Skip to content

Instantly share code, notes, and snippets.


Tod Beardsley todb-r7

View GitHub Profile
todb-r7 / emotet-1.txt
Created Mar 23, 2020
Emotet internal password lists 2020-03-11
View emotet-1.txt

ISSW Turbo Talks!

  1. No photography, recording, or other attribution of material.
  2. 10 minutes is good, 5 minutes is better.
  3. Get your last orders in before 13:15.
  4. Tell @todb if you're gonna talk.
  5. Speakers get $10 drink tickets!
  6. Join Slack, below!

todb-r7 / .bashrc
Created Jan 15, 2016
Prompt for Ruby sanity
View .bashrc
# RVM prompt, two line style.
function git-current-branch {
git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/(\1) /'
export PS1="[\$(~/.rvm/bin/rvm-prompt)]\n\$(git-current-branch)$PS1"
todb-r7 / module-commit-counts.txt
Created Dec 31, 2015
Modules sorted by commit counts, Dec 31, 2015
View module-commit-counts.txt
Sorted modules by commit counts
modules/exploits/windows/smb/psexec.rb 106
modules/exploits/windows/smb/ms08_067_netapi.rb 73
modules/exploits/multi/http/tomcat_mgr_deploy.rb 65
modules/exploits/multi/http/jboss_bshdeployer.rb 51
modules/exploits/multi/http/jboss_maindeployer.rb 49
modules/exploits/multi/http/jboss_deploymentfilerepository.rb 49
modules/exploits/windows/local/bypassuac.rb 47
modules/exploits/multi/browser/java_signed_applet.rb 47
todb-r7 /
Last active Aug 29, 2015
Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936)

Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936)

Product Description

Ceragon produces a series of ruggedized, microwave backhaul devices used to provide connectivity to mobile, IP-based devices; usually, these devices are found in either large industrial environments, or installed on towers to provide "middle-mile" connectivity to mobile customers on behalf of ISPs. In other words, a FibeAir IP-10 typically act as a router of IP traffic. A compromise on these devices can expose the

View r7-new-community.txt
Hash: SHA1
On or around March 31, 2015, if you are a registered user of
the Rapid7 Community at, you will notice
that your password will be automatically expired out, you
will get a password reset notification from,
and you will notice some significant changes on the site.
This is not a trick. We have not suffered a redirection
View psqlfix.txt
mike@rbci:~$ psql -U postgres
psql (9.0.3)
Type "help" for help.
postgres=# update pg_database set datallowconn = TRUE where datname = 'template0';
postgres=# \c template0
You are now connected to database "template0".
template0=# update pg_database set datistemplate = FALSE where datname = 'template1';
todb-r7 / .gitconfig
Created Nov 26, 2014
Safely publish local changes to upstream master
View .gitconfig
# A pretty and short commit log which notes signed commits
nicelog = log --pretty=format:'%Cred%h%Creset -%Creset %s %Cgreen(%cr) %C(bold blue)<%aE>%Creset [%G?]'
# Get the current tracking branch, eg, upstream/master
tracking = !"git branch -vv | grep \\* | sed 's#.*\\[\\(.*\\)[]].*#\\1#' | cut -f 1 -d :"
# Get the current tracking branch remote, eg, upstream
tracking-remote = !"git tracking | cut -f 1 -d /"
# Fetch and rebase from the current tracking remote, preserving and re-signing local merges.
fetch-preserve-merges = !"git fetch $(git tracking-remote) && \
git rebase --preserve-merges && \
todb-r7 /
Last active Jul 22, 2021
My standard bio

117 words or so:

Tod Beardsley is the Director of Research at Rapid7. He has over 30 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT Ops and Security positions in large organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner.

Today, Tod directs the security research program at Rapid7, is a zealous advocate for coordinated vulnerability disclosure, is a CVE Board member, is a contributing author to a number of research papers produced by Rapid7, and is often a Travis County Election Judge in Texas. Because of this last qualifier, it is permissible to address him as "Your Honor."

Tod can be uniquely identified at