Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
| 0059.co.kr | |
| 007.no | |
| 007airsoft.com | |
| 008.vista.kz | |
| 01186mb.ca | |
| 012.ca | |
| 01nii.ru | |
| 0286776498.com | |
| 0286780777.com | |
| 02asat.photoherald.com |
| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
| #!/usr/bin/python3 | |
| # | |
| # apt-security-check - paolo@codiceinsicuro.it | |
| # | |
| # A slightly hacked version of apt-check that takes care only about security | |
| # packages that need an update. | |
| # | |
| # Tested on Ubuntu 16.04.5 LTS, 18.04.1 LTS | |
| # ---- Base python ---- | |
| FROM python:3.6 AS base | |
| # Create app directory | |
| WORKDIR /app | |
| # ---- Dependencies ---- | |
| FROM base AS dependencies | |
| COPY gunicorn_app/requirements.txt ./ | |
| # install app dependencies | |
| RUN pip install -r requirements.txt |
A list of useful commands for the FFmpeg command line tool.
Download FFmpeg: https://www.ffmpeg.org/download.html
Full documentation: https://www.ffmpeg.org/ffmpeg.html
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
| import json | |
| import logging | |
| from flask import Flask, g | |
| from flask_oidc import OpenIDConnect | |
| import requests | |
| logging.basicConfig(level=logging.DEBUG) | |
| app = Flask(__name__) |
| # generate via: wevtutil gp Microsoft-Windows-Sysmon /getevents /getmessage | |
| name: Microsoft-Windows-Sysmon | |
| guid: 5770385f-c22a-43e0-bf4c-06f5698ffbd9 | |
| helpLink: | |
| resourceFileName: C:\Windows\Sysmon.exe | |
| messageFileName: C:\Windows\Sysmon.exe | |
| message: | |
| channels: | |
| channel: |
