Skip to content

Instantly share code, notes, and snippets.

View numanturle's full-sized avatar
🕳️

numan numanturle

🕳️
275 followers · 175 following
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active April 18, 2024 11:20
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@tothi
tothi / usbgadget_razer.sh
Created August 22, 2021 09:52
Razer USB gadget on Android for Local Privilege Escalation on Windows
# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#
# the script was developed & tested on Android LineageOS 18.1
@Retr02332
Retr02332 / CVE-2020-7115.md
Last active November 8, 2022 08:01
Entendiendo a detalle el CVE-2020-7115

CVE-2020-7115 (Aruba Clearpass RCE)

Reconocimiento

Cuando seleccionamos un dominio como objetivo, y en la toma de huellas dactilares encontramos que el aplicación web funciona con java en el backend. Es interesante buscar archivos como struts.xml para agrandar aun mas la superficie de ataque.

Struts es un framework web (MVC) orientado a tecnologías java. En este archivo define algunas configuraciones del sitio. Entre ellas hay una en particular que puede ser de gran utilidad para un atacante. El elemento <action>.

¿Que es un archivo struts.xml?

Es un archivo de configuración XML para especificar la relación entre una URL, una clase Java y una página de vista (como index.jsp).

@marcan
marcan / m1racles-poc.c
Last active June 17, 2023 06:10
/*
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
*
* Please visit m1racles.com for more information.
*
* Licensed under the MIT license.
*/
@0xsha
0xsha / Solarwinds_Orion_LFD.py
Last active July 16, 2022 12:46
Solarwinds_Orion_LFD local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
# CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? )
# @0xSha
# (C) 2020 0xSha.io
# Advisory : https://www.solarwinds.com/securityadvisory
# Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip
# Details : https://kb.cert.org/vuls/id/843464
# C:\inetpub\SolarWinds\bin\OrionWeb.DLL
# According to SolarWinds.Orion.Web.HttpModules
@antichown
antichown / Golang cross compilation
Last active November 7, 2020 21:51
Golang cross compilation
#!/bin/bash
# Reference:
# https://github.com/golang/go/blob/master/src/go/build/syslist.go
os_archs=(
aix/ppc64
darwin/386
darwin/amd64
dragonfly/amd64
freebsd/386
@IvanChepurnyi
IvanChepurnyi / JIT results
Last active April 29, 2021 12:33
Benchmark HTTP service
wrk -c 500 -d 30s -t 12 -R 20k -L http://localhost:8888
Running 30s test @ http://localhost:8888
12 threads and 500 connections
Thread calibration: mean lat.: 456.139ms, rate sampling interval: 3485ms
Thread calibration: mean lat.: 458.787ms, rate sampling interval: 3125ms
Thread calibration: mean lat.: 294.161ms, rate sampling interval: 1654ms
Thread calibration: mean lat.: 391.126ms, rate sampling interval: 3123ms
Thread calibration: mean lat.: 325.404ms, rate sampling interval: 2699ms
Thread calibration: mean lat.: 359.069ms, rate sampling interval: 2533ms
Thread calibration: mean lat.: 72.867ms, rate sampling interval: 222ms
@eybisi
eybisi / hooky.js
Created April 18, 2020 20:59
hookymooky.js
// install package with adb install package.name
// do not open application
// use -f force option
// frida -U -f package.name -l del.js
Java.perform(function() {
var ssl = Java.use("k.x$b")
var channel = Java.use("f.e.c.b.g.f.g.a.c")
var Integer = Java.use("java.lang.Integer");
var ArrayList = Java.use("java.util.ArrayList");
var ArrayList = Java.use("java.util.ArrayList");
@asdqwe3124
asdqwe3124 / gd-gif.php
Last active October 8, 2023 03:27
<?php
//php gd-gif.php image.gif gd-image.gif
$gif = imagecreatefromgif($argv[1]);
imagegif($gif, $argv[2]);
imagedestroy($gif);
?>
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active February 9, 2024 14:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.