Skip to content

Instantly share code, notes, and snippets.

View cutaway's full-sized avatar

Don C. Weber cutaway

23 followers · 2 following
View GitHub Profile
@cutaway
cutaway / aws_testing_steps.md
Last active October 15, 2020 14:44
AWS Testing Steps
@cutaway
cutaway / SCADA Tools
Last active May 18, 2022 13:51
# Vendor Documentation
* User manauals and administrative documents for all equiment
# Python Tools
* CPPPO - CIP module
* pyModbus - modbus module
* OPCUA - opc-ua module
@cutaway
cutaway / basic_sql_auth_spray.ps1
Created November 22, 2019 19:48
###########################
# References:
# https://pen-testing.sans.org/blog/2017/03/08/pen-test-poster-white-board-powershell-built-in-port-scanner/
# https://mcpmag.com/articles/2018/12/10/test-sql-connection-with-powershell.aspx
# https://support.solarwinds.com/SuccessCenter/s/article/Use-PowerShell-to-test-that-a-port-is-open-on-a-server
###########################
function Test-SqlConnection {
#param(
#[Parameter(Mandatory)]
@cutaway
cutaway / freq_analysis.py
Created September 2, 2019 18:54
Conduct frequency analysis on all characters in a binary blob.
#!/usr/bin/env python3
import os, sys
# Debug if you want to stop early in large files
DEBUG = False
COLUMNS = 4
def main():
# Preload a dictionary with all characters
table = {}
@cutaway
cutaway / Firefox_Testing_Updates.md
Last active November 27, 2018 17:26
@cutaway
cutaway / arin_lookup.py
Created October 16, 2018 15:39
ARIN Lookup for IP Ranges
import os,sys
from ipwhois import IPWhois
import socket
import warnings
# Supress warnings
warnings.filterwarnings('ignore')
# Set field names
f = ['asn','asn_cidr','nets','query','asn_description']
@cutaway
cutaway / simple_commands_and_reminders.md
Last active August 27, 2017 19:14
Simple Commands And Other Things To Remember
@cutaway
cutaway / ssh_accepted_xlog_parser.py
Last active December 15, 2015 06:24
Parsing SSH Accepted Syslog files with Python and PyParsing - based on Lendro Silva's code
#!/usr/bin/env python
import sys
from pyparsing import Word, alphas, Suppress, Combine, nums, string, Optional, Regex
#from time import strftime
import time
from datetime import datetime
# Script: ssh_accepted_xlog_parser.py
# Author: Don C. Weber (cutaway)
@cutaway
cutaway / Forensic_Tips.md
Last active March 9, 2022 13:05
Tips and tricks to remember for forensic analysis.

Accessing EXT2/3 Image Files In Windows:

When doing forensics, the challenge usually is how can we access data when there are restrictions to the ways we can access the data. For instance, we have recently acquired a Linux disk formatted using EXT3. The acquired disk is a raw image file that is easily mountable in Linux for review (yes, I'm not talking forensic analysis tools).

mount -o ro,loop /media/USB/<image.dd> /mnt

This command will mount the image read-only and we can do our analysis of the contents. Remember when you are doing a "stat" or "ls" on the file you'll want to use the "-n" option so that it doesn't use the local systems UID mappings and just displays the number associated with that file.

But, what if you have to give that drive to someone so THEY can review the contents? And, what if that person is a Windows-only person? Windows does not have a build in method for mounting raw images let alone understanding EXT3 filesystems. Thus, you have to think "outside-the-box".

@cutaway
cutaway / bigip_decode_cookie.py
Created July 2, 2015 18:33
Deocde BigIP cookies to internal IP address and port number