Skip to content

Instantly share code, notes, and snippets.

View syndrowm's full-sized avatar

Evan syndrowm

48 followers · 20 following
View GitHub Profile
@mvelazc0
mvelazc0 / attack_range.yml
Created March 23, 2023 15:14
general:
cloud_provider: aws
attack_range_password: AW^@#^%&^#@##
use_prebuilt_images_with_packer: '0'
key_name: yourkey-001423
ip_whitelist: 8.8.8.8 #your public ip address
attack_range_name: test-range
aws:
private_key_path: /Users/your/key-001423.key
region: us-west-2
@sdcampbell
sdcampbell / DynamicAssemblyLoader.cs
Last active February 5, 2023 19:49
Extended Bohop's DynamicAssemblyLoader to work with any .Net assembly loaded from http/s. The original project (https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyLoader.cs) loaded an assembly from a hard-coded path on disk.
// DynamicAssemblyLoader: A DotNet Assembly Loader using a Dynamic Method and Emitted MSIL Instructions
// Author: @bohops
//
// "Normal" Implementation:
/*
Assembly assembly = Assembly.Load(assemblyBytes);
assembly.EntryPoint.Invoke(obj, objArr);
*/
// Original author is @bohops
@HackingLZ
HackingLZ / coalmine.py
Last active March 24, 2024 14:54
#!/usr/bin/python3
import re
import zipfile
import argparse
from urllib.parse import urlparse
from colorama import Fore
from colorama import Style
from colorama import init
@gamozolabs
gamozolabs / proc_mem.py
Last active July 1, 2022 15:23
IDA Python loader for /proc/pid/mem without debugging a process
import re, subprocess, idaapi, ida_segment, ida_kernwin
# To install this, simply put it in your ida_install/loaders folder and open
# a `/proc/<pid>/mem` file!
#
# You might need to set `echo 0 > /proc/sys/kernel/yama/ptrace_scope` if you
# want to be able to dump processes depending on your system configuration.
# Check if the file is supported by our loader
def accept_file(li, filename):
@gmurdocca
gmurdocca / socat_caesar_dpi.md
Last active January 22, 2024 05:08
Circumventing Deep Packet Inspection with Socat and rot13

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

@johnnyxmas
johnnyxmas / Active_Infosec_Discords.md
Last active January 8, 2024 04:49
@0xsha
0xsha / CVE-2021-44142.py
Last active October 3, 2023 13:34
CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
# CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
# (C) 2022 - 0xSha.io - @0xSha
# This PoC is un-weaponized and for educational purposes only .
# To learn how to use the PoC please read the writeup :
# https://0xsha.io/blog/a-samba-horror-story-cve-2021-44142
# requires samba4-python
# Refrences :
# https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
# Patch : https://attachments.samba.org/attachment.cgi?id=17092
@qtc-de
qtc-de / DynWin32-ReverseShell.ps1
Last active March 16, 2024 10:37
PowerShell reverse shell that uses dynamically resolved Win32 API functions
<#
DynWin32-ReverseShell.ps1 is a reverse shell based on dynamically looked up Win32 API calls.
The script uses reflection to obtain access to GetModuleHandle, GetProcAddress and CreateProcess.
Afterwards it uses GetModuleHandle and GetProcAddress to resolve the required WSA functions
from ws2_32.dll.
This script should be used for educational purposes only (and maybe while playing CTF :D).
It was only tested on Windows 10 (x64) and is probably not stable or portable. It's only
purpose is to demonstrate the usage of reflective lookups of Win32 API calls. See it as
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@theevilbit
theevilbit / screenshot.m
Last active April 19, 2024 07:55
Make a screenshot on macOS using Objective-C
/*
Compile:
gcc -framework Foundation -framework AppKit screenshot.m -o screenshot
*/
#import <Foundation/Foundation.h>
#import <AppKit/AppKit.h>
int main(void) {