Skip to content

Instantly share code, notes, and snippets.

Keybase proof

I hereby claim:

  • I am diyinfosec on github.
  • I am ane2843 (https://keybase.io/ane2843) on keybase.
  • I have a public key ASBVHEdc_Yub7TdQ7oulsyilO33pP4Y1T0iX2ukTTXKkcQo

To claim this, I am signing this object:

#!/bin/bash
#- This script is just a collection of functions that I created for learning ext4.
#- Just run ". ./manage_ext4.sh" from the command prompt and it will load the functions into your current session.
#- To list the functions defined in your Bash shell use: "declare -F"
#- For our purposes you can ignore functions starting with _. So "declare -F | grep -v ' _'" gives you a shorter list.
#==================================
#- Comments about multipass
#==================================
#!/bin/bash
#- Script to setup Docker, Minikube, Kubectl, Helm on Ubuntu.
#- On the K8s cluster install - Vault, Consul, Datadog agent.
#- Access to K8s dashboard is provided through nginx on port 5000. http://<host_ip>:5000
#- Acess to Vault UI is provided through kubectl port-forward. http://<host_ip>:8200
#- I use multipass for the VMs, so rebuild a VM the following steps are applicable.
#- For the first time, the first two commands can be ignored.
# multipass delete ktest
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
# non relevant rules
- level: None
nonResourceURLs:
- "/healthz*"
- "/logs"
- "/metrics"
- "/swagger*"
@diyinfosec
diyinfosec / ntfs_ads_limit_test.ps1
Created February 3, 2022 18:07
Testing the number of possible Alternate Data Streams for a file in NTFS.
#- Iterate over the maximum size of Attribute ID
for($i=1; $i -lt 65536; $i++)
{
#- This file must already exist. Additional hardlinks will be created for this file.
$original_file_name="file.txt";
#- Testing the upper limit for ADS creation, breaking off once there is an non-terminating error [Set-Content : Could not open the alternate data stream ‘<stream_name>’ of the file]
#- Non-terminating errors are not handled using try/catch. To force a non-terminating error to be caught we use "-ErrorAction Stop"
try
{
@diyinfosec
diyinfosec / ntfs_hardlink_limit_test.ps1
Created January 30, 2022 17:46
Powershell script to test how many hardlinks are supported for a file in NTFS.
@diyinfosec
diyinfosec / 04-aes-find-ntfs-efs-keys.py
Created January 28, 2022 18:11
Scan memory and find AES-256 keys used by Encrypting File System (NTFS)
import re
#- Name of the file/drive letter to scan
#input_file_name="C:\\memory.dmp"
input_file_name="memory.dmp"
key_len=32
#- Open the input file
with open(input_file_name, "rb") as f:
@diyinfosec
diyinfosec / 03-aes-key-find-using-schedule.py
Created January 27, 2022 19:57
Find AES-256 keys in memory dump based on key schedule calculation across a sliding window.
from timeit import default_timer as timer
from binascii import b2a_hex,hexlify
#- First half of the code covers AES schedule calculation. Memory dump processing, line 150 onwards.
#- AES key schedule calculation taken from: https://www.alexrhodes.io/blog/post/30/
class AesKeySchedule:
#AES S-box
s_box = [
@diyinfosec
diyinfosec / 02-aes-bruteforce-with-randomness-check.py
Created January 27, 2022 18:28
Brute-force AES-256 keys from memory dump with randomness checks (using count of distinct bytes)
from timeit import default_timer as timer
from binascii import b2a_hex
#- Config variables
filename="memory.dmp"
aes_key_size=32
min_distinct_bytes=10
#- Variables related to file processing
file_offset=0;
from timeit import default_timer as timer
from binascii import b2a_hex,hexlify
#- Goto "Memory dump processing" second section
#- AES key schedule calculation taken from: https://www.alexrhodes.io/blog/post/30/
class AesKeySchedule:
#AES S-box
s_box = [