Niels Hofmans hazcod
hazcod
/ logicapp-canary.json
Created
February 10, 2024 22:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "definition": { | |
| "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", | |
| "actions": { | |
| "Condition": { | |
| "actions": { | |
| "Terminate": { | |
| "inputs": { | |
| "runStatus": "Cancelled" | |
| }, |
hazcod
/ ms-sentinel-dcr-template.yml
Created
November 29, 2023 10:11
Microsoft Sentinel resource template for creating a Data Collector Rule (DCR) to ingest custom logs into Microsoft Sentinel SIEM.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "dataCollectionRules_OnePasswordLogs_name": { | |
| "defaultValue": "OnePasswordLogs", | |
| "type": "String" | |
| }, | |
| "dataCollectionEndpoints_1password_externalid": { | |
| "defaultValue": "/subscriptions/SUBSCRIPTION-ID-HERE/resourceGroups/myresgroup/providers/Microsoft.OperationalInsights/dataCollectionEndpoints/1password", |
hazcod
/ evilnginx-o365-phishlet.yml
Last active
July 20, 2022 07:45
Working Office365 phishlet for evilnginx2.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| author: '@hazcod' | |
| min_ver: '2.3.0' | |
| proxy_hosts: | |
| - {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true} | |
| - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: false, is_landing:false} | |
| sub_filters: | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true} |
hazcod
/ get-intigriti-program-domains.sh
Created
April 7, 2022 09:17
Retrieves domains from the Intigriti public program on the public website.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| join_by() | |
| { | |
| local IFS="$1" | |
| shift | |
| echo "$*" | |
| } | |
| data=$(curl -s https://www.intigriti.com/programs) |
hazcod
/ CVE-2021-44228.nuclei.yaml
Last active
December 18, 2023 06:50
Nuclei template to scan for log4shell (CVE-2021-44228).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2021-44228 | |
| info: | |
| name: Log4J RCE | |
| author: iNvist / hazcod | |
| severity: critical | |
| description: CVE-2021-44228 | |
| requests: | |
| - raw: |
hazcod
/ falcon-autoinstall.sh
Last active
October 22, 2023 12:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| CLIENT_ID="_FALCON_API_CLIENT_ID_" | |
| CLIENT_SECRET="FALCON_API_CLIENT_SECRET_" | |
| CID="_FALCON_CID_" | |
| TOKEN="_FALCON_INSTALL_TOKEN" | |
| API_HOST="api.eu-1.crowdstrike.com" | |
| function main() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "flag" | |
| "fmt" | |
| "github.com/go-piv/piv-go/piv" | |
| conf "github.com/hazcod/sop/config" | |
| "github.com/pkg/errors" | |
| "github.com/sirupsen/logrus" | |
| "os" |
hazcod
/ CVE-2021-36934.bat
Created
July 22, 2021 11:32
CVE-2021-36934 manual mitigation in commandprompt.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo > CVE-2021-36934 fixer | |
| echo See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 | |
| echo Deleting current shadow copies... | |
| vssadmin delete shadows /all /quiet | |
| echo Fixing privilege issue... | |
| icacls %windir%\system32\config\*.* /inheritance:e | |
| echo Creating brand new shadow copy... |
hazcod
/ gist:e50779fa6403364d1ceee1c9ecb3f552
Last active
July 22, 2021 11:34
disables the printer spooler (disables local and remote printing) to fix PrintNightmare vulnerabilities.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <wap-provisioningdoc id="1162DF07-F217-449B-95F8-FB85A34D3CA5" name="windows-printerspooler-disable"> | |
| <characteristic type="com.airwatch.winrt.registryoperation" uuid="3fa91319-eac0-4a16-9d10-093ba845b698"> | |
| <parm RegistryPath="HKLM\SYSTEM\CurrentControlSet\Services\Spooler" Action="Replace"> | |
| <Value Name="Start" Data="4" Type="DWORD" /> | |
| </parm> | |
| </characteristic> | |
| </wap-provisioningdoc> |
hazcod
/ psycopg2-with-reconnects.py
Created
May 28, 2021 13:40
This helper class helps you use Psycopg but with connection reattempts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PGDB(): | |
| LIMIT_RETRIES = 5 | |
| def __init__(self, user:str, password:str, host:str, port:int, database:str, sslmode:str, reconnect:bool): | |
| self.user = user | |
| self.password = password | |
| self.host = host | |
| self.port = port | |
| self.database = database | |
| self._connection = None |
NewerOlder