Skip to content

Instantly share code, notes, and snippets.

View adampankow's full-sized avatar

Adam adampankow

5 followers · 28 following
View GitHub Profile
@rvrsh3ll
rvrsh3ll / FireDrill.ps1
Last active May 16, 2024 23:58
<#
The purpose of this script is to attempt to set off alarms on security products.
#>
function Get-RandomString {
# Get-RandomString.ps1
# Written by Bill Stewart (bstewart@iname.com)
#requires -version 2
@JJediny
JJediny / DISA-STIG-CCI2NIST-800-53.csv
Last active May 14, 2024 19:00
DISA STIG CCI to NIST-800-53 mapping converted into csv file http://iase.disa.mil/stigs/cci/Pages/index.aspx
We can't make this file beautiful and searchable because it's too large.
id,status,publishdate,contributor,definition,type,NIST800-53rev,control,NIST800-53rev,control,NIST800-53rev,control
CCI-001545,draft,2010-05-11,DISA FSO,The organization defines a frequency for reviewing and updating the access control policy.,policy,4,AC-1 b 1,3,AC-1 a,1,AC-1.2 (i)
CCI-001546,draft,2010-05-11,DISA FSO,The organization defines a frequency for reviewing and updating the access control procedures.,policy,4,AC-1 b 2,3,AC-1 b,1,AC-1.2 (iii)
CCI-000001,draft,2009-05-13,DISA FSO,"The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.",policy,4,AC-1 a 1,3,AC-1 a,1,AC-1.1 (i and ii)
CCI-000004,draft,2009-05-13,DISA FSO,The organization develops procedures to facilitate the implementation of the access control policy and associated access controls.,policy,4,AC-1 a 2,3,AC-1 b,1,AC-1.1 (iv and v)
CCI-000002,draft,2009-09-14,DISA FSO,The organization disseminates the ac
@charlesroper
charlesroper / How to setup a practically free CDN using Backblaze B2 and Cloudflare.md
Last active May 12, 2024 11:09
How to setup a practically free CDN

How to setup a practically free CDN using Backblaze B2 and Cloudflare

⚠️ Note 2023-01-21
Some things have changed since I originally wrote this in 2016. I have updated a few minor details, and the advice is still broadly the same, but there are some new Cloudflare features you can (and should) take advantage of. In particular, pay attention to Trevor Stevens' comment here from 22 January 2022, and Matt Stenson's useful caching advice. In addition, Backblaze, with whom Cloudflare are a Bandwidth Alliance partner, have published their own guide detailing how to use Cloudflare's Web Workers to cache content from B2 private buckets. That is worth reading,

@jamesmacwhite
jamesmacwhite / Workarounds for Netflix and the blocking of IPv6 tunnels.md
Last active May 6, 2024 09:00
Prevent proxy/VPN streaming error messages from Netflix when using a Hurricane Electric IPv6 tunnel.

Workarounds for Netflix and the blocking of Hurricane Electric IPv6 tunnels

The dreaded "You seem to be using an unblocker or proxy." error message. Cool story bro.

This gist was essentially created out of my own rant about Netflix being hostile to IPv6 tunnel services since June 2016. You are welcome to read my opinion on the matter, this is the more technical side to the issue and how to combat it within your own network.

Since I wrote this, various GitHub users have contributed their thoughts and ideas which has been incorporated into this gist. Thank you to everyone who have contributed their own methods and implementations.

The problem

Netflix now treats IPv6 tunnel brokers (such as Hurricane Electric) as proxy servers. A while ago it became apparent to users and Netflix that somewhat by accident, IPv6 tunnel users were being served content outside of their geolocation because of the way Netflix was identifyi

@paalfe
paalfe / CiscoKeyGen.py
Created May 17, 2015 20:45
Cisco IOU License Generator. Originally found at http://www.routingloops.co.uk/cisco/gns3-v1-1-install-on-ubuntu-14-04-lts/, I have done a few changes to it. Make the file executable with " chmod +x CiscoKeyGen.py " and execute it " ./CiscoKeyGen.py ".
#! /usr/bin/python
print "\n*********************************************************************"
print "Cisco IOU License Generator - Kal 2011, python port of 2006 C version"
import os
import socket
import hashlib
import struct
# get the host id and host name to calculate the hostkey
hostid=os.popen("hostid").read().strip()
hostname = socket.gethostname()
@superjamie
superjamie / raspberry-pi-vpn-router.md
Last active April 13, 2024 12:22
Raspberry Pi VPN Router

Raspberry Pi VPN Router

This is a quick-and-dirty guide to setting up a Raspberry Pi as a "router on a stick" to PrivateInternetAccess VPN.

Requirements

Install Raspbian Jessie (2016-05-27-raspbian-jessie.img) to your Pi's sdcard.

Use the Raspberry Pi Configuration tool or sudo raspi-config to:

@verticalgrain
verticalgrain / chip-flashing-guide-nov-2018.md
Last active April 10, 2024 09:47
NextThingCo C.H.I.P. Flashing guide as of November, 2018

Below are the steps required to flash a NextThingCo CHIP or PocketCHIP from the command line, as of November 2018. The web flasher no longer works, and there are numerous errors when flashing from the command line, mostly due to broken dependencies. The following method works for flashing a CHIP as of November 2018:

Note: Flashing must be done on Linux. Tested on Ubuntu and Rasparian. Mac OS seems to not work.

  1. Download and unpack the CHIP-SDK.zip from one of the following:
  1. Download and unpack CHIP-tools.zip from one of the following:
@pingec
pingec / Disable mstsc NLA (client)
Last active March 29, 2024 14:17
Disable NLA on remote desktop (mstsc) client (fixing password expired problem)
Sometimes you try to open a remote desktop connection to a machine only to get an error message that "the password has expired".
If the remote machine does not enforce NLA (Network Level Authentication), it is still possible to start a remote desktop session by disabling NLA on the client (currenlty not possible from the menu on my remote desktop client v.6.3.96000 that came with windows 8.1).
Add the following setting to your .rdp file ("C:\Users\<User>\Documents\Default.rdp" if you aren't using a specific one).
enablecredsspsupport:i:0
Optionally you might need to specify
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log