Skip to content

Instantly share code, notes, and snippets.

View iamtimroberts's full-sized avatar

Tim Roberts iamtimroberts

2 followers · 5 following
View GitHub Profile
@gnremy
gnremy / CVE-2021-44228_IPs.csv
Last active April 26, 2023 07:01
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET
ip tag_name
162.155.56.106 Apache Log4j RCE Attempt
223.111.180.119 Apache Log4j RCE Attempt
213.142.150.93 Apache Log4j RCE Attempt
211.154.194.21 Apache Log4j RCE Attempt
210.6.176.90 Apache Log4j RCE Attempt
199.244.51.112 Apache Log4j RCE Attempt
199.101.171.39 Apache Log4j RCE Attempt
197.246.175.186 Apache Log4j RCE Attempt
196.196.150.38 Apache Log4j RCE Attempt
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active October 4, 2025 08:06
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@MHaggis
MHaggis / Install_Splunk_BOTSv3.sh
Last active April 30, 2021 13:07
#! /bin/bash
# Adopted from the great DetectionLab
# This will install Splunk + BOTSv3 dataset
install_prerequisites() {
echo "[$(date +%H:%M:%S)]: Downloading DetectionLab..."
# Clone DetectionLab for Splunk Apps
git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab
}
@MHaggis
MHaggis / Install_Splunk_BOTSv2.sh
Last active March 10, 2022 11:24
#! /bin/bash
# Adopted from the great DetectionLab
# This will install Splunk + BOTSv2 Attack only dataset
install_prerequisites() {
echo "[$(date +%H:%M:%S)]: Downloading DetectionLab..."
# Clone DetectionLab for Splunk Apps
git clone https://github.com/clong/DetectionLab.git /opt/DetectionLab
}
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active October 5, 2025 22:13
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" <. Often used by Emotet (UTF-16)
@SwitHak
SwitHak / 20190730-TLP-WHITE_URGENT11_VxWorks.MD
Last active June 5, 2020 08:12
Tracking vendors responses to URGENT/11 VxWorks vulnerabilities (Last updated: 2020-02-21 1019 UTC)

Advisory (URGENT/11)

UPDATE (2019-10-02 1241 UTC)

General

Armis released new information about the vulnerabilities scope. The vulnerabilities impact more RTOS than expected.

IP Stacks backstory

  • Some of the vulnerabilities discovered by Armis doesn't resides in VxWorks RTOS but in one part of it, the IP stack. This IP stack named IPNET stack comes from Interpeak AB, a company acquired by Wind River the editor of VxWorks RTOS, the 20th March 2006.
  • Before been acquired by Wind River, the Interpeak AB company sold IP stacks to several customers of them. Interpeak AB sold 2 major IP stacks named IPNET & IPLITE, IPLITE is a light version of IPNET.
@mackwage
mackwage / windows_hardening.cmd
Last active October 3, 2025 03:52
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@jessfraz
jessfraz / boxstarter.ps1
Last active October 12, 2025 03:18
Boxstarter Commands for a new Windows box.
# Description: Boxstarter Script
# Author: Jess Frazelle <jess@linux.com>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
@jacobludriks
jacobludriks / wsus-update.ps1
Created July 29, 2014 22:48
wsus-update
Function WSUSUpdate {
$Criteria = "IsInstalled=0 and Type='Software'"
$Searcher = New-Object -ComObject Microsoft.Update.Searcher
try {
$SearchResult = $Searcher.Search($Criteria).Updates
if ($SearchResult.Count -eq 0) {
Write-Output "There are no applicable updates."
exit
}
else {