| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16) |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
mrz-secops-offsec jonz-secops
jonz-secops
/ cvemap_wrapper.ps1
Created
February 2, 2024 07:32
— forked from LuemmelSec/cvemap_wrapper.ps1
cvemap wrapper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run cvemap with our desired flags and output to json | |
| # I needed to run this with cvemap version 0.0.2 as 0.0.3 broke the ability to pipe to a file for whatever reason | |
| .\cvemap.exe -severity=critical -severity=high -es '> 0.01' -poc=true -l 1000 -json > new_vulns.json | |
| # Paths to the JSON files | |
| $newJsonFilePath = "new_vulns.json" | |
| $databaseJsonFilePath = "cve_database.json" | |
| # Read the newly fetched JSON file | |
| $newJsonContent = Get-Content -Path $newJsonFilePath | ConvertFrom-Json |
jonz-secops
/ Base64_CheatSheet.md
Created
April 10, 2023 18:06
— forked from Neo23x0/Base64_CheatSheet.md
Learning Aid - Top Base64 Encodings Table
jonz-secops
/ doh-blocklist.txt
Created
April 25, 2022 22:43
— forked from ckuethe/doh-blocklist.txt
DNS-over-HTTPS Block List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Here are some domains I block to interfere with DNS-over-HTTPS, so that my own DNS-based security schemes work. | |
| # If you're going to be doing this, you should probably block all outbound 53, 853, and 5353 on your network, | |
| # except from your own internal DNS resolver (eg. pihole) | |
| # | |
| # Data from https://github.com/curl/curl/wiki/DNS-over-HTTPS | |
| one.one.one.one | |
| canadianshield.cira.ca | |
| doh.dns.sb | |
| dnsforge.de |
guns
/ Permissive forwarding rule leads to unintentional exposure of containers to external hosts
Created
April 15, 2022 01:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From self[at]sungpae.com Mon Nov 8 16:59:48 2021 | |
| Date: Mon, 8 Nov 2021 16:59:48 -0600 | |
| From: Sung Pae <self[at]sungpae.com> | |
| To: security@docker.com | |
| Subject: Permissive forwarding rule leads to unintentional exposure of | |
| containers to external hosts | |
| Message-ID: <YYmr4l1isfH9VQCn@SHANGRILA> | |
| MIME-Version: 1.0 | |
| Content-Type: multipart/signed; micalg=pgp-sha256; | |
| protocol="application/pgp-signature"; boundary="QR1yLfEBO/zgxYVA" |
SwitHak
/ 20201222-TLP-WHITE_HOW-TO-detect-SolarWinds_events.md
Last active
March 15, 2021 17:50
BlueTeam CheatSheet * SolarWinds Events* | Last updated: 2020-12-24 1334 UTC
- This section aims to provide the detections released by security companies to detect the malwares / files linked to SolarWinds supply-chain compromise events. We kindly remind you that this detections signatures could / will evolve in the next days, stays updated by checking the vendors resources to have the last information.
- SolarWinds in a support article now removed, asked the organizations to exclude SolarWinds products paths of the anti-virus scans. If it is an understandable practice to not impact SolarWinds products functions, the following detections will not work if the installation paths exclusions are not removed first.
GroupDocsGists
/ DocumentMetadataCleaner.cs
Last active
March 3, 2022 18:35
Clean All Metadata from Documents and Images
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Clean all the detected metadata properties from Word, Excel, | |
| * PowerPoint, PDF, and other documents using C# | |
| */ | |
| using (Metadata metadata = new Metadata("filePath/document.pdf")) | |
| { | |
| var affected = metadata.Sanitize(); | |
| metadata.Save("filePath/output.pdf"); | |
| } |
invokethreatguy
/ oauthServer.go
Created
June 7, 2020 19:33
— forked from staaldraad/oauthServer.go
A mini OAuth server for Azure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/tls" | |
| "fmt" | |
| "io/ioutil" | |
| "net/http" | |
| "net/url" | |
| "strings" | |
| ) |
TallonRain
/ config.fish
Last active
April 17, 2024 00:32
Set up Fish Shell to use gpg-agent as the SSH agent for Yubikeys and other smart cards
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add these contents to ~/.config/fish/config.fish | |
| # If using Brew, config.fish is located in /usr/local/Cellar/fish/[version]/etc/fish/ | |
| # Generally recommend using the installer from https://fishshell.com instead of brew | |
| # to avoid version updates overwriting the config file | |
| # Start or re-use a gpg-agent. | |
| gpgconf --launch gpg-agent | |
| # Ensure that GPG Agent is used as the SSH agent | |
| set -e SSH_AUTH_SOCK |
ChrisYounger
/ SplunkBookmarks.html
Created
April 4, 2019 11:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE NETSCAPE-Bookmark-file-1> | |
| <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> | |
| <TITLE>Bookmarks</TITLE> | |
| <H1>Bookmarks</H1> | |
| <DL><p> | |
| <dt><a href="https://splunkbase.splunk.com/">Splunkbase</a> | |
| <dt><a href="https://git.io/splhighlighter">Splunk Highlighter</a> | |
| <dt><a href="http://regex101.com/">regex101.com</a> | |
| <dt><a href="http://strftime.net/">strftime.net</a> | |
| <DT><H3 ADD_DATE="1551742873" LAST_MODIFIED="1553513798">.Conf Files</H3> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Translates Markdown syntax to Slack, replaces: | |
| # | |
| # - hyphened lists with bullet symbols | |
| # - double bold marker asterisks `**` with single asterisk `*` | |
| # - headers `#` with bold marker asterisks `*` | |
| # | |
| # Run with | |
| # | |
| # python markdown-to-slack.py filename.md | |
| # |
NewerOlder