-d72adddf-4c02-4916-ae6d-16bfdaf59d99 tcpdump -nn -i qg-e7110dba-a9 icmp | |
| $ tcpdump -envi 192.168.122.163 | |
| $ tcpdump -envi br-ex | |
| $ tcpdump -i eth0 -n arp or icmp |
actus10
/ useragentswitcher.xml
Created
April 30, 2018 21:20
Massive list of user agents for User Agent Switcher by Chris Pederik http://forums.chrispederick.com/categories/user-agent-switcher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <useragentswitcher> | |
| <folder description="Browsers - Windows"> | |
| <folder description="Legacy Browsers"> | |
| <useragent description="Arora 0.6.0 - (Vista)" useragent="Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.6 (Change: )" appcodename="" appname="" appversion="" platform="" vendor="" vendorsub=""/> | |
| <useragent description="Avant Browser 1.2" useragent="Avant Browser/1.2.789rel1 (http://www.avantbrowser.com)" appcodename="" appname="" appversion="" platform="" vendor="" vendorsub=""/> | |
| <useragent description="Chrome 4.0.249.0 (Win 7)" useragent="Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5" appcodename="" appname="" appversion="" platform="" vendor="" vendorsub=""/> | |
| <useragent description="Chrome 5.0.310.0 (Server 2003)" useragent="Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.310.0 Safari/532.9" appcodename="" appname="" |
actus10
/ curl.php
Created
October 5, 2013 22:43
— forked from loraxx753/curl.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Curl | |
| { | |
| /** | |
| * A get request to another site. | |
| * | |
| * Ex: Curl::get('http://google.com/') will return the standard curl response from google | |
| * | |
| * @param string The url of the site | |
| * @param string The response language (currently json or xml, they will be automatically parsed) | |
| * @param array Any custom curl options that need to be added in the form of array(OPTION => 'value'); |