Skip to content

Instantly share code, notes, and snippets.

View cephurs's full-sized avatar

cephurs

107 followers · 1.2k following
View GitHub Profile
@cephurs
cephurs / Reset-KrbtgtKeyInteractive.ps1
Created August 17, 2023 13:39 — forked from mubix/Reset-KrbtgtKeyInteractive.ps1
Microsoft KRBTGT Reset script - https://gallery.technet.microsoft.com/Reset-the-krbtgt-account-581a9e51
<#----------------------------------------------------------------------------------------------------
Release Notes:
v1.4:
Author: Jared Poeppelman, Microsoft
First version published on TechNet Script Gallery
----------------------------------------------------------------------------------------------------#>
function Test-Command
{
@cephurs
cephurs / ruleAPTSnake.yar
Created May 11, 2023 16:54 — forked from msuiche/ruleAPTSnake.yar
/*
Hunting Russian Intelligence “Snake” Malware
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by
Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive
targets.
*/
rule Windows_Snake_Malware {
meta:
@cephurs
cephurs / HELP.md
Created November 25, 2022 18:32 — forked from joswr1ght/HELP.md
Log4Jack Bonus Help

Yule Log4Jack Help

Hi, Josh Wright here. I'm the technical director for the Holiday Hack Challenge. We don't normally break the 4th wall like this, but we think this Log4j vulnerability calls for special measures to give you the information you need to assess, identify, and mitigate this vulnerability.

In this challenge, Icky McGoop asks for your help in exploiting a Java Solr server at http://solrpower.kringlecastle.com:8983. This server is vulnerable to the Log4shell vulnerability. Your goal is to exploit the server and get a

@cephurs
cephurs / 20211210-TLP-WHITE_LOG4J.md
Created December 17, 2021 05:05 — forked from SwitHak/20211210-TLP-WHITE_LOG4J.md
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-16 1711 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@cephurs
cephurs / CVE-2021-44228_IPs.csv
Created December 10, 2021 22:04 — forked from gnremy/CVE-2021-44228_IPs.csv
CVE-2021-44228 Apache Log4j RCE Attempts Dec 10th 3:40PM ET
ip tag_name
18.27.197.252 Apache Log4j RCE Attempt
23.129.64.131 Apache Log4j RCE Attempt
23.129.64.141 Apache Log4j RCE Attempt
23.129.64.146 Apache Log4j RCE Attempt
23.129.64.148 Apache Log4j RCE Attempt
45.12.134.108 Apache Log4j RCE Attempt
45.155.205.233 Apache Log4j RCE Attempt
46.166.139.111 Apache Log4j RCE Attempt
46.182.21.248 Apache Log4j RCE Attempt
@cephurs
cephurs / unc1878_indicators.txt
Created November 3, 2020 16:56 — forked from aaronst/unc1878_indicators.txt
UNC1878 Indicators
# C2 FQDNs
first seen fqdn
2019-12-11 23:37:10 updatemanagir.us
2019-12-20 17:51:05 cmdupdatewin.com
2019-12-26 18:03:27 scrservallinst.info
2020-01-10 00:33:57 winsystemupdate.com
2020-01-11 23:16:41 jomamba.best
2020-01-13 05:13:43 updatewinlsass.com
2020-01-16 11:38:53 winsysteminfo.com
2020-01-20 05:58:17 livecheckpointsrs.com
@cephurs
cephurs / kerberos_attacks_cheatsheet.md
Created September 28, 2020 15:14 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@cephurs
cephurs / mostly_painless_cuckoo_sandbox_install.md
Created August 10, 2020 23:13 — forked from 7MinSec/mostly_painless_cuckoo_sandbox_install.md
Mostly painless Cuckoo Sandbox install

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

  1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:
  • 100GB hard drive
  • 2 procs
  • 8 gigs of RAM
@cephurs
cephurs / install-l2tbinaries-win64.py
Created April 8, 2020 03:06 — forked from forensicmatt/install-l2tbinaries-win64.py
Install all the win64 executables in the l2tbinaries github folder
import os
import requests
import tempfile
import subprocess
import json
def main():
win64_request = requests.get("https://api.github.com/repos/log2timeline/l2tbinaries/contents/win64")
contents = json.loads(win64_request.text)
@cephurs
cephurs / check-smb-v3.11.sh
Created March 11, 2020 23:29 — forked from nikallass/check-smb-v3.11.sh
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'