Albert Zsigovits albertzsigovits
🕹️
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "tag": "1000512" | |
| }, | |
| { | |
| "tag": "404keylogger" | |
| }, | |
| { | |
| "tag": "56ff6937ac04352eeb83b3ae75b9a1d2efb3177f7b460c148864a3236b22efb2" | |
| }, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| When unpacking with `upx -d`, upx removes relocation section due to a bug. | |
| If a PE is ASLR enabled, it needs .reloc, so it's gonna error out. | |
| Use `upx -d --strip-relocs=0`. |
albertzsigovits
/ r8125.txt
Created
April 16, 2022 06:40
E3000 Killer Network Card r8125 Linux Driver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lspci | |
| 2a:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller (rev 04) | |
| # Grab https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software | |
| [root@server r8125-9.003.05]# ./autorun.sh | |
| Check old driver and unload it. | |
| Build the module and install | |
| In file included from /root/r8125-9.003.05/src/r8125_n.c:82:0: | |
| /root/r8125-9.003.05/src/r8125.h:47:20: error: redefinition of ‘ether_addr_copy’ |
albertzsigovits
/ zipcrack.txt
Last active
March 9, 2022 14:15
Cracking zip files via password exchange
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # john | |
| # fcrackzip | |
| # cracker-ng | |
| # bkcrack | |
| # bkcrack - known plain-text attack scheme | |
| printf "KNOWN_DATA_IN_FILE" > known | |
| 7z a -mm=Deflate -mx9 known.zip known | |
| ./bkcrack -C test.zip -c "test/stuff.txt" -P known.zip -p known | |
| ./bkcrack -C test.zip -k 2a45cf92 4521624b decd8163 -U unlocked.zip password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo vgdisplay | |
| sudo lvdisplay | |
| sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv | |
| df -h | |
| sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv | |
| df -h |
albertzsigovits
/ c2-payload.txt
Created
February 17, 2022 07:34
Redirecting payload from dead C2 to localhost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add to Windows/System32/drivers/etc/hosts: | |
| 185.93.6.31 localhost | |
| # Open admin powershell: | |
| netsh interface portproxy add v4tov4 listenport=80 listenaddress=185.93.6.31 connectport=80 connectaddress=127.0.0.1 | |
| netsh int ip add addr 1 185.93.6.31/32 st=ac sk=tr | |
| # Install python3 and open admin cmd: | |
| python3 -m http.server 80 --bind 185.93.6.31 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iot-issues: | |
| =========== | |
| Passwords: | |
| - Weak, guessable, default, hardcoded creds | |
| - Easily bruteforced | |
| - Publicly available pw lists, disclosed leaks | |
| - Unchangeable credentials | |
| - Hardcoded, backdoor creds in fw | |
| Scanner: https://github.com/rapid7/IoTSeeker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| YARA folder structure: | |
| ====================== | |
| ├── /usr/local/yara/yara_rules/ | |
| │ ├── index.yar | |
| │ | |
| ├──── /opt/yara_rules/ | |
| │ ├── proprietary_rules.yar | |
| │ | |
| ├────── /opt/yara_rules/families/mirai | |
| │ ├── mirai.yar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Honeypot tuning: | |
| - Defining a set of working credentials that are easily guessable for automated targets | |
| - Defining a set of working credentials that are hard to guess for more complex attacks to get in | |
| - Creating a file system that is very similar to a production Linux environment, pickle.fs | |
| - Adding custom files that are attractive for attackers, honeyfiles | |
| - Customize passed, Richard Is default username for ex., create a set of usernames | |
| - Customize meminfo, cpuinfo, root directory, opt, mounts, hostname | |
| - Create custom MotDs and banners | |
| - Create fake process list | |
| - Create fake operational commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Roles: | |
| ====== | |
| Security/Threat Engineer | |
| - Developing, coding and engineering, designing elements | |
| Security Architect | |
| - Designing infrastructure, establishing an architectural outline | |
| Source Code Auditor | |
| - Looking for code abnormalities, bugs, reviews to prevent vulnerabilities, finds logical flaws |