Skip to content

Instantly share code, notes, and snippets.

Listening to meowzek

Dan danzek

Listening to meowzek
View GitHub Profile
rqu1 /
Last active Sep 25, 2022
check if a PAN firewall is using the default master key when globalprotect is enabled
from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests
class PanCrypt():
theevilbit /
Last active Apr 25, 2022
Download All Apple OSS Tarballs from Github
: '
You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs:
blotus / log4j_exploitation_attempts_crowdsec.csv
Last active Sep 27, 2022
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community
View log4j_exploitation_attempts_crowdsec.csv
ip status country as_name validated US MICROSOFT-CORP-MSN-AS-BLOCK validated BR MICROSOFT-CORP-MSN-AS-BLOCK validated LU PONYNET validated US Amarutu Technology Ltd validated GB Hydra Communications Ltd validated DE netcup GmbH validated DE Staclar, Inc. validated CH Datacamp Limited validated CH Datacamp Limited
SwitHak /
Last active Aug 5, 2022
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
Neo23x0 /
Last active Sep 13, 2022
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
wdormann / noappinstaller.reg
Last active Dec 14, 2021
Prevent the ability to click on a ms-appinstaller: URI for the current user
View noappinstaller.reg
Windows Registry Editor Version 5.00
"URL Protocol"=-
View EQL hunt for Potential Macro on close
sequence by with maxspan=1s
[process where event.action : "creation_event" and : ("winword.exe", "excel.exe", "powerpnt.exe") and
not (process.executable : ("?:\\Windows\\System32\\WerFault.exe", "?:\\WINDOWS\\splwow64.exe") and
process.args_count >= 2)
] by process.parent.entity_id
[process where event.action : "termination_event" and : ("winword.exe", "excel.exe", "powerpnt.exe") and : ("winword.exe", "excel.exe", "powerpnt.exe", "explorer.exe", "outlook.exe", "thunderbird.exe")
] by process.entity_id
use std::net::ToSocketAddrs;
use std::sync::mpsc::channel;
fn main() {
std::env::set_var("LOCALDOMAIN", "1");
let mut threads = vec![];
let (tx, rx) = channel();
unrealwill /
Created Aug 8, 2021
Proof of Concept : generating collisions on a neural perceptual hash
import tensorflow as tf #We need tensorflow 2.x
import numpy as np
#The hashlength in bits
hashLength = 256
def buildModel():
#we can set the seed to simulate the fact that this network is known and doesn't change between runs
model = tf.keras.Sequential()