Skip to content

Instantly share code, notes, and snippets.

💭
:cheeeeeese:

Royce Williams roycewilliams

💭
:cheeeeeese:
Block or report user

Report or block roycewilliams

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@wdormann
wdormann / checkaslr.py
Last active Jan 24, 2020
Check for running processes on Windows that have components that do not utilize ASLR
View checkaslr.py
#!/usr/bin/env python
'''
Utility to check for processes running with non-ASLR-compatible components.
Run with Administrative privileges to get visibility into all processes.
(1a) psutil: https://pypi.org/project/psutil/
Installed via PIP
-OR-
(1b) Sysinternals ListDLLs: https://docs.microsoft.com/en-us/sysinternals/downloads/listdlls
@IanColdwater
IanColdwater / twittermute.txt
Last active Jan 26, 2020
Here are some terms to mute on Twitter to clean your timeline up a bit.
View twittermute.txt
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@Sc00bz
Sc00bz / bs-speke.txt
Last active Jan 21, 2020
BS-SPEKE is an augmented PAKE
View bs-speke.txt
BS-SPEKE
BS-SPEKE is a modified B-SPEKE with blind salt (OPRF). Modified B-SPEKE is a
similar change from SPEKE as from SPAKE2 to SPAKE2+ to make it augmented. Doing
this saves a scalar point multiply vs original B-SPEKE with blind salt. BS-SPEKE
is the best augmented PAKE that I know of. Only problem is there are no proofs,
but it's not hard to take the SPEKE proof, add the OPAQUE proof for OPRF, and
it's obvious that the augmented change makes it augmented. So if anyone knows
how to formally state that in a proof, that would be awesome to have.
@m33x
m33x / unhexme.py
Created Dec 9, 2019
Reverses the Hashcat $HEX output format - defaults to utf-8 encoding https://hashcat.net/forum/thread-2483.html
View unhexme.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
:author: Maximilian Golla
:contact: maximilian.golla@rub.de
:version: 0.0.1, 2019-12-09
:description: Reverses the Hashcat $HEX output format - defaults to utf-8 encoding
:more: https://hashcat.net/forum/thread-2483.html
:info: Works with Python 2.7 and Python 3.6
View Kill-Ransomware.ps1
# Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org>
# Kill all parent processes of the command that tries to run "vssadmin Delete Shadows"
# IMPORTANT: This must run with Administrator privileges!
Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action {
# Kill all parent processes from detected vssadmin process
$p = $EventArgs.NewEvent.TargetInstance
while ($p) {
$ppid = $p.ParentProcessID
$pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid"
Write-Host $p.ProcessID
@epixoip
epixoip / test_delims.pl
Created Nov 5, 2019
Brute force field delimiters in a text file
View test_delims.pl
#!/usr/bin/env perl
use strict;
use warnings;
my @delims = ( 9, 11, 28, 29, 30, 31, 32 .. 47, 58 .. 64, 91 .. 96, 123 .. 126 );
my $file = $ARGV[0] || die "Usage: $0 <filename>\n";
open (my $fh, "<", $file) || die "Unable to open $file: $!\n";
@williballenthin
williballenthin / macOS_savedstate.py
Last active Dec 27, 2019
parse macOS savedState files
View macOS_savedstate.py
'''
parse SavedState artifacts extracted from OSX.
author: Willi Ballenthin (william.ballenthin@fireeye.com)
license: Apache 2.0
'''
import re
import sys
import json
import struct
View 2019_vbulletin_0day_info.txt
I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.
As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php
$serverData = array_merge($_GET, $_POST);
if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
{
$app = $this->application['handler'];
@tomnomnom
tomnomnom / passwords.txt
Last active Jan 10, 2020
MySQL Docker Passwords pulled from Dockerfile and docker-compose.yml files
View passwords.txt
0Z0mQ130F65E8wD
1QAZXsw2
3dodPaTXF5
5E84F90
5aQNxsB58752fNl
5ciuk1sy
5zkfAr9Y8k6qosP
8PuNNgp9wm2w
9Lug*96q
14mR00t
@wdormann
wdormann / disable_discimage.reg
Created Aug 29, 2019
Disable Windows Explorer file associations for Disc Image Mount (ISO, IMG, VHD, VHDX)
View disable_discimage.reg
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\.iso]
[-HKEY_CLASSES_ROOT\.img]
[-HKEY_CLASSES_ROOT\.vhdx]
[-HKEY_CLASSES_ROOT\.vhd]
You can’t perform that action at this time.