A collaborative document to collect community style guidelines
Travis Green travisbgreen
travisbgreen
/ gist:e033061b77878f7a4439c78f4238ec37
Created
January 26, 2024 16:07
travisbgreen
/ keybase.md
Created
October 18, 2022 16:34
I hereby claim:
- I am travisbgreen on github.
- I am travisgreen (https://keybase.io/travisgreen) on keybase.
- I have a public key ASDen5czofgQTtBalToc1X6E0LY4vG_NNj39pCOdoSQWlgo
To claim this, I am signing this object:
travisbgreen
/ observed_log4j_payload_domains.txt
Created
December 16, 2021 23:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| scannermcscanface-edgescan.com | |
| w.nessus.org | |
| notburpcollaborator.net | |
| pwn.af | |
| leakix.net | |
| interactsh.com | |
| interact.sh | |
| burpcollaborator.net | |
| canarytokens.com | |
| kryptoslogic-cve-2021-44228.com |
travisbgreen
/ gist:abd6016ed39dac673dd746161d3f39a5
Last active
October 4, 2019 20:49
ssl_state issue
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The ssl_state keyword does not alert on the correct state specified in the rule. We can examine this by exploring TLS SNI, which we should only ever see in client_hello state: | |
| # Example 1: should work with client_hello, but only works with server_hello | |
| alert tls any any -> any [465,25,587] (msg:"Test 1 SNI in SMTPS incorrect state (server_hello)"; tls_sni; content:"flagstring"; flow:established,to_server; ssl_state:server_hello; classtype:attempted-admin; sid:1003923; rev:1;) | |
| alert tls any any -> any [465,25,587] (msg:"Test 1 SNI in SMTPS desired state (client_hello)"; tls_sni; content:"flagstring"; flow:established,to_server; ssl_state:client_hello; classtype:attempted-admin; sid:1003924; rev:1;) | |
| fast.log: | |
| 09/30/2019-19:55:33.413760 [**] [1:1003923:1] Test 1 SNI in SMTPS incorrect state (server_hello) [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.4.5:55804 -> 69.167.159.100:587 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [string]$av = "" | |
| [string]$avs = "" | |
| [string]$mac = "00-00-00-00-00-00" | |
| [string]$mac = (getmac /FO CSV|Select-Object -Skip 1 -first 1| ConvertFrom-Csv -Header MAC|select-object -expand MAC) | |
| $avs = (Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct).displayName |
travisbgreen
/ 3c06cfef2ac05cd977f02f823458e84e.md
Last active
October 24, 2018 18:08
from cuckoo: http://finance-advisors-ca .bid/ldr.bin
GET /ldr.bin HTTP/1.1
Host: finance-advisors-ca.bid
Connection: Keep-Alive
travisbgreen
/ ssl_notes.md
Created
December 13, 2016 16:42
wget https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.rules
grep -Po '[[\d.]+]\s+\d+\s+' sslipblacklist_aggressive.rules | sed 's/] /:/' | sed 's/^[//' | cut -f 1 -d : | sort -u > iplist
grep -Po '[[\d.]+]\s+\d+\s+' sslipblacklist_aggressive.rules | sed 's/] /:/' | sed 's/^[//' | cut -f 2 -d : | sort | uniq -c | sort -nr | head | awk 'BEGIN {ORS=","} {print $2}'
travisbgreen
/ hex2ascii.py
Created
November 29, 2016 23:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env python2 | |
| import sys | |
| with open(sys.argv[1],'r') as infile: | |
| content = infile.read() | |
| hexes = [] | |
| for i in xrange(0,256): | |
| hexes.append(r'\x{0:02X}'.format(i)) | |
| for h in range(len(hexes)): | |
| new = content.replace(hexes[h], chr(h)) | |
| content = new |
travisbgreen
/ proteus_decoder.py
Created
November 28, 2016 23:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env python2 | |
| import fileinput | |
| for line in fileinput.input(): | |
| hexblob = line.replace("\\\\x","\\").replace("\\x","\\").split("\\") | |
| num = (len(hexblob) - 1) / 2 | |
| text = '' | |
| text2 = '' | |
| for i in range(len(hexblob)): | |
| if hexblob[i] != "": | |
| if i <= num: |
travisbgreen
/ shotgunids.py
Created
February 9, 2016 16:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| ''' | |
| usage: echo -n 'This program cannot be run in DOS mode' | ./shotgunids.py | |
| python ./shotgunids.py somestrings.txt | |
| ''' | |
| #Standard Imports | |
| import sys | |
| import fileinput | |
| from hexdump import hexdump |
NewerOlder