This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TLP:RED #FF2B2B | |
| TLP:AMBER #ffc000 | |
| TLP:GREEN #33ff00 | |
| TLP:WHITE #ffffff |
0xtf
/ tcprewrite-cheat-sheet
Last active
June 6, 2019 00:29
tcpreplay, tcprewrite and tcpdump cheat sheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Visualization (tcpdump, tshark) | |
| tcpdump -qns 0 -X -r file.pcap | |
| tcpdump -qns 0 -A -r file.pcap | |
| tcpdump -X -r file.pcap | |
| tshark -r file.pcap -V | |
| Packet manipulation (tcprewrite) | |
| Port: tcprewrite --portmap=OLDPORT:NEWPORT -i in.pcap -o out.pcap |
0xdabbad00
/ aws actions
Created
August 3, 2018 17:10
AWS API calls as extracted from boto using the technique on https://github.com/duo-labs/cloudtracker#aws_actionstxt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b:AssociateContactWithAddressBook | |
| a4b:AssociateDeviceWithRoom | |
| a4b:AssociateSkillGroupWithRoom | |
| a4b:CreateAddressBook | |
| a4b:CreateContact | |
| a4b:CreateProfile | |
| a4b:CreateRoom | |
| a4b:CreateSkillGroup | |
| a4b:CreateUser | |
| a4b:DeleteAddressBook |
isalgueiro
/ updateAWSecurityGroup.bash
Last active
December 15, 2020 16:17
— forked from antonmry/updateAWSecurityGroup.bash
Simple bash script to update a Security Group matched by description and port in AWS with your Public IP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| publicIP=`dig +short myip.opendns.com @resolver1.opendns.com` | |
| securityGroupIds="sg-stuffstuff" | |
| ruleDescription="This is the string we're using to find our rule" | |
| ## Consult previous one | |
| awsOutput=`aws ec2 describe-security-groups --group-ids $securityGroupIds` | |
| ipRangeIndex=`echo $awsOutput | gron | grep $ruleDescription | sed "s/.\+IpRanges\[\([0-9]\+\)\].\+/\1/"` |
mpurzynski
/ protoanomalies.rules
Created
November 27, 2017 16:53
Suricata rules for protocol anomalies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert tcp any any -> any !80 (msg:"SURICATA HTTP on unusual port"; flow:to_server; app-layer-protocol:http; threshold: type limit, track by_src, seconds 60, count 1; sid:2271001; rev:1;) | |
| alert tcp any any -> any 80 (msg:"SURICATA non-HTTP on TCP port 80"; flow:to_server; app-layer-protocol:!http; threshold: type limit, track by_src, seconds 60, count 1; sid:2271002; rev:1;) | |
| alert tcp any any -> any ![443,465,587] (msg:"SURICATA TLS on unusual port"; flow:to_server; app-layer-protocol:tls; threshold: type limit, track by_src, seconds 60, count 1; sid:2271004; rev:1;) | |
| alert tcp any any -> any [443,465] (msg:"SURICATA non-TLS on TLS port"; flow:to_server; app-layer-protocol:!tls; threshold: type limit, track by_src, seconds 60, count 1; sid:2271003; rev:1;) | |
| alert tcp any any -> any ![20,21] (msg:"SURICATA FTP on unusual TCP port"; flow:to_server; app-layer-protocol:ftp; threshold: type limit, track by_src, seconds 60, count 1; sid:2271005; rev:1;) | |
| alert tcp any any -> any [20,21] (msg:"SURICATA non-FTP on TCP |
vulnersCom
/ Petya_ransomware.md
Last active
February 13, 2025 14:04
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.