I hereby claim:
- I am kyhwana on github.
- I am kyhwana (https://keybase.io/kyhwana) on keybase.
- I have a public key whose fingerprint is B30C 8C4B A734 513F FC75 41C7 B561 9CE0 3A15 5B13
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
inotifywait -m /opt/dionaea/var/dionaea/binaries/ -e create | | |
while read path action file; do | |
if [[ "$file" != *"smb"* ]]; then | |
if [[ "$file" != *"httpupload"* ]]; then | |
date=`date` | |
echo "The file '$file' appeared in directory '$path' via '$action' at '$date'" | |
firejail --quiet yara -w /opt/dionaea/rules-master/malware_index.yar $path$file | |
firejail --quiet clamscan $path$file --no-summary | |
fi | |
fi |
Lastpass: All under NDAs. https://lastpass.com/support.php?cmd=showfaq&id=1626 | |
1password: https://support.1password.com/security-assessments/ | |
keepass: https://www.ghacks.net/2016/11/22/keepass-audit-no-critical-security-vulnerabilities-found/ | |
enpass: none. | |
pass: none? | |
# Last Modified: Tue Jan 16 16:27:04 2018 | |
#include <tunables/global> | |
/usr/sbin/sslh { | |
#include <abstractions/base> | |
#include <abstractions/dovecot-common> | |
#include <abstractions/nameservice> | |
#include <abstractions/nis> | |
#include <abstractions/postfix-common> |
19316,19317d19315 | |
< }, d.prototype.getSharedSecret = function() { | |
< return this.isEncrypted() ? "?" : this.decryptedSeed | |
26333,26337d26330 | |
< }), f(".copysecret").click(function (t) { | |
< var n, r, o; | |
< return n = f(this), o = function () { | |
< return n.text("Copy Secret") | |
< }, r = n.parent().find(".sharedSecret")[0], e.onCopyClicked(r), n.text("Copied secret"), setTimeout(o, 1e3) | |
26378,26380c26371 |
19316,19317d19315 | |
< }, d.prototype.getSharedSecret = function() { | |
< return this.isEncrypted() ? "?" : this.decryptedSeed | |
26333,26337d26330 | |
< }), f(".copysecret").click(function (t) { | |
< var n, r, o; | |
< return n = f(this), o = function () { | |
< return n.text("Copy Secret") | |
< }, r = n.parent().find(".sharedSecret")[0], e.onCopyClicked(r), n.text("Copied secret"), setTimeout(o, 1e3) | |
26378,26380c26371 |
Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550,D4F940AB-401B-4EFC-AADC-AD5F3C50688A,3B576869-A4EC-4529-8536-B80A7769E899,75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84,D3E037E1-3EB8-44C8-A917-57927947596D,5BEB7EFE-FD9A-4556-801D-275E5FFC04CC,92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B -AttackSurfaceReductionRules_Actions Enabled, Enabled, Enabled, Enabled, Enabled, Enabled, Enabled | |
#1803 new rules: | |
#Set-MpPreference -AttackSurfaceReductionRules_Ids 01443614-cd74-433a-b99e-2ecdc07bfc25,c1db55ab-c21a-4637-bb3f-a12568109d35,9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2,d1e49aac-8f56-4280-b9ba-993a6d77406c,b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -AttackSurfaceReductionRules_Actions Enabled, Enabled, Enabled, Enabled, Enabled | |
#Anti-PUA rule: | |
Set-MpPreference -PUAProtection Enabled | |
#include <tunables/global> | |
/home/roughtime/server { | |
#include <abstractions/base> | |
/home/roughtime/roughenough.cfg r, | |
/home/roughtime/server mr, | |
} |
Day 1 opening: https://t.co/myIifW120o?amp=1 (by @jpdanner) | |
Tesla coil performance: https://t.co/DoLdCZJZg1?amp=1 (by @jpdanner) | |
Matthew Garrett: I am a scooter: https://youtu.be/aecB2A_ad1A | |
Laura Bell: How can I help you. https://youtu.be/YrMlo2SRFlM | |
RDP/TLS fingerprint twitter coverage + links: https://twitter.com/0x4D31/status/1185025973151907840 | |
Mike loss: lair lair, a first timer red teaming under unusual consitions https://youtu.be/ASSjkkr4OCg | |
Chris culnane. https://stateofit.com/kawaiicon/ internet voting from bad idea to poor execution | |
Fobskis talk on A security tale: https://www.youtube.com/watch?v=Aws1BlWgCWk&feature=youtu.be | |
SophiaFrentz (Not) hacking your biology: https://www.youtube.com/watch?v=8RtWQGHS8Io |
This assumes that you're running Windows 10 Pro/Enterprise 1903 or newer and have enabled the Windows Sandbox. See https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Windows-Sandbox/ba-p/301849 for how to enable this and other requirements. | |
Download ghidra from https://ghidra-sre.org/ and extract it to c:\sandbox\ | |
Download the AdoptOpenJDK Windows x64 JDK from https://adoptopenjdk.net/releases.html?variant=openjdk11&jvmVariant=hotspot#x64_win and copy it to c:\sandbox\jdk.msi | |
Download install.cmd and copy it to c:\sandbox\ | |
If you have any Ghidra scripts or extentions, copy these to a directory in c:\sandbox\ and they will be copied to C:\Users\WDAGUtilityAccount\downloads\ inside the VM as well. | |
Download the ghidra.wsb file and run! | |
The ghidra.wsb will run install.cmd which will copy the files from the shared folder into C:\Users\WDAGUtilityAccount\downloads\ inside the VM and then run the jdk installer (in passive mode, so once the install dialog disappears, it's done) | |
Your shiney new windows 1 |