Skip to content

Instantly share code, notes, and snippets.

View log4shell_regexes.py
import re
from urllib.parse import unquote
FLAGS = re.IGNORECASE | re.DOTALL
ESC_DOLLAR = r'(?:\$|[\\%]u0024||\\x24|\\0?44|%24)'
ESC_LCURLY = r'(?:\{|[\\%]u007B|\\x7B|\\173|%7B)'
ESC_RCURLY = r'(?:\}|[\\%]u007D|\\x7D|\\175|%7D)'
_U_PERCENT_ESCAPE_RE = re.compile(r'%(u[0-9a-f]{4})', flags=FLAGS)
_PERCENT_ESCAPE_RE = re.compile(r'%[0-9a-f]{2}', flags=FLAGS)
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active Jan 15, 2022
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
View 20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@tothi
tothi / usbgadget_razer.sh
Created Aug 22, 2021
Razer USB gadget on Android for Local Privilege Escalation on Windows
View usbgadget_razer.sh
# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#
# the script was developed & tested on Android LineageOS 18.1
@k4nfr3
k4nfr3 / RDP_clear.py
Last active May 20, 2021
Quick python script to analyse mem dump and extract RDP clear passwords while waiting for Mimikatz to integrate it as a module
View RDP_clear.py
import re
from collections import namedtuple
import sys
# Clear text password recovery from mem dump as found by @jonasLyk Tweet : https://twitter.com/jonasLyk/status/1393058962942083076
# borrowed python code from Willi Ballenthin -> https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2
# code inspired by @gentilkiwi 's video
# This is for those who like me wanted to play with this discovery a little and dirty python3 script while waiting to see another module in the great mimikatz tool
# I'm no dev so PR and constructive remarks are welcome
@heinthanth
heinthanth / pentest-arsenal.md
Last active Dec 26, 2021
Penetration Testing Tools for MacOS X
View pentest-arsenal.md
  • [] radare2 - brew
  • [] cutter (radare2) - brew cask
  • [] ghidra - brew cask
  • [] ida-free - brew cask
  • [] nmap - brew
  • [] proxychains - brew (https://gist.github.com/allenhuang/3792521)
  • [] sqlmap - brew
  • [] powershell - brew cask
  • [] impacket scripts - git
  • [] powersploit - git
@monoxgas
monoxgas / main.cpp
Created Feb 12, 2020
Adapative DLL Hijacking - Stability Hooking
View main.cpp
#include <Windows.h>
#include <intrin.h>
#include <string>
#include <TlHelp32.h>
#include <psapi.h>
DWORD WINAPI Thread(LPVOID lpParam) {
// Insert evil stuff
ExitProcess(0);
@stephenhardy
stephenhardy / git-clearHistory
Created Apr 26, 2013
Steps to clear out the history of a git/github repository
View git-clearHistory
-- Remove the history from
rm -rf .git
-- recreate the repos from the current content only
git init
git add .
git commit -m "Initial commit"
-- push to the github remote repos ensuring you overwrite history
git remote add origin git@github.com:<YOUR ACCOUNT>/<YOUR REPOS>.git