I hereby claim:
- I am neo23x0 on github.
- I am johngalt (https://keybase.io/johngalt) on keybase.
- I have a public key whose fingerprint is 55CB FD26 19E9 BF9E 78C1 D582 FE04 247D 50D1 ACC8
To claim this, I am signing this object:
Florian Roth Neo23x0
Neo23x0
/ wpwatcher.py
Last active
November 26, 2022 15:42
Wordpress Watcher - WPScan Vulnerabilty Scan on Wordpress Sites and Reporting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: iso-8859-1 -*- | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Wordpress Watcher | |
| # Automating WPscan to scan and report vulnerable Wordpress sites | |
| # Florian Roth | |
| # v0.1 | |
| # March 2015 | |
| # |
Neo23x0
/ yara_performance_guidelines.md
Last active
September 4, 2024 09:14
YARA Performance Guidelines
This Gist has been transfered into a Github Repo. You'll find the most recent version here.
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
- Revision 1.4, October 2020, applies to all YARA versions higher than 3.7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| This is a Microsoft Sysmon configuration to be used on Windows workstations | |
| v0.2.1 December 2016 | |
| Florian Roth (with the help and ideas of others) | |
| The focus of this configuration is | |
| - malware detection (execution) | |
| - malware detection (network connections) | |
| - exploit detection | |
| It is not focussed on |
Neo23x0
/ config-server.xml
Last active
March 11, 2024 14:34
Sysmon Base Configuration - Windows Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| This is a Microsoft Sysmon configuation to be used on Windows server systems | |
| v0.2.1 December 2016 | |
| Florian Roth | |
| The focus of this configuration is | |
| - hacking activity on servers / lateral movement (bad admin, attacker) | |
| It is not focussed on | |
| - malware detection (execution) | |
| - malware detection (network connections) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # - Matches on source and compiled code | |
| # - Searches in user home directories by default | |
| # - Detects certain strings in files smaller 300 kbyte | |
| # - Does not print anything if nothing was found | |
| # - Appends the file's time stamp of the files in question > good indicator to spot false positives | |
| # - Should work on most Linux systems with bash | |
| # Old version | |
| # for f in $(find /home/ -type f -size -300 2> /dev/null); do if [[ $(strings -a "$f" 2> /dev/null | egrep "/proc/(self|%d)/(mem|maps)") != "" ]];then m=$(stat -c %y $f); echo "Contains DirtyCOW string: $f MOD_DATE: $m"; fi; done; | |
| for f in $(find /home/ -type f -size -300 2> /dev/null); do if [[ $(egrep "/proc/(self|%d)/(mem|maps)" "$f") != "" ]];then m=$(stat -c %y "$f"); echo "Contains DirtyCOW string: $f MOD_DATE: $m"; fi; done; |
Neo23x0
/ annotations.xml
Last active
November 12, 2024 01:34
Sources for APT Groups and Operations Search Engine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <Annotations start="0" num="171" total="171"> | |
| <Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag"> | |
| <Label name="_cse_turlh5vi4xc"/> | |
| <AdditionalData attribute="original_url" value="https://www.bussink.net/"/> | |
| </Annotation> | |
| <Annotation about="*.thedfirreport.com/*" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI"> | |
| <Label name="_cse_turlh5vi4xc"/> | |
| <AdditionalData attribute="original_url" value="https://thedfirreport.com/"/> | |
| </Annotation> |
Neo23x0
/ pulggable.patch
Last active
July 11, 2017 11:54
Wordpress CVE-2017-8295 WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) Patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- pluggable.php 2017-05-04 09:37:27.000000000 +0200 | |
| +++ pluggable_patched.php 2017-05-04 09:40:39.000000000 +0200 | |
| @@ -323,10 +323,7 @@ | |
| if ( !isset( $from_email ) ) { | |
| // Get the site domain and get rid of www. | |
| - $sitename = strtolower( $_SERVER['SERVER_NAME'] ); | |
| - if ( substr( $sitename, 0, 4 ) == 'www.' ) { | |
| - $sitename = substr( $sitename, 4 ); | |
| - } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskdl.exe] | |
| "Debugger"="taskkill /F /IM " | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskse.exe] | |
| "Debugger"="taskkill /F /IM " | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wannacry.exe] | |
| "Debugger"="taskkill /F /IM " |
Neo23x0
/ nmap-cmdline
Last active
March 19, 2020 17:10
Nmap Scan Params for CVE-2017-0143 MS17-010 Scanning
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Scan for CVE-2017-0143 MS17-010 | |
| # The vulnerability used by WannaCry Ransomware | |
| # | |
| # 1. Use @calderpwn's script | |
| # http://seclists.org/nmap-dev/2017/q2/79 | |
| # | |
| # 2. Save it to Nmap NSE script directory | |
| # Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/ | |
| # OSX - /opt/local/share/nmap/scripts/ | |
| # |
OlderNewer