Tested on Ubuntu 18.04.
You will want to allow non-root users to capture packets. These users must be part of the wireshark group.
$ sudo apt update
dustyfresh
/ TAO_disclosed_projects.txt
Created
September 7, 2018 14:37
List of TAO projects scraped from: https://electrospaces.blogspot.com/p/nsas-tao-division-codewords.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ACRIDMINI - TAO computer hacking project | |
| ADJUTANT VENTURE - Intrusion set? | |
| ALOOFNESS - Cyber threat actor | |
| ALTEREDCARBON - An IRATEMONK implant for Seagate drives | |
| AMULETSTELLAR - Cyber threat actor sending malicious e-mails | |
| ANGRYNEIGHBOR - Family of radar retro-reflector tools used by NSA's TAO division | |
| APERTURESCIENCE - TAO computer hacking project | |
| ARGYLEALIEN - Method to cause a loss of data by exploiting zeroization of hard-drives | |
| ARKSTREAM - Implant used to reflash BIOS, installed by remote access or intercepted shipping | |
| ARROWECLIPSE - Counter CNE tool |
dustyfresh
/ reggit.py
Created
September 10, 2017 15:27
register reddit accounts using selenium (splinter). Changes exit node after each account creation and also uses random user agent.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import time | |
| from splinter import Browser | |
| from faker import Faker | |
| import random | |
| from stem import Signal | |
| from stem.control import Controller | |
| from fake_useragent import UserAgent | |
| class Reggit(): |
dustyfresh
/ hashcat_m2_max_benchmark.txt
Created
May 27, 2023 17:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./hashcat -b | |
| hashcat (v6.2.6-549-gd3f7c5132) starting in benchmark mode | |
| Benchmarking uses hand-optimized kernel code by default. | |
| You can use it in your cracking session by setting the -O option. | |
| Note: Using optimized kernel code limits the maximum supported password length. | |
| To disable the optimized kernel code in benchmark mode, use the -w option. | |
| The device #1 has been disabled as it most likely also exists as an OpenCL device, but it is not possible to automatically map it. | |
| You can use -d 1 to use Metal API instead of OpenCL API. In some rare cases this is more stable. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| from datetime import datetime | |
| import time | |
| from time import sleep | |
| from dnslib import DNSLabel, QTYPE, RD, RR, RCODE | |
| from dnslib import A, AAAA, CNAME, MX, NS, SOA, TXT | |
| from dnslib.server import DNSServer |
dustyfresh
/ nginx-load-scripts-mitigation.conf
Last active
March 14, 2023 06:07
nginx rule to mitigate DoS attack on WordPress load-scripts.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html | |
| # https://wpvulndb.com/vulnerabilities/9021 | |
| location ~* ^/wp-admin/load-scripts\.php$ { | |
| if ( $query_string ~* "^.{1024,}$" ) { | |
| return 444; | |
| } | |
| } |
dustyfresh
/ secrets.yara
Last active
October 11, 2022 21:26
yara signatures converted from trufflehog regexes for identifying secrets in text files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Yara signatures for identifying secrets in text files. Requires libmagic! | |
| Mostly all stolen from Trufflehog regexes: | |
| - https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json | |
| */ | |
| import "magic" |
dustyfresh
/ tshark.md
Last active
June 1, 2022 16:22
Systemd service to capture all traffic on ports 53/80/443. tshark will store up to 10MB of data per pcap file, and keep store up to 2GB of captures on disk. Once 2GB disk limit is reached, tshark will rotate older pcaps. Change the filecount in the capture script if you want to store more traffic on disk.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Security enhancements and custom Nginx server header | |
| # | |
| # Requirements: | |
| # $ apt install nginx vim | |
| # $ apt install libnginx-mod-http-headers-more-filter | |
| # $ vim /etc/nginx/sites-enabled/default | |
| # | |
| # Further reading http://docs.hardentheworld.org/Applications/Nginx/ | |
| # | |
| server { |
dustyfresh
/ inkyphat-crypto-ticker.py
Created
November 18, 2020 00:54
Crypto price ticker with the inkyphat eink display
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import cryptocompare | |
| from time import sleep | |
| from inky import InkyPHAT | |
| from random import shuffle | |
| from datetime import datetime | |
| from PIL import Image, ImageDraw, ImageColor, ImageFont | |
| def log(msg): | |
| #print(msg) |
dustyfresh
/ osx_finder_rce_21.yar
Last active
September 21, 2021 22:18
yara rule for OSX finder RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule osx_finder_rce_21 { | |
| meta: | |
| description = "https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/" | |
| strings: | |
| $xml_1 = /\<\?xml/ | |
| $xml_2 = /\<plist/ | |
| $xml_3 = /\<key\>URL/ | |
| $sploit_str = /\<string\>(file|ssh|sftp|ftp|git|svn|news|afp|telnet)\:\/\// nocase |
NewerOlder