Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
:cheeeeeese:

Royce Williams roycewilliams

💭
:cheeeeeese:
View GitHub Profile
@akhepcat
akhepcat / reneg@.service
Created Jul 20, 2022
quick network interface renegotiation script and helper
View reneg@.service
# Install in /etc/systemd/system
# enable as 'reneg@eth0.service' or other interface(s)
#
[Unit]
Description=ethtool configuration to enable 2500mbps speed for the specified card
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/local/sbin/renegotiate-eth %i
View webmaster_www_sec_gov.key
# Originator-Name: webmaster@www.sec.gov
# Originator-Key-Asymmetric: MFgwCgYEVQgBAQICAf8DSgAwRwJAW2sNKK9AVtBzYZmr6aGjlWyK3XmZv3dTINenTWSM7vrzLADbmYQaionwg5sDW3P6oaM5D3tdezXMm7z1T+B+twIDAQAB
-----BEGIN RSA PRIVATE KEY-----
MIIBNwIBAAJAW2sNKK9AVtBzYZmr6aGjlWyK3XmZv3dTINenTWSM7vrzLADbmYQa
ionwg5sDW3P6oaM5D3tdezXMm7z1T+B+twIDAQABAkABRr5ZShEY5TInM7ENwv74
sBpEO1VlMfJMLBae4v+AuqWY84VVD5p289Aj/Nqr+TLDxIlv6tMutm5t7Mkam8b5
AiBmPveycBH/yZ4E/lx8ERfchGLS7Q/hX2ttFS/RT4PpiwIhAOTjxRg2VWt0dqpj
HMUrnsdkO0452SGWuPypvl/Drq0FAiAvyi6sUIWZMPuTCfDgbHzirV4jiHprtNXZ
XpXDF49okQIgQ97KLbDGyXMiUMnM2SZjEYrGDx8WJGCV/82xdqIGpKUCIFrHwky1
ZIFMteKResE2jlw4TLhCmDrq+sxqkOMpcV96
@atoponce
atoponce / readme.md
Last active May 26, 2022
Commandline password managers for Unix-like operating systems
View readme.md

Must be updated within the past two years (May 2020) to be on this list. Listed in alphabetical order:

  • 1Password CLI1 and CLI2
    • Written by the 1Password team.
    • Written in Go using the Cobra library.
    • CLI2 has new sub-command syntax that differs from CLI1.
    • JSON output is difficult to work with.
    • Requires 1Password account.
    • Proprietary software.
  • bw
@ryancdotorg
ryancdotorg / allsum.c
Created Apr 11, 2022
simple command line tool to hash a file with every digest algorithm openssl supports
View allsum.c
// cc -O2 -Wall -Wextra -pedantic allsum.c -lcrypto -o allsum
#define _GNU_SOURCE
#include <stdint.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <ctype.h>
View keystrokes.html
<!DOCTYPE html>
<html lang="en">
<head>
<title>Keystroke Analysis</title>
<meta charset="utf-8">
<style>
#intro {
font-size: large;
}
View collect-entropy.zsh
collect-entropy () {
zmodload zsh/mathfunc
local wordlist=($(grep -P '^[aoeuidhtns]{3,}$' /usr/share/dict/words))
local length=${#wordlist[@]}
local min=$(( 65536 % $length ))
local wordcount=$(( int(ceil(512/log2($length))) ))
local words=()
for ((i=1; i<=${wordcount}; i++ )) do
local rand=$(( 0x$(xxd -ps -l 2 /dev/urandom) ))
until [[ $rand -ge $min ]]
@akhepcat
akhepcat / pkexec
Created Jan 26, 2022
replacement pkexec wrapper to log pkexec attempts
View pkexec
#!/bin/bash
# Don't forget to mv /usr/bin/pkexec /usr/bin/pkexec.bin; chmod 0 /usr/bin/pkexec.bin; before using this
PATH=/bin:/usr/bin:/sbin:/usr/sbin
PROG="${0##*/}"
SYSLOG=localhost #change to a remote collector if you have one
PID=$$
cmdline=$(tr '\0' ' ' </proc/$PPID/cmdline | tr -dc '[:print:]')
logger --priority auth.alert -n ${SYSLOG} -t "${PROG}-watch" "called by $USER, PID=$PID, Parent=$PPID, cmdline=[${cmdline}]"
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active Aug 5, 2022
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
View 20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@noperator
noperator / log4j.md
Last active Dec 29, 2021
Emerging threat details on CVE-2021-44228 in Apache Log4j
View log4j.md

Update: Please see Bishop Fox's rapid response post Log4j Vulnerability: Impact Analysis for latest updates about this vulnerability.

Technologies using Apache Log4j

The Cosmos 🌌 team at Bishop Fox 🦊 is currently researching open-source projects that appear to use Log4j by default.

  • Apache Druid
  • Apache Dubbo
  • Apache Flink
  • Apache Flume
@gnremy
gnremy / CVE-2021-44228_IPs.csv
Last active Mar 23, 2022
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET
View CVE-2021-44228_IPs.csv
ip tag_name
162.155.56.106 Apache Log4j RCE Attempt
223.111.180.119 Apache Log4j RCE Attempt
213.142.150.93 Apache Log4j RCE Attempt
211.154.194.21 Apache Log4j RCE Attempt
210.6.176.90 Apache Log4j RCE Attempt
199.244.51.112 Apache Log4j RCE Attempt
199.101.171.39 Apache Log4j RCE Attempt
197.246.175.186 Apache Log4j RCE Attempt
196.196.150.38 Apache Log4j RCE Attempt