Skip to content

Instantly share code, notes, and snippets.

Avatar

Vesselin Bontchev bontchev

View GitHub Profile
@rxaviers
rxaviers / gist:7360908
Last active Nov 30, 2021
Complete list of github markdown emoji markup
View gist:7360908

People

:bowtie: :bowtie: 😄 :smile: 😆 :laughing:
😊 :blush: 😃 :smiley: ☺️ :relaxed:
😏 :smirk: 😍 :heart_eyes: 😘 :kissing_heart:
😚 :kissing_closed_eyes: 😳 :flushed: 😌 :relieved:
😆 :satisfied: 😁 :grin: 😉 :wink:
😜 :stuck_out_tongue_winking_eye: 😝 :stuck_out_tongue_closed_eyes: 😀 :grinning:
😗 :kissing: 😙 :kissing_smiling_eyes: 😛 :stuck_out_tongue:
@abrudtkuhl
abrudtkuhl / nginx-elasticsearch-proxy.conf
Last active Aug 23, 2019 — forked from karmi/nginx-elasticsearch-proxy.conf
NGINX Reverse Proxy Authentication For Elasticsearch
View nginx-elasticsearch-proxy.conf
# Run me with:
#
# $ nginx -p /path/to/this/file/ -c nginx.conf
#
# All requests are then routed to authenticated user's index, so
#
# GET http://user:password@localhost/_search?q=*
#
# is rewritten to:
#
@vqhuy
vqhuy / rol-ror.py
Created Aug 13, 2015
python rol, ror operation implement
View rol-ror.py
###########################################################################
# Rotating bits (tested with Python 2.7)
from __future__ import print_function # PEP 3105
# max bits > 0 == width of the value in bits (e.g., int_16 -> 16)
# Rotate left: 0b1001 --> 0b0011
rol = lambda val, r_bits, max_bits: \
(val << r_bits%max_bits) & (2**max_bits-1) | \
@xvitaly
xvitaly / remove_crw.cmd
Last active Nov 26, 2021
Remove telemetry updates for Windows 7 and 8.1
View remove_crw.cmd
@echo off
echo Uninstalling KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249 /quiet /norestart
echo Uninstalling KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149 /quiet /norestart
echo Uninstalling KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917 /quiet /norestart
echo Uninstalling KB3022345 (telemetry)
start /w wusa.exe /uninstall /kb:3022345 /quiet /norestart
echo Uninstalling KB3068708 (telemetry)
@Neo23x0
Neo23x0 / config-client.xml
Last active May 17, 2021
Sysmon Base Configuration - Workstations
View config-client.xml
<!--
This is a Microsoft Sysmon configuration to be used on Windows workstations
v0.2.1 December 2016
Florian Roth (with the help and ideas of others)
The focus of this configuration is
- malware detection (execution)
- malware detection (network connections)
- exploit detection
It is not focussed on
@alirobe
alirobe / reclaimWindows10.ps1
Last active Nov 26, 2021
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
View reclaimWindows10.ps1
##########
# Tweaked Win10 Initial Setup Script
# Primary Author: Disassembler <disassembler@dasm.cz>
# Modified by: alirobe <alirobe@alirobe.com> based on my personal preferences.
# Version: 2.20.2, 2018-09-14
# Primary Author Source: https://github.com/Disassembler0/Win10-Initial-Setup-Script
# Tweaked Source: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1/
# Tweak difference:
#
# @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ...
View fake_sandbox.ps1
# Simulate fake processes of analysis sandbox/VM that some malware will try to evade
# This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...)
# It's just a PoC and it's ugly as f*ck but hey, if it works...
# Usage: .\fake_sandbox.ps1 -action {start,stop}
param([Parameter(Mandatory=$true)][string]$action)
$fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe",
"VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe",
@thatguy031415
thatguy031415 / ransomcanary.ps1
Created Feb 3, 2017
Ransomware canary file script in powershell
View ransomcanary.ps1
<#
Powershell script to create and monitor a ransomware canary file;
If the canary is modified, the script will notify the user, log the data,
create an entry in the event log, and stop the workstation service,
crippling the machine's ability to map or access network drives.
Modified from a script found at freeforensics.org
#>
$DirPath = "C:\Temp\"
View INSTALL.md

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

View BadTalkTitles
😒🙅🙄
$thing for fun and profit
all your $thing are belong to $shutup
honey I $verbed the $thing
$thing demystified
$thing: a deep dive
$verb all the things
make $thing great again
$x and $y and $z, oh my!