Skip to content

Instantly share code, notes, and snippets.

View securesean's full-sized avatar

Sean Pierce securesean

View GitHub Profile
SwitHak /
Last active September 26, 2024 13:54
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
gwillem /
Last active August 27, 2024 18:17
This is the decoded payload from the CRON loader. Full analysis here:
set -eEu
set -o pipefail
trap 'echo "L$LINENO"; O70; exit -1' ERR
function O70()
if [[ ! -z "${O57+x}" ]]; then
if [[ -f "${O57}" ]]; then
rm -f "${O57}"
qistoph /
Created August 6, 2020 07:55
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Based on gist
# - added TCP states
awk 'BEGIN{states["01"]="TCP_ESTABLISHED"
jthuraisamy / loaded_psp_drivers.cpp
Last active October 15, 2023 03:01
Loaded Security Product Drivers
#include <Windows.h>
#include <ImageHlp.h>
#include <strsafe.h>
#include "loaded_psp_drivers.h"
#include <set>
#include <string>
#include <algorithm>
#pragma comment(lib, "crypt32.lib")
MarkBaggett / 1 -
Last active April 16, 2023 21:37
Come To The Darkside - Pythons Sinister Secrets
staaldraad /
Last active September 24, 2024 03:28
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
wido /
Created December 21, 2016 11:56
Python 3 48-bit MAC to EUI-64 IPv6
#!/usr/bin/env python3
import ipaddress
import re
def mac2eui64(mac, prefix=None):
Convert a MAC address to a EUI64 address
or, with prefix provided, a full IPv6 address
douglas /
Created October 14, 2011 15:04
Update all git repositories under a base directory
# store the current dir
# Let the person running the script know what's going on.
echo "\n\033[1mPulling in latest changes for all repositories...\033[0m\n"
# Find all git repositories and update it to the master latest revision
for i in $(find . -name ".git" | cut -c 3-); do