Skip to content

Instantly share code, notes, and snippets.

View securesean's full-sized avatar

Sean Pierce securesean

149 followers · 80 following
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 14, 2024 11:08
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@gwillem
gwillem / _cronrat.sh
Last active July 11, 2022 14:04
This is the decoded payload from the CRON loader. Full analysis here: https://sansec.io/research/cronrat
set -eEu
set -o pipefail
trap 'echo "L$LINENO"; O70; exit -1' ERR
O54=4
function O70()
{
if [[ ! -z "${O57+x}" ]]; then
if [[ -f "${O57}" ]]; then
rm -f "${O57}"
fi
@qistoph
qistoph / awk_netstat.sh
Created August 6, 2020 07:55
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Based on gist https://gist.github.com/staaldraad/4c4c80800ce15b6bef1c1186eaa8da9f
# - added TCP states
awk 'BEGIN{states["01"]="TCP_ESTABLISHED"
states["02"]="TCP_SYN_SENT"
states["03"]="TCP_SYN_RECV"
states["04"]="TCP_FIN_WAIT1"
states["05"]="TCP_FIN_WAIT2"
states["06"]="TCP_TIME_WAIT"
states["07"]="TCP_CLOSE"
@jthuraisamy
jthuraisamy / loaded_psp_drivers.cpp
Last active October 15, 2023 03:01
Loaded Security Product Drivers
#include <Windows.h>
#include <ImageHlp.h>
#include <strsafe.h>
#include "loaded_psp_drivers.h"
#include <set>
#include <string>
#include <algorithm>
#pragma comment(lib, "crypt32.lib")
@MarkBaggett
MarkBaggett / 1 - pythons_sinister_secrets.md
Last active April 16, 2023 21:37
Come To The Darkside - Pythons Sinister Secrets
@staaldraad
staaldraad / awk_netstat.sh
Last active May 9, 2024 01:14
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@wido
wido / mac2eui64.py
Created December 21, 2016 11:56
Python 3 48-bit MAC to EUI-64 IPv6
#!/usr/bin/env python3
import ipaddress
import re
def mac2eui64(mac, prefix=None):
'''
Convert a MAC address to a EUI64 address
or, with prefix provided, a full IPv6 address
'''
@douglas
douglas / update_git_repos.sh
Created October 14, 2011 15:04
Update all git repositories under a base directory
#!/bin/bash
# store the current dir
CUR_DIR=$(pwd)
# Let the person running the script know what's going on.
echo "\n\033[1mPulling in latest changes for all repositories...\033[0m\n"
# Find all git repositories and update it to the master latest revision
for i in $(find . -name ".git" | cut -c 3-); do