This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
TEB Detect Impersonating Threads for Microsoft Windows | |
Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
Released under AGPL see LICENSE for more information | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
VEH misuse detector for Microsoft Windows | |
Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
Released under AGPL see LICENSE for more information | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
VEH misuse detector for Microsoft Windows | |
Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
Released under AGPL see LICENSE for more information | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
INCIDENT_NAME = "NCCGROUPHTTPS" | |
VERSION = "0.1" | |
MODULE_DESCRIPTION = "NCCGROUPHTTPS" | |
AUTHOR = "Ollie Whitehouse" | |
AUTHOR_EMAIL = "ollie.whitehouse@nccgroup.com" | |
CERT_FILE = "/tmp/selfsigned.crt" | |
KEY_FILE = "/tmp/private.key" | |
from opencanary.modules import CanaryService |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
This was the first version - the newer version also includes *When* it was loaded also. | |
https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1 | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import hmac | |
import binascii | |
import base64 | |
import sys | |
import struct | |
from Crypto.Cipher import AES | |
HASH_ALGO = hashlib.sha256 | |
SIG_SIZE = HASH_ALGO().digest_size |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
04fdd701809d17465c17c7e603b1b202 ./2.11.0/apache-log4j-2.11.0-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
415c13e7c8505fb056d540eac29b72fa ./2.8/apache-log4j-2.8-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
415c13e7c8505fb056d540eac29b72fa ./2.8.1/apache-log4j-2.8.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
04fdd701809d17465c17c7e603b1b202 ./2.9.0/apache-log4j-2.9.0-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
8b2260b1cce64144f6310876f94b1638 ./2.4.1/apache-log4j-2.4.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
a193703904a3f18fb3c90a877eb5c8a7 ./2.8.2/apache-log4j-2.8.2-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
3bd9f41b89ce4fe8ccbf73e43195a5ce ./2.6.1/apache-log4j-2.6.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
04fdd701809d17465c17c7e603b1b202 ./2.11.2/apache-log4j-2.11.2-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
21f055b62c15453f0d7970a9d994cab7 ./2.13.0/apache-log4j-2.13.0-bin/org/apache/logging/lo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Debug register (hardware breakpoint) misuse detector for Microsoft Windows | |
Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
Released under AGPL see LICENSE for more information | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
REM °² Enumerates all files extensions ²° | |
REM °² and what opens them on Windows 10 in batch/cmd ²° | |
REM °² twitter: @ollieatnccgroup ²° | |
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
REM ------------------------------------------------------ | |
REM |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.File; | |
import java.util.Base64; | |
import common.CommonUtils; | |
import java.security.KeyPair; | |
class DumpKeys | |
{ | |
public static void main(String[] args) | |
{ | |
try { |
NewerOlder