anthonykasza
anthonykasza
/ ja4-clienthello.py
Created
February 23, 2024 20:32
Python calls tshark on a pcap to generate ClientHello fingerprints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python calls tshark on a pcap to generate ClientHello fingerprint | |
| # This script only supports TLS, not SSL | |
| import argparse | |
| from publicsuffix2 import get_tld | |
| from hashlib import sha256 | |
| import subprocess | |
| import sys | |
| GREASERS = [ |
anthonykasza
/ forge-3way-handshake.py
Created
November 16, 2023 15:44
Forge a 3-way TCP handshake for pcap analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The foundation for this script was provided by ChatGTP | |
| # Zeek needs a TCP handshake to analyze a TLS stream. | |
| # This script forges a handshake for each packet carrying a ClientHello record | |
| # and writes the handshake, the ClientHello, and any ServerHellos to its own pcap | |
| import sys | |
| from scapy.all import * | |
| def find_hellos(pcap_file): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Game(): | |
| def __init__(self, size, debug=False, players=2): | |
| self.debug = debug | |
| self.board = [["-"] * size for i in range(size)] | |
| self.players = players | |
| self.symbols = {} | |
| self.turns = 0 | |
| self.next_turn = 0 | |
| self.winner = None |
anthonykasza
/ The Fundamentals of AWS Cloud Security
Created
December 8, 2022 16:10
The Fundamentals of AWS Cloud Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The Fundamentals of AWS Cloud Security | |
| ====================================== | |
| AWS re:Inforce 2019, Becky Weiss | |
| https://www.youtube.com/watch?v=-ObImxw1PmI | |
| AWS IAM | |
| ------- | |
| - identity and access | |
| - grant entities (services or humans) permission to make API calls on behalf of you or your account | |
| - every AWS service uses IAM to authenticate and authorize API calls |
anthonykasza
/ find_water_volume.py
Last active
October 7, 2022 17:34
calculate the water volume between peaks of a mountain range
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mountain_ranges = { | |
| (0,1,2,3,4): 0+0+0, | |
| (4,3,2,1,0): 0+0+0, | |
| (0,3,2,1,1): 0+0+0, | |
| (1,1,1,1,1): 0+0+0, | |
| (1,1,0,0,0): 0+0+0, | |
| (0,0,1,1,1): 0+0+0, | |
| (0,0,1,0,0): 0+0+0, | |
| (1,0,0,0,1): 1+1+1, | |
| (1,0,0,0,2): 1+1+1, |
anthonykasza
/ encoder.py
Last active
July 17, 2022 19:15
scripts to find magic strings in single-byte encoded data - sequences are neato
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A script which single-byte XOR encodes an input file | |
| import sys | |
| ifn = sys.argv[1] | |
| data = open(ifn, "rb").read() | |
| c = "a" | |
| for key in [0xaa, 0xab, 0x57, 0x07, 0x13]: | |
| ofn = c + ifn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from eth_account import Account | |
| import secrets | |
| prefix = "0xbca9" | |
| while True: | |
| priv = secrets.token_hex(32) | |
| private_key = "0x" + priv | |
| acct = Account.from_key(private_key) | |
| if acct.address.startswith(prefix): | |
| print("private key:", private_key) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A toy example showing pure scriptland matrix types. Good luck multiplying anything. | |
| module Matrix; | |
| export { | |
| type matrix_int: vector of vector of int; | |
| type matrix_dbl: vector of vector of double; | |
| global make_matrix_int: function(rows: count, cols: count): matrix_int; | |
| global make_matrix_dbl: function(rows: count, cols: count): matrix_dbl; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Here is an example nanorc for syntax highlighting in Zeek scripts. Edited the standard sh.nanorc to create this, and added in the regex described by Scott Runnels. | |
| ## For Scott's bro-mode.el, go to https://github.com/srunnels/bro-mode/blob/master/bro-mode.el | |
| syntax "zeek" "\.zeek$" | |
| magic "(POSIX|Bourne.*) shell script text" | |
| header "^#!.*/(ba|k|pdk)?sh[-0-9_]*" | |
| icolor brightgreen "^[0-9A-Z_]+\(\)" | |
| color cyan "(usec|msec|sec|min|hr|day)s?\b" | |
| color cyan "[0-9]+\/(tcp|udp|icmp|unknown)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # An example of event callbacks in a Zeek cluster. Callbacks are a bit clunky as events are not first-class types | |
| # The below cluster code copied from | |
| # https://docs.zeek.org/en/current/frameworks/supervisor.html#supervised-cluster-example | |
| event zeek_init() &priority=10 { | |
| if ( ! Supervisor::is_supervisor() ) { | |
| return; | |
| } |
NewerOlder