killswitch-GUI

Keybase proof

I hereby claim:

• I am killswitch-gui on github.
• I am killswitchgui (https://keybase.io/killswitchgui) on keybase.
• I have a public key whose fingerprint is 7F6A A2E0 2FC2 9D10 4327 B138 CB86 0113 C1B6 9F03

To claim this, I am signing this object:

killswitch-GUI

# 255 min host group
# min rate 1000 should be fine for internal
# Full Port Scan / --open 

nmap -Pn -n -sS -p- -sV --min-hostgroup 255 --min-rtt-timeout 25ms --max-rtt-timeout 100ms --max-retries 1 --max-scan-delay 0 --min-rate 1000 -oA <customer-#> -vvv --open -iL <IPLIST>

killswitch-GUI

#!/usr/bin/python
# Pure Python Tiny Packet Snifer
# Author: Alexander Rymdeko-Harvey
# Twitter: @Killswitch-GUI

import socket, time
from datetime import datetime
import struct

def outputPcapPFile(fileName):

killswitch-GUI

#!/usr/env python

###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]: 
## This script is intended to be executed locally on a Linux box to enumerate basic system info and 
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits. 

killswitch-GUI

import zlib
import struct
import sys

# 4 byte header
# crc32 uLong 
#
# 0   1
# +---+---+
# |CMF|FLG|

killswitch-GUI

# built off https://github.com/n0fate/chainbreaker 
# for EmPyre dynamic execution
# all credit goes too: n0fate

# http://web.mit.edu/darwin/src/modules/Security/cdsa/cdsa/cssmtype.h
KEY_TYPE = {
    0x00+0x0F : 'CSSM_KEYCLASS_PUBLIC_KEY',
    0x01+0x0F : 'CSSM_KEYCLASS_PRIVATE_KEY',
    0x02+0x0F : 'CSSM_KEYCLASS_SESSION_KEY',
    0x03+0x0F : 'CSSM_KEYCLASS_SECRET_PART',

killswitch-GUI

google.com
youtube.com
facebook.com
baidu.com
yahoo.com
amazon.com
wikipedia.org
google.co.in
twitter.com
qq.com

killswitch-GUI

unsigned char wpcap_dll[] = {
  0x4d, 0x5a, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
  0xff, 0xff, 0x00, 0x00, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x08, 0x01, 0x00, 0x00, 0x0e, 0x1f, 0xba, 0x0e, 0x00, 0xb4, 0x09, 0xcd,
  0x21, 0xb8, 0x01, 0x4c, 0xcd, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70,
  0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f,
  0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x75, 0x6e, 0x20, 0x69, 0x6e, 0x20,

killswitch-GUI

#!/usr/bin/python
# Pure Python Tiny Packet Snifer
# Author: Alexander Rymdeko-Harvey
# Twitter: @Killswitch-GUI

# BSD 3-Clause License

# Copyright (c) 2017, Alexander Rymdeko-Harvey
# All rights reserved.

killswitch-GUI

#pragma comment(lib, "Shell32.lib")
#include <windows.h>
#include <shlobj.h>

// msfvenom -p windows/exec -a x86 --platform windows -f c cmd=calc.exe
int buf_len = 193;
unsigned char buf[] =
"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30"
"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52"