Skip to content

Instantly share code, notes, and snippets.

View tuantmb's full-sized avatar
😹

Tuan T tuantmb

😹
  • Vietnam
View GitHub Profile
@tuantmb
tuantmb / resources.md
Created April 16, 2022 01:46 — forked from muff-in/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@tuantmb
tuantmb / linux_shell_rebuild_vmware_kernel_modules.md
Last active March 17, 2022 13:19
Rebuild vmware kernel modules (usually after upgrading linux kernel) - Fix gcc not found/not complicate to build vmware modules

Command run with root permission

CPATH=/usr/src/linux-headers-`uname -r | awk -F- '{printf "%s-%s-common",$1,$2}'`/include/linux vmware-modconfig --console --install-all

Require install build tools & linux kernel source headers

apt install linux-headers-$(uname -r)
apt install build-essential
@tuantmb
tuantmb / create-msf-shortcut.sh
Last active March 15, 2022 14:34
Create msf-* from exploit tools path in metasploit framework
#!/bin/bash
#MSF_TOOLS_PATH=/opt/metasploit-framework/embedded/framework/tools/exploit
command -v dirname >/dev/null 2>&1 || { echo >&2 "Require dirname for automatically detect path. Comment this line of code for manual set your mSF_TOOLS_PATH"; exit 1; }
command -v locate >/dev/null 2>&1 || { echo >&2 "Require locate for automatically detect path. Comment this line of code for manual set your mSF_TOOLS_PATH"; exit 1; }
# Automatic detect msf exploit tools path
MSF_TOOLS_PATH=$(dirname $(locate pattern_create.rb))
if [ ! -z "$MSF_TOOLS_PATH" ]
then
echo "[+] Automatically detect path \"$MSF_TOOLS_PATH\""
@tuantmb
tuantmb / blogs.txt
Created March 1, 2022 01:16 — forked from albertzsigovits/blogs.txt
Security research blogs
# Security research blogs:
##########################
Akamai https://blogs.akamai.com
AlienVault https://www.alienvault.com/blogs/labs-research
Arbor https://asert.arbornetworks.com
AVAST https://blog.avast.com/topic/threat-research
Avira https://blog.avira.com/research
BAE Systems https://baesystemsai.blogspot.com
BitDefender https://labs.bitdefender.com
@tuantmb
tuantmb / web-security-list.md
Created March 1, 2022 01:16 — forked from manfromanotherland/web-security-list.md
Web security blogs, a list of links provided by http://twitter.com/esevece
@tuantmb
tuantmb / BUILDING-RDM.md
Created February 24, 2022 09:06 — forked from ayan4m1/BUILDING-RDM.md
How to build Redis Desktop Manager - https://github.com/uglide/RedisDesktopManager

Redis Desktop Manager for Windows

Yes, it's been done already. No, it's still not particularly easy. You do not need to use either Qt Creator or VS2015.

I am building on information found here, here, and here. Thanks to these folks and the contributors to RDM.

With this document, I sought to "trim the fat" from these other guides and prove that VS2015 itself was not in fact necessary - just its tooling.

Prerequisites

@tuantmb
tuantmb / canary_log4jcheck.py
Created December 14, 2021 09:32 — forked from beamzer/canary_log4jcheck.py
#!/usr/bin/python3
import requests
#import uuid
import logging
import urllib3
import time
import sys
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
logging.basicConfig(level=logging.INFO)
@tuantmb
tuantmb / pdf_flatedecode.py
Created December 8, 2021 15:31 — forked from averagesecurityguy/pdf_flatedecode.py
Decompress FlateDecode Objects in PDF
#!/usr/bin/env python3
# This script is designed to do one thing and one thing only. It will find each
# of the FlateDecode streams in a PDF document using a regular expression,
# unzip them, and print out the unzipped data. You can do the same in any
# programming language you choose.
#
# This is NOT a generic PDF decoder, if you need a generic PDF decoder, please
# take a look at pdf-parser by Didier Stevens, which is included in Kali linux.
# https://tools.kali.org/forensics/pdf-parser.
#
@tuantmb
tuantmb / Threat Hunting for File Hashes as an IOC
Created November 15, 2021 06:46 — forked from Shivammalaviya/Threat Hunting for File Hashes as an IOC
let MaxAge = ago(7d);
let SHA256_whitelist = pack_array(
'hhh' // SHA256 that you want to whitelist.
);
let abuse_ch = (externaldata(sha256_hash: string,signature:string ,vtpercent:string )
[@"https://bazaar.abuse.ch/export/csv/recent/"]
with (format="txt"))
| where sha256_hash !startswith "#"
| project sha256_hash,signature,vtpercent;
abuse_ch
@tuantmb
tuantmb / Threat Hunting with AIP
Created October 27, 2021 23:16 — forked from Shivammalaviya/Threat Hunting with AIP
let AIPBlacklist = externaldata(Number:string,IP: string,values:dynamic) [@"https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_blacklist_for_IPs_seen_last_24_hours.csv",
@"https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_historical_blacklist_prioritized_by_newest_attackers.csv",@"https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_historical_blacklist_prioritized_by_repeated_attackers.csv"]
with (format="csv",ignoreFirstRecord=true)
| where IP !startswith "#"
| project IP;
AIPBlacklist
| join (DeviceNetworkEvents
| where ActionType in ("ConnectionSuccess","InboundConnectionAccepted","ConnectionFound")
)
on $left.IP == $right.RemoteIP