J midnightslacker

## list-of-curl-options.txt
$ curl --help
Usage: curl [options...] <url>
     --abstract-unix-socket <path> Connect via abstract Unix domain socket
     --alt-svc <file name> Enable alt-svc with this cache file
     --anyauth       Pick any authentication method
 -a, --append        Append to target file when uploading
     --basic         Use HTTP Basic Authentication
     --cacert <file> CA certificate to verify peer against
     --capath <dir>  CA directory to verify peer against
 -E, --cert <certificate[:password]> Client certificate file and password

## aws-dangling-domain-discovery-tool.sh
#!/bin/bash

# This script attempts to locate potential dangling domains on AWS. You need AWS CLI installed and your keys configured
# Make sure you insert your Bing API key below as well.
# All the sleeps were necessary to not allocate the same IP address multiple times


while true
do
	unset IP

## nuke_all_backups.sh
#!/bin/bash

REGIONS=`aws ec2 describe-regions --query Regions[].RegionName  --output text`

for r in $REGIONS ; do
	VAULTS=`aws backup list-backup-vaults --query BackupVaultList[].BackupVaultName --output text --region $r`

	for v in $VAULTS ; do
		RECOVERY_POINTS=`aws backup list-recovery-points-by-backup-vault --backup-vault-name $v --query RecoveryPoints[].RecoveryPointArn --output text --region $r`
		for a in $RECOVERY_POINTS ; do

## openssl_commands.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                midnightslacker
                / openssl_commands.md
            
            
              Created
              September 14, 2020 19:11
                — forked from Hakky54/openssl_commands.md
            
              
                Some list of openssl commands for check and verify your keys
              
          
    openssl

Install

Install the OpenSSL on Debian based systems
sudo apt-get install openssl

  
## mostly_painless_cuckoo_sandbox_install.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                midnightslacker
                / mostly_painless_cuckoo_sandbox_install.md
            
            
              Created
              August 11, 2020 13:21
                — forked from 7MinSec/mostly_painless_cuckoo_sandbox_install.md
            
              
                Mostly painless Cuckoo Sandbox install
              
          
    How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way.  I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso
Build your Linux Cuckoo VM


Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:


100GB hard drive
2 procs
8 gigs of RAM


## .bash_profile
#  ---------------------------------------------------------------------------
#
#  Description:  This file holds all my BASH configurations and aliases
#
#  Sections:
#  1.   Environment Configuration
#  2.   Make Terminal Better (remapping defaults and adding functionality)
#  3.   File and Folder Management
#  4.   Searching
#  5.   Process Management

## rngods,py
#!/usr/bin/python3
import random

name = ['Jack-Rabbit', 'Elephant', 'Donkey', 'Walrus']
seed = random.randint(1,120)

names = random.sample(name, len(name))

print(names)

## TA_example_data
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/support.html#Support.Client.describe_trusted_advisor_check_result

{
    'result': {
        'checkId': 'string',
        'timestamp': 'string',
        'status': 'string',
        'resourcesSummary': {
            'resourcesProcessed': 123,
            'resourcesFlagged': 123,

## ExpandDefenderSig.ps1
filter Expand-DefenderAVSignatureDB {
<#
.SYNOPSIS

Decompresses a Windows Defender AV signature database (.VDM file).

.DESCRIPTION

Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.

## cbapi-ps-lsass-loop.py
# Carbon Black Evil PowerShell LSASS Query
#
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe
#
# Author: Jason Lang (@curi0usJack)
#
# Prereqs (Windows 10)
#	Install bash on Win10
#	sudo apt-get install python-pip
#	sudo pip install --upgrade requests
	$ curl --help
	Usage: curl [options...] <url>
	--abstract-unix-socket <path> Connect via abstract Unix domain socket
	--alt-svc <file name> Enable alt-svc with this cache file
	--anyauth Pick any authentication method
	-a, --append Append to target file when uploading
	--basic Use HTTP Basic Authentication
	--cacert <file> CA certificate to verify peer against
	--capath <dir> CA directory to verify peer against
	-E, --cert <certificate[:password]> Client certificate file and password
	#!/bin/bash

	# This script attempts to locate potential dangling domains on AWS. You need AWS CLI installed and your keys configured
	# Make sure you insert your Bing API key below as well.
	# All the sleeps were necessary to not allocate the same IP address multiple times


	while true
	do
	unset IP
	#!/bin/bash

	REGIONS=`aws ec2 describe-regions --query Regions[].RegionName --output text`

	for r in $REGIONS ; do
	VAULTS=`aws backup list-backup-vaults --query BackupVaultList[].BackupVaultName --output text --region $r`

	for v in $VAULTS ; do
	RECOVERY_POINTS=`aws backup list-recovery-points-by-backup-vault --backup-vault-name $v --query RecoveryPoints[].RecoveryPointArn --output text --region $r`
	for a in $RECOVERY_POINTS ; do
	# ---------------------------------------------------------------------------
	#
	# Description: This file holds all my BASH configurations and aliases
	#
	# Sections:
	# 1. Environment Configuration
	# 2. Make Terminal Better (remapping defaults and adding functionality)
	# 3. File and Folder Management
	# 4. Searching
	# 5. Process Management
	#!/usr/bin/python3
	import random

	name = ['Jack-Rabbit', 'Elephant', 'Donkey', 'Walrus']
	seed = random.randint(1,120)

	names = random.sample(name, len(name))

	print(names)
	https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/support.html#Support.Client.describe_trusted_advisor_check_result

	{
	'result': {
	'checkId': 'string',
	'timestamp': 'string',
	'status': 'string',
	'resourcesSummary': {
	'resourcesProcessed': 123,
	'resourcesFlagged': 123,
	filter Expand-DefenderAVSignatureDB {
	<#
	.SYNOPSIS

	Decompresses a Windows Defender AV signature database (.VDM file).

	.DESCRIPTION

	Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.
	# Carbon Black Evil PowerShell LSASS Query
	#
	# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe
	#
	# Author: Jason Lang (@curi0usJack)
	#
	# Prereqs (Windows 10)
	# Install bash on Win10
	# sudo apt-get install python-pip
	# sudo pip install --upgrade requests