Skip to content

Instantly share code, notes, and snippets.

View itsreallynick's full-sized avatar
🏠
Working from home

Nick Carr itsreallynick

🏠
Working from home
View GitHub Profile
@itsreallynick
itsreallynick / binary-stack-CentOS.sh
Last active August 29, 2015 14:23
Linux Binary Stack
for i in `echo $PATH | sed "s/:/ /g"`; do for j in `ls $i/*`; do echo `hostname && md5sum $j && ls -l --time-style=iso $j`| awk -v OFS=',' '{gsub(/\/.*\//,"",$3); print $2,$3,$8,$1}'; done; done
@itsreallynick
itsreallynick / rebuild-mir2.sh
Last active August 29, 2015 14:23
MIR Rebuild Sweep
sqlite3 /opt/MAP/non_www_for_app/webclient/db/webclient.db "update collect set status='Seen' where sweep_id=NNNN and status='Completed';"
# ^replace with sweep ID and cron it appropriately
@itsreallynick
itsreallynick / longestSubstring.sh
Created June 29, 2015 15:02
Network Analysis Scripts
#!/bin/bash
# USAGE: ./longestSubstring.sh 'abcdefghi' 'abcdeghi'
word1="$1"
word2="$2"
if [ ${#word1} -lt ${#word2} ]
then
word1="$2"
word2="$1"
fi
@itsreallynick
itsreallynick / colorize.sh
Last active April 1, 2016 22:22 — forked from jeffgeiger/brocolor.sh
Adding color to Bro logs (or other TSV logs)
#!/bin/bash
sed 's/^#[a-z]*s[^a-z]//' | awk 'BEGIN {FS="\t"};{for(i=1;i<=NF;i++) printf("\x1b[%sm %s \x1b[0m",(i%7)+31,$i);print ""}'
@itsreallynick
itsreallynick / confession.rules
Created April 7, 2017 12:51
They made me find you. They made me
# Detecting client or server guilt
alert icmp any any -> any any (msg:"Suspected Terrifying Confession"; content:"They made me"; pcre:"/(They made me (do|bop|twist|pull) it\.){60,}/i"; reference:url,https://twitter.com/ItsReallyNick/status/849641156153442305; sid:646965; rev:1;)
@itsreallynick
itsreallynick / help_Elm0d.yara
Last active August 30, 2017 03:07
Elm0d the Researcher
rule help_Elm0d
{
meta:
author = "@ItsReallyNick - Nick Carr"
description = "We are STILL helping https://twitter.com/Elm0D find his files"
reference = "https://twitter.com/ItsReallyNick/status/902702954272223232"
strings:
$elm0d = /[^a-z0-9]elm0d[^a-z0-9]/ nocase ascii wide
$lol_infra = "iso9001-certificare.ro" nocase ascii wide
$lol_website = "www.elm0d.tk" nocase ascii wide
@itsreallynick
itsreallynick / itsreallycalc
Last active February 22, 2018 20:50
var itsreallycalc = new ActiveXObject("WScript.Shell").Run("calc.exe");
@itsreallynick
itsreallynick / calc.lol
Created February 26, 2018 15:50
<component><script src="http://goo.gl/fxtJVt"></script></component>
@itsreallynick
itsreallynick / keybase.md
Created August 27, 2018 13:31

Keybase proof

I hereby claim:

  • I am itsreallynick on github.
  • I am itsreallynick (https://keybase.io/itsreallynick) on keybase.
  • I have a public key ASDBI4S7vhTSnA-yeUaMckHjZTAVTcOo8qpkRA1h9UCz_wo

To claim this, I am signing this object:

@itsreallynick
itsreallynick / mimistack
Created December 19, 2018 04:28
143 function Invoke-Mimidogz
140 function Invoke-Mimikatz
29 function Invoke-Mimi
10 function Chokorun
7 function Invoke-Ttest
7 function Invoke-Mimiwormz
7 function Invoke-Me
6 function Invoke-Mimiturtle
6 function Invoke-Mimimi
5 function output