Jan-Sebastian R. unknownFalleN

## Red-Teaming-tool.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                unknownFalleN
                / Red-Teaming-tool.md
            
            
              Created
              April 24, 2023 18:17
                — forked from z0rs/Red-Teaming-tool.md
            
          
    Red Teaming tool


General usefull Powershell Scripts
AMSI Bypass restriction Bypass
Payload Hosting
Network Share Scanner
Lateral Movement
Reverse Shellz
POST Exploitation


## markdown-for-slide-decks.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                unknownFalleN
                / markdown-for-slide-decks.md
            
            
              Created
              March 10, 2022 08:53
                — forked from johnloy/markdown-for-slide-decks.md
            
              
                List of markdown presentation tools
              
          
    Electron apps


Marp: Markdown presentation ecosystem.


muryoimpl/slippr: markdown presentation app by Electron


joe-re/cafe-pitch Markdown-driven presentation tool built on Electron.


Slide deck frameworks supporting Markdown source


## log4j_rce_detection.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                unknownFalleN
                / log4j_rce_detection.md
            
            
              Created
              December 20, 2021 06:30
                — forked from Neo23x0/log4j_rce_detection.md
            
              
                Log4j RCE CVE-2021-44228 Exploitation Detection
              
          
    log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

  
## sysctl.conf
### KERNEL TUNING ###

# Increase size of file handles and inode cache
fs.file-max = 2097152

# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

## gist:f22efcd7d40d06fb95af48fda44ecf4d
from pydriller import RepositoryMining
import re
import base64

foundSet = set()
for commit in RepositoryMining('./').traverse_commits():
  for mod in commit.modifications:
    if mod.source_code_before != None:
      regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before)
      for result in regex:

## get_ippsec_details.py
#!/usr/bin/env python3
"""
Script used to pull down the current video descriptions from ippsec's youtube channel.
The raw output still has a few HTML tags that need to be manually removed and there
also seem to be multiple duplicates of videos that have been removed in the output
saved as ippsec-details.txt
"""
import re
import sys

## acltest.ps1
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
    Break
}

$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
    # This prints a table of ACLs
    # get-acl $path | %{ $_.Access  } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights
	### KERNEL TUNING ###

	# Increase size of file handles and inode cache
	fs.file-max = 2097152

	# Do less swapping
	vm.swappiness = 10
	vm.dirty_ratio = 60
	vm.dirty_background_ratio = 2
	from pydriller import RepositoryMining
	import re
	import base64

	foundSet = set()
	for commit in RepositoryMining('./').traverse_commits():
	for mod in commit.modifications:
	if mod.source_code_before != None:
	regex = re.findall(r"<text encoding=\"base64\">[^>]+</text>", mod.source_code_before)
	for result in regex:
	#!/usr/bin/env python3
	"""
	Script used to pull down the current video descriptions from ippsec's youtube channel.
	The raw output still has a few HTML tags that need to be manually removed and there
	also seem to be multiple duplicates of videos that have been removed in the output
	saved as ippsec-details.txt
	"""
	import re
	import sys
	If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
	Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
	Break
	}

	$outfile = "acltestfile"
	set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
	Foreach ($path in $paths) {
	# This prints a table of ACLs
	# get-acl $path \| %{ $_.Access } \| ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights