Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

ygini

Reversing 10.13 RootGate, hands notes

Inital discovery process

Original state of the root.plist

Dict {
    smb_sid = Array {
        S-1-5-18

talkingmoose

#!/bin/zsh

:<<'ABOUT_THIS_SCRIPT'
-----------------------------------------------------------------------

	Written by:William Smith
	Partner Program Manager
	Jamf
	bill@talkingmoose.net
	https://gist.github.com/b6637160b65b751824943ede022daa17

arubdesu

#!/usr/bin/python
# -*- coding: utf-8 -*-
import glob
import os
import subprocess
import sys
sys.path.append('/usr/local/munki/munkilib')
import FoundationPlist

path = '/Users/abanks/Library/AutoPkg/Cache'

danieltharp

# ********************************************************************************
#
# Script Name: DangItBobby.ps1
# Version: 1.0.0
# Author: bluesoul <https://bluesoul.me>
# Date: 2016-04-06
# Applies to: Domain Environments
#
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner. It 

chilcote

General links mentioned in the talk:

Der Flounder
Virtually Ghetto
Installing OSX in Fusion
Create VMware OSX Install DMG
VMware Volume Deployment Package
Setting the license key from the command line
Using vmrun

petervanderdoes

#! /usr/local/bin/bash
#
# Calomel.org 
#     https://calomel.org/zfs_health_check_script.html
#     FreeBSD 9.1 ZFS Health Check script 
#     zfs_health.sh @ Version 0.15

# Check health of ZFS volumes and drives. On any faults send email. In FreeBSD
# 10 there is supposed to be a ZFSd daemon to monitor the health of the ZFS
# pools. For now, in FreeBSD 9, we will make our own checks and run this script

MiqViq

#!/bin/bash

# reposado_auto_munkiimport_aswupd_configdata_items
#
# automatically create apple_update_metadata pkginfo files for Munki: XProtectPlistConfigData, Gatekeeper Configuration Data
#

# path to your Munki repo (local or mounted share)
munkiRepoDir="/Users/Shared/munki/repo"

albertbori

Overview

This is a bash script that will automatically turn your wifi off if you connect your computer to an ethernet connection and turn wifi back on when you unplug your ethernet cable/adapter. If you decide to turn wifi on for whatever reason, it will remember that choice. This was improvised from this mac hint to work with Yosemite, and without hard-coding the adapter names. It's supposed to support growl, but I didn't check that part. I did, however, add OSX notification center support. Feel free to fork and fix any issues you encounter.

Most the credit for these changes go to Dave Holland.

Requirements

• Mac OSX 10+
• Administrator privileges

elmariofredo

# Fetch and fill config
mikrotik_vpn_config=$(curl https://gist.github.com/elmariofredo/7232556/raw/VPN-L2TP-IPSEC.mikrotik \
| sed -e '
s/IPSEC_PEER_SECRET/somesecret/g;
s/USER1_NAME/mario/g;
s/USER1_PASS/somepass/g;
s/IP_RANGE/172.16.24.100-172.16.24.200/g;
s/DNS_SERVER/172.16.22.1/g;
s/LOCAL_ADDRESS/172.16.22.1/g;
s/WINS_SERVER/172.16.22.1/g')