Skip to content

Instantly share code, notes, and snippets.

Avatar
🎵
Listening to meowzek

Dan danzek

🎵
Listening to meowzek
View GitHub Profile
@rqu1
rqu1 / checkmk.py
Last active Sep 25, 2022
check if a PAN firewall is using the default master key when globalprotect is enabled
View checkmk.py
from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests
DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'
class PanCrypt():
@theevilbit
theevilbit / get_apple_oss.sh
Last active Apr 25, 2022
Download All Apple OSS Tarballs from Github
View get_apple_oss.sh
#!/bin/zsh
: '
You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs:
https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
'
APPLE_OSS_DIR="all_apple_oss_archives"
APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt"
@blotus
blotus / log4j_exploitation_attempts_crowdsec.csv
Last active Sep 27, 2022
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community
View log4j_exploitation_attempts_crowdsec.csv
ip status country as_name
13.89.48.118 validated US MICROSOFT-CORP-MSN-AS-BLOCK
191.232.38.25 validated BR MICROSOFT-CORP-MSN-AS-BLOCK
104.244.72.129 validated LU PONYNET
198.144.121.43 validated US Amarutu Technology Ltd
185.44.76.189 validated GB Hydra Communications Ltd
188.68.61.6 validated DE netcup GmbH
2.56.11.65 validated DE Staclar, Inc.
84.17.52.169 validated CH Datacamp Limited
84.17.52.143 validated CH Datacamp Limited
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active Aug 5, 2022
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
View 20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active Sep 13, 2022
Log4j RCE CVE-2021-44228 Exploitation Detection
View log4j_rce_detection.md

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@wdormann
wdormann / noappinstaller.reg
Last active Dec 14, 2021
Prevent the ability to click on a ms-appinstaller: URI for the current user
View noappinstaller.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\ms-appinstaller]
"URL Protocol"=-
View EQL hunt for Potential Macro on close
sequence by host.id with maxspan=1s
[process where event.action : "creation_event" and
process.parent.name : ("winword.exe", "excel.exe", "powerpnt.exe") and
not (process.executable : ("?:\\Windows\\System32\\WerFault.exe", "?:\\WINDOWS\\splwow64.exe") and
process.args_count >= 2)
] by process.parent.entity_id
[process where event.action : "termination_event" and
process.name : ("winword.exe", "excel.exe", "powerpnt.exe") and
process.parent.name : ("winword.exe", "excel.exe", "powerpnt.exe", "explorer.exe", "outlook.exe", "thunderbird.exe")
] by process.entity_id
View main.rs
use std::net::ToSocketAddrs;
use std::sync::mpsc::channel;
fn main() {
std::env::set_var("LOCALDOMAIN", "1");
let mut threads = vec![];
let (tx, rx) = channel();
@unrealwill
unrealwill / collisionLSH.py
Created Aug 8, 2021
Proof of Concept : generating collisions on a neural perceptual hash
View collisionLSH.py
import tensorflow as tf #We need tensorflow 2.x
import numpy as np
#The hashlength in bits
hashLength = 256
def buildModel():
#we can set the seed to simulate the fact that this network is known and doesn't change between runs
#tf.random.set_seed(42)
model = tf.keras.Sequential()