Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.
iam-py-test
buzzer-re
/ scan_exports.py
Created
August 9, 2023 02:44
Hunt for some exported function name on a given directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A Python script using LIEF to search a specific exported function name in a directories | |
| # This is useful when you don't know the DLL name but (somehow) knows the exported function name | |
| import sys | |
| import lief | |
| import os | |
| import logging | |
| lief.logging.set_level(lief.logging.LOGGING_LEVEL.CRITICAL) | |
| DLL_CHAR = 0x2000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Clean PE files that have a lot of junk after its end to avoid AV scanners and slow down analysis tools | |
| import pefile | |
| import sys | |
| import os | |
| TRESHOLD = 100 | |
| if __name__ == '__main__': | |
| if len(sys.argv) < 2: |
Neo23x0
/ log4j_rce_detection.md
Last active
September 11, 2024 21:41
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright © 2021 rusty-snake | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy | |
| # of this software and associated documentation files (the "Software"), to deal | |
| # in the Software without restriction, including without limitation the rights | |
| # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| # copies of the Software, and to permit persons to whom the Software is | |
| # furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in all |
hsinhoyeh
/ inspectme.py
Last active
July 23, 2021 08:05
serialize/deserialize python function with dill and base64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # background: when you run python code with command mode (aka -c ), inspect module can't work well as it didn't | |
| # serialize commands into .py file. instead we can leverage dill to handle marshal or unmarshal functions for us. | |
| # in this example, we wrap it into a python declarator. | |
| # pip install dill | |
| def inspectMe(f): | |
| import dill as pickle | |
| import base64 | |
| def wrapper(*arg, **kwargs): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # prints a string letter-by-letter | |
| def num_letter_test(x): | |
| string_input = x | |
| string_len = len(string_input) | |
| counter = 0 | |
| for i in range(string_len): | |
| print(string_input[counter]) | |
| counter += 1 |
sysgoblin
/ gist:7bc6fc9d1c151f7215e576fab09cebc4
Created
April 24, 2020 21:19
commercial phishing panels 2020-04-24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [16Shop] 104.248.55.11 web.verify-acc.amz2020.app-lockedaccesverifed000.com [email protected], [email protected] | |
| [16Shop] 104.31.64.248 appleupdates-verificationrequired.com [email protected], [email protected] | |
| [16Shop] 134.122.1.92 web.amazon.aws.services-auth-follow.loginsupport.org [email protected], [email protected] | |
| [16Shop] 157.230.126.157 billingsecure.amazon.com.dsabekogia.com [email protected], [email protected] | |
| [16Shop] 161.117.250.188 auth-verify.paypal.idwebscr.webapps23687618.tempekjaran1.com [email protected], [email protected] | |
| [16Shop] 162.144.98.230 manage-secure.information-paypal.gaspolinaja.com [email protected], [email protected] | |
| [16Shop] 162.144.98.230 secure-paypal.bangetdivorce.com [email protected], [email protected] | |
| [16Shop] 162.214.49.197 authorized2-signin-amazon.camdvr.org | |
| [16Shop] 162.214.50.13 signin-webrecovery-br8eapple.serveuser.com [email protected], resultmrsukarelap |
lkdocs
/ Python PyCrypto: Verify Signature Example.py
Last active
February 28, 2022 22:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def verify_sign(public_key_loc, signature, data): | |
| ''' | |
| Verifies with a public key from whom the data came that it was indeed | |
| signed by their private key | |
| param: public_key_loc Path to public key | |
| param: signature String signature to be verified | |
| return: Boolean. True if the signature is valid; False otherwise. | |
| ''' | |
| from Crypto.PublicKey import RSA | |
| from Crypto.Signature import PKCS1_v1_5 |