Skip to content

Instantly share code, notes, and snippets.

View malwaremily's full-sized avatar

Emily Eubanks malwaremily

17 followers · 52 following
View GitHub Profile
@ecapuano
ecapuano / gist:13386852fb80beac4561f2bed569095e
Created March 7, 2021 04:00
HAFNIUM IIS Log Search Patterns
# Quick tip to find super common artifacts of the HAFNIUM Exchange attacks with nothing more than IIS logs...
# Run this grep pattern against all logs in C:\inetpub\logs\LogFiles\W3SVC1
#
# https://twitter.com/eric_capuano
# Quick check for likely successful attacks
## Bash (faster)
egrep -i '((POST.*\/aspnet_client\/)|(system_web\/[A-Za-z0-9]{8}\.aspx|\/ecp\/y\.js)).*2[0-9]{2}\s[0-9]+' *.log
## PowerShell
Select-String -Pattern '((POST.*\/aspnet_client\/)|(system_web\/[A-Za-z0-9]{8}\.aspx|\/ecp\/y\.js)).*2[0-9]{2}\s[0-9]+' *.log
@tsumarios
tsumarios / goneypot.go
Created September 23, 2020 16:23
A simple TCP honeypot written in Go. Usage: "go run goneypot.go <port>" or build a binary and run it specifying a port.
package main
import (
"bytes"
"log"
"net"
"os"
)
// Connection handler
@Neo23x0
Neo23x0 / audit.rules
Last active January 13, 2024 14:12
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@weblancaster
weblancaster / gist:6e7f43fc02725ce747e224b0c4290906
Last active May 25, 2020 12:53
Kill all container, remove all images and stop all containers
#stop all containers:
docker kill $(docker ps -q)
#remove all containers
docker rm $(docker ps -a -q)
#remove all docker images
docker rmi $(docker images -q)
@michaellihs
michaellihs / tmux-cheat-sheet.md
Last active May 3, 2024 10:55
tmux Cheat Sheet
@bastman
bastman / docker-cleanup-resources.md
Created March 31, 2016 05:55
docker cleanup guide: containers, images, volumes, networks

Docker - How to cleanup (unused) resources

Once in a while, you may need to cleanup resources (containers, volumes, images, networks) ...

delete volumes

// see: https://github.com/chadoe/docker-cleanup-volumes

$ docker volume rm $(docker volume ls -qf dangling=true)

$ docker volume ls -qf dangling=true | xargs -r docker volume rm

@joepie91
joepie91 / vpn.md
Last active May 7, 2024 23:27
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@tdantas
tdantas / names.txt
Created May 30, 2014 22:33
names
MARY
PATRICIA
LINDA
BARBARA
ELIZABETH
JENNIFER
MARIA
SUSAN
MARGARET
DOROTHY
@Coopeh
Coopeh / sophosremoval.bat
Created January 17, 2014 08:23
Sophos Removal Script
@ECHO OFF
ECHO ====================================================================
ECHO Sophos Removal v1.0 - Ed Cooper 2014
ECHO Removes Sophos v7 - v10
ECHO ====================================================================
ECHO.
ECHO.
IF NOT EXIST "%~dp0\msizap.exe" GOTO MSIZAPNOTFOUND
ECHO Administrative permissions required. Detecting permissions...
ECHO.
@willurd
willurd / web-servers.md
Last active May 7, 2024 14:57
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000