David Maynor dmaynor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if a file or directory is passed as an argument | |
| if [ -z "$1" ]; then | |
| echo "Usage: $0 <file-or-directory-path>" | |
| exit 1 | |
| fi | |
| # Get the path of the file or directory | |
| TARGET_PATH="$1" |
dmaynor
/ gist:f1973ae244b5c2ed83d3b8e19f798f97
Created
August 16, 2024 23:55
Mifare crypto backdoor flipper app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Creating a Flipper Zero app to test for this attack involves writing a script that can interact with the RFID module on the Flipper Zero to perform the necessary steps. The Flipper Zero uses a scripting language called **.fap** (Flipper App) format, typically written in C or a high-level scripting language, but it also supports custom Python-like scripting with `flipperzero-tui`. | |
| Here's a basic outline for creating an app that can check for the presence of the backdoor key on a MIFARE Classic card. Note that this is a simplified version and assumes some familiarity with Flipper Zero's development environment. | |
| ### **Step 1: Set Up the Development Environment** | |
| 1. **Install Flipper Zero SDK:** | |
| - Follow the official [Flipper Zero documentation](https://github.com/flipperdevices/flipperzero-firmware) to set up the SDK and development environment. | |
| 2. **Clone the Flipper Zero Firmware:** |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here is a simple Chrome extension that detects searches starting with "how do I stop a toddler from" and replaces the search query with "LMAO GOOD LUCK" in 96 point Helvetica. | |
| First, you'll need to create three files: `manifest.json`, `background.js`, and `content.js`. | |
| ### `manifest.json` | |
| ```json | |
| { | |
| "manifest_version": 3, | |
| "name": "Toddler Search Modifier", | |
| "version": "1.0", |
dmaynor
/ gist:4a37aaf961bf2109f4945cee3c017c95
Last active
July 23, 2024 23:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #David Maynor [email protected] X: @dave_maynor | |
| #created on July 23rd, 2024 with ollama 0.2.8 and llama 3.1 405b on runpod.io with the a | |
| #pod consisting of: | |
| #8 x RTX 4090 | |
| #128 vCPU 502 GB RAM | |
| #500gb HD | |
| #Below is a full run in an attempt to replicate an exisiting working prompt on llama 3 to create a c2 framework in python 3 | |
| #suitable for use in red team testing. At the time of testing this cost roughly $20 in hosting fees. What is not shown is | |
| # how slow the model ran (expected) and that each query took between 11-21 minutes to complete. | |
| # |
dmaynor
/ gist:02ff05fa9a347efba514b6798a7060d4
Last active
June 4, 2024 15:42
Quick powershell DFIR script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory=$false)] | |
| [string]$SuspiciousPath, | |
| [string]$UserName, | |
| [switch]$Help | |
| ) | |
| function Show-Help { | |
| Write-Host "Usage: .\script.ps1 [-SuspiciousPath] <path> [-UserName <username>] [-Help]" | |
| Write-Host "Investigate a suspicious file." |
dmaynor
/ gist:18006fde1d9e90a95e2cc7e9a5d09119
Created
May 19, 2024 16:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Test for Windows | |
| ## Python | |
| 1. What does the `__init__` method do in a Python class? | |
| a. Initializes a new class instance | |
| b. Deletes an existing class instance | |
| c. Inherits a class | |
| d. Executes a class method |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The conference agenda provides additional context that can influence the ranking of talks based on their placement and | |
| scheduling. Here’s a revised ranking considering the agenda: | |
| 1. **Solar Designer: Keynote - Password Cracking: Past, Present, Future** | |
| - Positioned as the keynote, this sets the stage for the conference and draws significant attention. | |
| 2. **David Berard and Vincent Dehors: 0-Click RCE on the Tesla Infotainment Through Cellular Network** | |
| - Scheduled towards the end of Day 2, this talk stands out as a high-impact, practical demonstration of automotive vulnerabilities. | |
| 3. **Ian Beer: Blasting Past WebP** |
dmaynor
/ gist:a07d2df9079d5db0d5953d021afbe6e0
Created
May 9, 2024 06:06
LLM thoughts ontbemostto least interesting offesivecon talks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here's a ranked list of the OffensiveCon 2024 talks based on the brief abstracts, from most to least interesting: | |
| 1. **Solar Designer: Keynote** | |
| - Keynote speeches often set the tone and provide strategic insights into the field, making them highly anticipated and broadly relevant. | |
| 2. **David Berard and Vincent Dehors: 0-Click RCE on the Tesla Infotainment Through Cellular Network** | |
| - The combination of automotive security and cellular network vulnerabilities is both timely and impactful, highlighting critical real-world implications. | |
| 3. **Ian Beer: Blasting Past WebP** | |
| - Zero-click exploits are particularly intriguing due to their stealthy nature and high impact, making this a standout topic. |
dmaynor
/ gist:962064b0ccefb73eab376a1dcccc804d
Last active
September 19, 2023 17:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pypff | |
| import argparse | |
| import os | |
| import hashlib | |
| import concurrent.futures | |
| import re | |
| import markdown | |
| import traceback | |
| from collections import defaultdict |
dmaynor
/ gist:678ac9df318e9286529d90d1f5a290df
Created
September 12, 2023 14:44
keywords for insider breach search
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Exploit | |
| Malware | |
| Ransomware | |
| Phishing | |
| DDoS | |
| Distributed Denial of Service | |
| VPN | |
| Virtual Private Network | |
| Encryption key | |
| Password dump |