Skip to content

Instantly share code, notes, and snippets.

View roycewilliams's full-sized avatar
💭
:cheeeeeese:

Royce Williams roycewilliams

💭
:cheeeeeese:
View GitHub Profile
@malexmave
malexmave / ntstatus.csv
Last active November 16, 2023 15:04
There are a bunch of versions of the list of NTSTATUS codes online, but many of them are invalid CSVs. This one is cleaned so that it is accepted by Azure Sentinel for import as a Watchlist.
View ntstatus.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
Return value;Return code;Description
0x00000000;STATUS_SUCCESS;The operation completed successfully.
0x00000000;STATUS_WAIT_0;The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state.
0x00000001;STATUS_WAIT_1;The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state.
0x00000002;STATUS_WAIT_2;The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state.
0x00000003;STATUS_WAIT_3;The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state.
0x0000003F;STATUS_WAIT_63;The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state.
0x00000080;STATUS_ABANDONED;The caller attempted to wait for a mutex that has been abandoned.
0x00000080;STATUS_ABANDONED_WAIT_0;The call
View gist:06d709336bc90faaabe8c36af504b71c
Date,Details,Email Payload Type,Users Targeted
10/1/2023,FW: damaged Goods; xlam -> agenttesla continued to 10/9,Attachment,
10/2/2023,RE: SHIPPING DOCUMENT & PACKING LIST; r15 -> agenttesla,Attachment,2
10/2/2023,RE: CONFIRM REVISED PIURCHASE ORDER; zip -> formbook,Attachment,2
10/2/2023,Signed Purchase Order: PO/US/4509622207; zip -> formbook,Attachment,2
10/2/2023,Attachment name is Document.zip; zip -> agenttesla,Attachment,2
10/3/2023,RE: New Order; r15 -> agenttesla,Attachment,2
10/3/2023,Wrong Payment Information; zip -> agenttesla,Attachment,2
10/4/2023,RE: Status For September SOA; xls -> agenttesla continued to 10/5,Attachment,4
10/5/2023,Purchase Order - HOM-OS-20-23-813; r15 -> agenttesla,Attachment,2
@adulau
adulau / http2-rapid-reset-ddos-attack.md
Last active February 19, 2024 10:31
HTTP/2 Rapid Reset DDoS Attack
View http2-rapid-reset-ddos-attack.md

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

@mttaggart
mttaggart / electron-versions.csv
Last active November 18, 2023 03:15
CVE-2023-4863 Electron App Tracker | THIS LIST IS NOW DEPRECATED. PLEASE VISIT https://github.com/mttaggart/electron-app-tracker FOR THE LATEST DATA
View electron-versions.csv
app_name repo electron_version vulnerable
1Clipboard https://github.com/wiziple/1clipboard
1Password None 25.8.1 FALSE
3CX Desktop App 19.0.8 TRUE
5EClient None
Abstract None
Account Surfer None
Advanced REST Client https://github.com/advanced-rest-client/arc-electron ^17.0.0 TRUE
Aedron Shrine None
Aeon https://github.com/leinelissen/aeon 23.2.0 TRUE
@april
april / find-all-electron-versions.sh
Last active December 13, 2023 07:15
find all apps using Electron and their versions, on macOS systems
View find-all-electron-versions.sh
#!/usr/bin/env zsh
# patched versions for CVE-2023-4863: 22.3.24, 24.8.3, 25.8.1, 26.2.1
mdfind "kind:app" 2>/dev/null | sort -u | while read app;
do
filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework"
if [[ -f $filename ]]; then
echo "App Name: $(basename ${app})"
electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/')
@osy
osy / tpm-rant.md
Last active February 19, 2024 01:44
TPM provides zero practical security
View tpm-rant.md

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@singe
singe / mirror.sh
Created August 18, 2023 09:18
A quick 'n dirty website mirror script
View mirror.sh
#!/bin/sh
# A quick 'n dirty website mirror script
# by @singe
# Ideally, wget -r should mirror a site, but modern websites are complex, this
# tries to fix the gaps of what is typically mixed.
# It's been tested on 3 or 4 sites, and likely needs more tricks added.
sourcedomain="$1"
depth="$2"
@atoponce
atoponce / word-lists.md
Last active January 22, 2024 04:13
A list of notable and primarily English word lists that can be used for building passphrases.
View word-lists.md

Passphrase Word Lists

Introduction

This document outlines a number of different word lists for passphrase generation, encoding of binary data, and other uses. This document is grouped and sorted by the number of unique words in each word list, fewest unique words first.

Licensing Note

Some of these word lists are placed in the public domain, others are copyrighted with various licenses. Please refer to the license of each word

@Chick3nman
Chick3nman / H100_PCIe_v6.2.6.Benchmark
Last active May 17, 2023 23:04
Hashcat v6.2.6 benchmark on the Nvidia H100 PCIe
View H100_PCIe_v6.2.6.Benchmark
Nvidia Driver Version: 525.85.12 CUDA Version: 12.0
This is the PCIe variant of the H100, which is limited to 350W TDP and has a more limited clock speed than the SXM5 H100.
Hashcat was built from the github master branch at the time of running. 1 mode failed to benchmark due to a thread count issue.
The H100 PCIe was added to the tuning Alias file for this run.
hashcat (v6.2.6-514-gbf1d7d078) starting in benchmark mode
Benchmarking uses hand-optimized kernel code by default.
@singe
singe / hashcat_maskgen.sh
Created April 17, 2023 11:16
Generate a list of hashcat masks from a wordlist
View hashcat_maskgen.sh
#!/bin/bash
# hashcat mask generator
# by @singe
infile="$1"
outfile="$1.freq.masks"
outfile2="$1.length.masks"
tmp=$(mktemp)