I hereby claim:
- I am logikphreak on github.
- I am pkelley (https://keybase.io/pkelley) on keybase.
- I have a public key whose fingerprint is A16B 1865 26EC 7D2D 8769 A55E 7B9F D7BB 16EB 3469
To claim this, I am signing this object:
Patrick Kelley Patrick-Kelley
Patrick-Kelley
/ crowdstrike-malicious.csv
Last active
July 23, 2024 20:33
CrowdStrike Active Domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain | IP Address | Registration Date | |
|---|---|---|---|
| crowdstriker.com | 3.64.163.50 | 2019-06-12T19 | |
| crovvdstrike.com | 15.197.148.33 | 2015-08-01T18 | |
| xn--crodstrike-r29d.com | 52.90.112.110 | 2023-12-23T00 | |
| xn--crowdstrke-r8a.com | 15.197.148.33 | 2020-04-01T20 | |
| crowdstrilke.com | 172.67.214.208 | 2024-02-20T17 | |
| crowdstrik.com | 172.67.131.2 | 2016-11-11T17 | |
| crwdstrike.com | 8.8.8.8 | 2020-01-23T17 | |
| crowdstroke.com | 15.197.225.128 | 2014-07-11T23 | |
| crow.dstrike.com | 54.161.222.85 | Unknown |
Patrick-Kelley
/ office.intel
Created
September 18, 2023 14:17
List of recently registered or updated domain names similar to office.com.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #fields indicator indicator_type meta.source meta.do_notice meta.desc | |
| forms.office3.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.office8.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.officea.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.officek.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.officep.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.officec.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.officed.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.office2.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING | |
| forms.office4.com Intel::DOMAIN CPS-CTI F OFFICE-PHISHING |
Patrick-Kelley
/ findransomwarefiles.ps1
Created
June 30, 2023 16:31
Potential candidate for quickly locating encrypted files using the CPS wordlist.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $drive = "C:\" | |
| $days = 7 # Number of days to consider as "recent" | |
| # Download the wordlist file | |
| $wordlistUrl = "https://raw.githubusercontent.com/CriticalPathSecurity/Zeek-Intelligence-File-Names/main/Zeek-Intelligence-File-Names.txt" | |
| $wordlistPath = "$env:TEMP\Zeek-Intelligence-File-Names.txt" | |
| Invoke-WebRequest -Uri $wordlistUrl -OutFile $wordlistPath | |
| # Read the wordlist file into an array | |
| $wordlist = Get-Content -Path $wordlistPath |
Patrick-Kelley
/ nmap-cidr.py
Created
June 30, 2023 12:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| def run_nmap(cidr_block, output_file): | |
| command = f"nmap -A -oX {output_file} {cidr_block}" | |
| try: | |
| subprocess.check_call(command, shell=True) | |
| print(f"Nmap scan results saved to: {output_file}") | |
| except subprocess.CalledProcessError as e: | |
| print(f"Error executing Nmap command: {e}") |
Patrick-Kelley
/ subnet-convert.py
Created
April 21, 2023 12:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Python script to convert subnets to lists of IP | |
| # Prompt the user to input a subnet in CIDR notation | |
| subnet = input("Enter the subnet in CIDR notation (e.g. 192.168.1.0/24): ") | |
| # Split the subnet into IP address and CIDR mask | |
| ip_addr, cidr = subnet.split("/") | |
| cidr = int(cidr) | |
| # Calculate the netmask | |
| netmask = (0xffffffff << (32 - cidr)) & 0xffffffff |
Patrick-Kelley
/ (MS-SQL) TDS data streams
Created
January 24, 2023 17:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###################################################### | |
| # Bro script to parse (MS-SQL) TDS data streams and # | |
| # extract SQL statements and TDS7 login information. # | |
| # # | |
| # parsetds.bro v2014.01.27 # | |
| # https://malwaremusings.com/scripts/parsetds.bro # | |
| # # | |
| # usage: # | |
| # Place the script in $BRO_HOME/share/bro/site # | |
| # and either load it from local.bro with # |
Patrick-Kelley
/ gist:c8d67e32c504d4af67346dc576a1619b
Created
June 3, 2022 17:40
CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability - Ansible - Removal Playbook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Remove MS-MSDT Key | |
| hosts: win-test | |
| gather_facts: false | |
| tasks: | |
| - win_command: powershell.exe - | |
| args: | |
| stdin: reg export HKCR\ms-msdt c:\msdt-export.reg | |
| - win_command: powershell.exe - |
Patrick-Kelley
/ Aircrack-All-Lists
Created
April 6, 2016 15:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aircrack-ng -w 000webhost.txt,10k_most_common.txt,10_million_password_list_top_1000000.txt,500-worst-passwords.txt,adobe100.txt,alleged-gmail-passwords.txt,Ashley_Madison.txt,Basic_Spanish_List.txt,best1050.txt,bt4-password.txt,cain.txt,carders.cc.txt,common-passwords-win.txt,conficker.txt,darkc0de.txt,elitehacker.txt,english.txt,faithwriters.txt,hak5.txt,honeynet-nocount.txt,hotmail.txt,john.txt,KeyboardCombinations.txt,korelogic-password.txt,MostPopularLetterPasses.txt,myspace.txt,password-permutations.txt,passwords_youporn2012.txt,rockyou.txt,singles.org.txt,SplashData-2015.txt,Sucuri_Top_Wordpress_Passwords.txt,twitter-banned.txt,wordpress_attacks_july2014.txt |
Patrick-Kelley
/ keybase.md
Created
March 21, 2016 17:23
Patrick-Kelley
/ Karmetasploit
Last active
September 13, 2024 18:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If you want dnsmasq to listen for DHCP and DNS requests only on | |
| # specified interfaces (and the loopback) give the name of the | |
| # interface (eg eth0) here. | |
| # Repeat the line for more than one interface. | |
| interface=at0 | |
| #interface=wlan0mon | |
| #interface=wlan0 | |
| # Uncomment this to enable the integrated DHCP server, you need | |
| # to supply the range of addresses available for lease and optionally |
NewerOlder