Skip to content

Instantly share code, notes, and snippets.

View dervishe-'s full-sized avatar

Alexandre Keledjian dervishe-

9 followers · 20 following
View GitHub Profile
@nathanqthai
nathanqthai / payload_samples.md
Last active March 30, 2023 12:54
Sample Log4Shell (CVE-2021-44228) payloads observed in the wild by GreyNoise Intelligence

Samples

Enclosed are some sanitized samples of data GreyNoise has identified and collected related to the Log4J vulnerability exploitation in the wild. GreyNoise infrastructure IPs have been removed while preserving the data to the best of our ability. Please note that GreyNoise HAS NOT verified if any of these are effective. These examples are not a comprehensive coverage of all the payloads GreyNoise have observed.

These samples are intended to provide individuals with a clearer idea of some of the variation in the wild.

Examples

The follow section includes Log4Shell samples seen in the wild

URL Encoding and Failed argv Input (????)

What appears to be a failed attempt:

@securelyfitz
securelyfitz / ftscreen.sh
Created August 26, 2021 18:41
Use screen with custom baud rates on FTDI devices
#!/bin/bash
# since screen doesn't know how to set custom baud rates, this does it for FTDI devices.
# it works by using setserial to set the custom speed (spd_cust) mode for baud rate 38400
# it calculates the proper clock divider by dividing the device's base clock by the desired rate
# then, it starts screen at 38400 - which is not longer 38400 but your new clock rate.
# tested on FT232H, FT2232H, FT-X, and FT232RL
# does not work on CH341 or PL2303
# todo: confirm FTDI before running setserial and report error
# todo: validate uart range
@rjhansen
rjhansen / keyservers.md
Last active April 14, 2024 12:28
SKS Keyserver Network Under Attack

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

@marcan
marcan / linux.sh
Last active December 1, 2023 15:18
Linux kernel initialization, translated to bash
#!/boot/bzImage
# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.
# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active February 24, 2024 12:19
Most VPN Services are Terrible

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016