Skip to content

Instantly share code, notes, and snippets.

👽
#raidarea51

Miroslav Stampar stamparm

👽
#raidarea51
Block or report user

Report or block stamparm

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View mac-vendor.txt
000000 Xerox
000001 Xerox
000002 Xerox
000003 Xerox
000004 Xerox
000005 Xerox
000006 Xerox
000007 Xerox
000008 Xerox
000009 Xerox
@stamparm
stamparm / drupalgeddon2.rules
Last active Oct 16, 2018
Snort rule for "Drupalgeddon2 (CVE-2018-7600)"
View drupalgeddon2.rules
alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Drupalgeddon2 (CVE-2018-7600)"; flow: to_server,established; content:"POST"; http_method; content:"markup"; fast_pattern; content: "/user/register"; http_uri; pcre:"/(access_callback|pre_render|lazy_builder|post_render)/i"; classtype:web-application-attack; sid:9000110; rev:1;)
View sha256sum.txt
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b ./installed.ete
0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887 ./bins/coli-0.dll
52e88433f2106cc9a3a961cd8c3d0a8939d8de28f2ef3ee8ea648534a8b036a4 ./bins/tibe-1.dll
d3db1e56360b25e7f36abb822e03c18d23a19a9b5f198e16c16e06785fc8c5fa ./bins/cnli-0.dll
13ce3731db5b926f980855e923e1c754c4a15a5cdad47b7ef27e6dd54cf5293d ./bins/Eternalsynergy-1.0.1.0.xml
96edea8d08ab10eee86776cfb9e32b4701096d21c39dbffeb49bd638f09d726a ./bins/trfo.dll
8a5cce25f1bf60e716709c724b96630b95e55cc0e488d74d60ea50ffba7d6946 ./bins/etebCore-2.x64.dll
5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee ./bins/libeay32.dll
47e16f7db53d9adf24d193ff4d523b1bc7ae59ff8520cfa012365bdb947c96f9 ./bins/posh.dll
36107f74be98f15a45ff716e37dad70f1ff9515bc72a0a1ec583b803c220aa92 ./bins/tucl.dll
@stamparm
stamparm / 2017-5638.rules
Last active Jan 30, 2018
Snort rule for Apache Struts Remote Code Execution (2017-5638)
View 2017-5638.rules
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"WEB_SERVER Apache Struts Remote Code Execution (2017-5638)"; flow:established,to_server; content:"opensymphony"; fast_pattern:only; content:"Content-Type|3a 20|"; http_header; pcre:"/Content-Type: [ ]*[%$]{[^\r\n]*#\w+/Hi"; reference:cve,2017-5638; classtype:web-application-attack; sid:9000101; rev:2;)
@stamparm
stamparm / sinkhole_emails.txt
Last active Oct 9, 2018
Email addresses used in WHOIS registrations of sinkholed malicious/malware domains
View sinkhole_emails.txt
botsmustdie@gmail.com
jgou.veia@gmail.com
malicious-domains@shadowserver.org
the.malware.cabal@gmail.com
bdomaincontrol@gmail.com
malsinkhole@gmail.com
cyd-dns@ic.fbi.gov
s1nkh0l3@yahoo.com
info@fitsec.com
ctu-sinkhole@secureworks.com
@stamparm
stamparm / disable_wsh.reg
Last active Jul 24, 2016
Disable Windows Script Host (for prevention of recent ransomware phishing attacks)
View disable_wsh.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Enabled"="0"
View keybase.md

Keybase proof

I hereby claim:

  • I am stamparm on github.
  • I am stamparm (https://keybase.io/stamparm) on keybase.
  • I have a public key whose fingerprint is 93D8 F2DD 0948 7028 EAB1 D51E DF02 F6DE B539 7B1B

To claim this, I am signing this object:

@stamparm
stamparm / creds.txt
Last active Mar 25, 2017
Honeypot collected telnet brute-force credentials
View creds.txt
666666:666666
888888:888888
admin:1111
admin:1111111
admin:1234
admin:12345
admin:123456
admin1:password
admin:4321
admin:7ujMko0admin
View gist:e4cf68f422d5c4f612db
sons.console.cf
advisory.terranovaroofingandsiding.com
alberta.croftonliving.com
corn.liziarossi.com
dave.ddhowdoyoulikemenow.com
do.liziarossi.com
doug.liziarossi.com
electronics.reelhighmedia.com
embassy.ddhowdoyoulikemenow.com
emphasis.croftonliving.com
@stamparm
stamparm / gist:df9a0dcdd18f36662363
Created May 5, 2015
OpenX/Revive malicious/compromised oxCacheFile.delivery.php
View gist:df9a0dcdd18f36662363
<?php
/*
+---------------------------------------------------------------------------+
| OpenX v${RELEASE_MAJOR_MINOR} |
| =======${RELEASE_MAJOR_MINOR_DOUBLE_UNDERLINE} |
| |
| Copyright (c) 2003-2009 OpenX Limited |
| For contact details, see: http://www.openx.org/ |
| |
You can’t perform that action at this time.