Skip to content

Instantly share code, notes, and snippets.

View furusiyya's full-sized avatar

Bilal furusiyya

37 followers · 49 following
View GitHub Profile
@furusiyya
furusiyya / proxy_copy.go
Created August 22, 2016 09:37 — forked from jbardin/proxy_copy.go
Go TCP Proxy pattern
package proxy
import (
"io"
"log"
"net"
)
func Proxy(srvConn, cliConn *net.TCPConn) {
// channels to wait on the close event for each connection
@furusiyya
furusiyya / Cyber Sec.
Created August 22, 2016 18:00
# CySecBooks
============
## Repo Content
- A Guide to Kernel Exploitation Attacking the Core
- Computer Networking A Top-Down Approach
- Fuzzing Brute Force Vulnerability Discovery
- Gray Hat Python - Python Programming for Hackers and Reverse Engineers (2009)
- Hacking - The Art of Exploitation, 2nd Ed.
- Metasploit, Penetration Testers Guide
@furusiyya
furusiyya / conntrack.go
Created December 9, 2016 21:21
I only track for NEW TCP events and log their (src ip, src port, dst port) in a non-blocking channel (FIFO queue). When tcp server receive packet, it compare its src ip and src port with channel entries and get destination port of matching one. Same I do udp server.
package glutton
import (
"bufio"
"bytes"
"os/exec"
"regexp"
)
const tcpRegExp = `\[\w+]\s+\w+\s+.+?src=(\d+\.\d+\.\d+\.\d+)\s+dst=(\d+\.\d+\.\d+\.\d+)\s+sport=(\d+)\s+dport=(\d+)\s+`
@furusiyya
furusiyya / extract_call.py
Created January 2, 2017 22:03 — forked from singe/extract_call.py
Pythonista script to extract a phone number from copy pasted text, add it to your Contacts if it doesn't exist, then call it.
import re
import clipboard
import console
import webbrowser
import urllib
import contacts
import datetime
import dialogs
def extract_num(input):
@furusiyya
furusiyya / MiraiObfuscation
Created January 2, 2017 22:19
Actual Mirai obfuscation.
for (i = 0; i < *len; i++)
{
 cpy[i] ^= 0xDE;
 cpy[i] ^= 0xAD;
 cpy[i] ^= 0xBE;
 cpy[i] ^= 0xEF;
}
(facepalm)
@furusiyya
furusiyya / reclaimWindows10.ps1
Created January 10, 2017 12:39 — forked from alirobe/reclaimWindows10.ps1
"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Fork via https://github.com/Disassembler0 (different defaults)
##########
# Win10 Initial Setup Script
# Author: Disassembler <disassembler@dasm.cz>
# Version: 1.7, 2016-08-15
# dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/
# THIS IS A PERSONALIZED VERSION
# This script leaves more MS defaults on, including MS security features.
# Tweaked based on personal preferences for @alirobe 2016-11-16 - v1.7.1
@furusiyya
furusiyya / elastic.conf
Created February 8, 2017 14:46
- "consumer.Http":
Enable: true
ID: ""
Fuse: ""
Stream:
- "foo"
- "bar"
Address: ":9000"
ReadTimeoutSec: 3
WithHeaders: true
@furusiyya
furusiyya / capturingWithNFQ.go
Created December 17, 2016 10:29
//IPTable rules for capturing ssh packets
//sudo iptables -A INPUT -p tcp --dport 22 -j NFQUEUE --queue-num 0
//sudo iptables -A OUTPUT -p tcp --dport 22 -j NFQUEUE --queue-num 0
//sudo iptables -A FORWARD -p tcp --dport 22 -j NFQUEUE --queue-num 0
package main
import (
@furusiyya
furusiyya / keybase.md
Created March 16, 2017 18:24

Keybase proof

I hereby claim:

  • I am furusiyya on github.
  • I am furusiyya (https://keybase.io/furusiyya) on keybase.
  • I have a public key whose fingerprint is 2D55 B75B D686 3D23 55A7 F44F 4C5A 29F8 C638 4CB0

To claim this, I am signing this object:

@furusiyya
furusiyya / DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Created March 24, 2017 12:00 — forked from carnal0wnage/DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation