This is my solution for the auxis test provided at the technical interview.
For our Terraform instance to connect to the AWS instances, we will need to generate a key pair:
$ ssh-keygen -t rsa -f auxis_keypair
...
cedriczirtacic
/ openvpn_installer
Last active
May 6, 2018 23:13
— forked from jc00ke/openvpn_installer
Installs OpenVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # OpenVPN Installer | |
| # | |
| # This installer was designed to work with Ubuntu 14.04. It installs | |
| # an OpenVPN server, generates an associated OpenVPN client configuration file, | |
| # configures a firewall, and enables automatic security updates. | |
| # | |
| # Once the installer finishes, the `/root/$CLIENT.ovpn` file will have been generated. | |
| # Download this file to your local machine and open it in an OpenVPN client and you'll |
cedriczirtacic
/ dtruss.c
Last active
March 27, 2018 02:00
when the binary file is execve'ed with dtruss, R9 register is set to 0x18 or R11 != 0xffffffff00000000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main() { | |
| unsigned long val; | |
| __asm__ ( | |
| "movq %%r9, %0" | |
| :"=m"(val) | |
| ); | |
| #ifdef DEBUG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # dtrace_oneliners.txt - DTrace one liners. Handy commands. | |
| # | |
| # 25-Apr-2005, ver 0.70 (first release) | |
| # | |
| # Standard Disclaimer: This is freeware, use at your own risk. | |
| # | |
| # 25-Apr-2005 Brendan Gregg Created this. | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| perl='print(qx{id});#' | |
| touch $perl && echo "this is a normal file" > $perl | |
| tar -vcf normal.tar $perl | |
| file normal.tar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 6554 6c6c 6d20 2065 6261 756f 2074 6f79 | |
| 7275 6620 7661 726f 7469 2065 6168 6b63 | |
| 202e 6633 7033 6a39 6f66 6666 3961 646a | |
| 6c73 7333 7240 6465 6162 6c6c 6F6F 736e | |
| 6365 7275 7469 2e79 6f63 0a6d 540d 6C65 | |
| 206C 656d 6120 6f62 7475 7920 756F 2072 | |
| 6166 6f76 6972 6574 6820 6361 2e6b 3320 | |
| 3366 3970 666a 666F 6166 6a39 7364 336C | |
| 4073 6572 6264 6c61 6f6c 6e6f 6573 7563 | |
| 6972 7974 632e 6d6F 0d0a |
cedriczirtacic
/ INSTALL.md
Last active
February 2, 2018 21:10
auxis interview test (terraform code, tomcat recipe, chefspec for recipe)
cedriczirtacic
/ mbr.asm
Last active
April 30, 2018 17:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| all: | |
| as -o test.o mbr.S | |
| objcopy -O binary test.o test.bin | |
| dd if=test.bin of=test.img skip=31744 bs=1 count=512 | |
| */ | |
| .code16 | |
| .org 0x7c00 | |
| .macro sleep |
cedriczirtacic
/ generate_serial.m
Created
November 1, 2017 06:01
https://medium.com/@cedriczirtacic/macos-reverse-engineering-part-ii-unicorn-app-crackme-4a0fa73d77c1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - (IBAction)generate_serial:(id)sender { | |
| NSString *name = [self.name_field stringValue]; | |
| unsigned char md5_serial[CC_MD5_DIGEST_LENGTH]; | |
| NSString *final_serial = @""; | |
| if (name == nil || [name length] == 0) { | |
| NSAlert *alert = [[NSAlert alloc] init]; | |
| [alert setMessageText:@"You must set a name!"]; | |
| [alert setAlertStyle:NSAlertStyleWarning]; |
cedriczirtacic
/ serial.pl
Last active
October 30, 2017 23:14
https://medium.com/@cedriczirtacic/macos-reverse-engineering-part-ii-unicorn-app-crackme-4a0fa73d77c1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| use strict; | |
| use warnings; | |
| use Digest::MD5 qw( md5_hex ); | |
| sub generate_serial($) { | |
| my $name = shift || return undef; | |
| my $md5 = md5_hex($name . "+unicorn"); | |
| $md5 =~ tr/a-f/A-F/; |
cedriczirtacic
/ macos_monitoring.md
Last active
July 25, 2018 14:14
Cheatsheet based on Patrick Wardle's talk: "Offensive Malware Analysis: Dissecting OSX FruitFly"
- Network:
tcpdump- Whireshark
- LuLu
- OS X:
- Check general logs:
~/Library/Logs/*- CoreAnalytics (>= OS X 10.13):
/Library/Logs/DiagnosticReports/ - Emond logs for persistence:
/Library/Logs/EventMonitor/
- CoreAnalytics (>= OS X 10.13):
ls -ltr ~/Library/LaunchAgents/*.plist
- Check general logs: