Skip to content

Instantly share code, notes, and snippets.

Avatar
🐗
æ

cedric cedriczirtacic

🐗
æ
View GitHub Profile
View openvpn_installer
#!/bin/bash
# OpenVPN Installer
#
# This installer was designed to work with Ubuntu 14.04. It installs
# an OpenVPN server, generates an associated OpenVPN client configuration file,
# configures a firewall, and enables automatic security updates.
#
# Once the installer finishes, the `/root/$CLIENT.ovpn` file will have been generated.
# Download this file to your local machine and open it in an OpenVPN client and you'll
@cedriczirtacic
cedriczirtacic / dtruss.c
Last active Mar 27, 2018
when the binary file is execve'ed with dtruss, R9 register is set to 0x18 or R11 != 0xffffffff00000000
View dtruss.c
#include <stdio.h>
int main() {
unsigned long val;
__asm__ (
"movq %%r9, %0"
:"=m"(val)
);
#ifdef DEBUG
@cedriczirtacic
cedriczirtacic / dtrace.d
Last active Mar 27, 2018
dtrace oneliners
View dtrace.d
# dtrace_oneliners.txt - DTrace one liners. Handy commands.
#
# 25-Apr-2005, ver 0.70 (first release)
#
# Standard Disclaimer: This is freeware, use at your own risk.
#
# 25-Apr-2005 Brendan Gregg Created this.
#
View poly.sh
#!/bin/bash
perl='print(qx{id});#'
touch $perl && echo "this is a normal file" > $perl
tar -vcf normal.tar $perl
file normal.tar
@cedriczirtacic
cedriczirtacic / hexe1
Created Feb 27, 2018
redballoonsecurity.com challenges
View hexe1
6554 6c6c 6d20 2065 6261 756f 2074 6f79
7275 6620 7661 726f 7469 2065 6168 6b63
202e 6633 7033 6a39 6f66 6666 3961 646a
6c73 7333 7240 6465 6162 6c6c 6F6F 736e
6365 7275 7469 2e79 6f63 0a6d 540d 6C65
206C 656d 6120 6f62 7475 7920 756F 2072
6166 6f76 6972 6574 6820 6361 2e6b 3320
3366 3970 666a 666F 6166 6a39 7364 336C
4073 6572 6264 6c61 6f6c 6e6f 6573 7563
6972 7974 632e 6d6F 0d0a
@cedriczirtacic
cedriczirtacic / INSTALL.md
Last active Feb 2, 2018
auxis interview test (terraform code, tomcat recipe, chefspec for recipe)
View INSTALL.md

auxis test

Intro

This is my solution for the auxis test provided at the technical interview.

AWS

For our Terraform instance to connect to the AWS instances, we will need to generate a key pair:

$ ssh-keygen -t rsa -f auxis_keypair

...

View mbr.asm
/*
all:
as -o test.o mbr.S
objcopy -O binary test.o test.bin
dd if=test.bin of=test.img skip=31744 bs=1 count=512
*/
.code16
.org 0x7c00
.macro sleep
View generate_serial.m
- (IBAction)generate_serial:(id)sender {
NSString *name = [self.name_field stringValue];
unsigned char md5_serial[CC_MD5_DIGEST_LENGTH];
NSString *final_serial = @"";
if (name == nil || [name length] == 0) {
NSAlert *alert = [[NSAlert alloc] init];
[alert setMessageText:@"You must set a name!"];
[alert setAlertStyle:NSAlertStyleWarning];
View serial.pl
#!/usr/bin/perl -w
use strict;
use warnings;
use Digest::MD5 qw( md5_hex );
sub generate_serial($) {
my $name = shift || return undef;
my $md5 = md5_hex($name . "+unicorn");
$md5 =~ tr/a-f/A-F/;
@cedriczirtacic
cedriczirtacic / macos_monitoring.md
Last active Jul 25, 2018
Cheatsheet based on Patrick Wardle's talk: "Offensive Malware Analysis: Dissecting OSX FruitFly"
View macos_monitoring.md

macOS X malware behavior monitoring (quick cheatsheet)

  • Network:
  • OS X:
    • Check general logs: ~/Library/Logs/*
      • CoreAnalytics (>= OS X 10.13): /Library/Logs/DiagnosticReports/
      • Emond logs for persistence: /Library/Logs/EventMonitor/
    • ls -ltr ~/Library/LaunchAgents/*.plist