curl -sSL https://gist.githubusercontent.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98/raw/autossh@host1 | \
sudo tee /etc/default/autossh@example
curl -sSL https://gist.githubusercontent.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98/raw/[email protected] | \
sudo tee /etc/systemd/system/[email protected]
sudo useradd -g nogroup -s /bin/false -m tunnel
sudo -u tunnel mkdir -p ~tunnel/.ssh # and copy your private key here
jbfuzier
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # A script to enable TCP BBR on a Linux system. | |
| # | |
| # @author Dumitru Uzun (DUzun.Me) | |
| # @version 1.0.0 | |
| # @distro ArchLinux/Manjaro | |
| # | |
| old_cc=`sysctl net.ipv4.tcp_congestion_control | awk -F= '{print $2}' | sed -e s/\^\\s//` |
ttimasdf
/ 00-Systemd_service_for_autossh.md
Last active
October 11, 2025 22:00
— forked from thomasfr/autossh.service
Systemd service for autossh
gladiatx0r
/ Workstation-Takeover.md
Last active
August 25, 2025 14:06
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
Neo23x0
/ log4j_rce_detection.md
Last active
October 4, 2025 08:06
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
tothi
/ krbrelay_privesc_howto.md
Last active
April 23, 2025 01:59
Privilege Escalation using KrbRelay and RBCD
Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.
No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.
Prerequisites:
- LDAP signing not required on Domain Controller (default!)
iamsilk
/ proxmox_complete_microsegmentation.md
Created
July 26, 2025 13:30
The goal state for this setup is:
- OPNsense acts as a core firewall and regulates access between all VMs.
- All VMs share the same bridge interface to reduce setup needed for each VM.
OlderNewer