Skip to content

Instantly share code, notes, and snippets.

View georgethemarmot's full-sized avatar
🤖
Stuck in groundhog day

Cyber Marmot georgethemarmot

🤖
Stuck in groundhog day
View GitHub Profile
@IngoMeyer441
IngoMeyer441 / x-resize
Last active April 23, 2025 12:52 — forked from manuuurino/x-resize
Manual Implementation of Auto Resizing For Non-Gnome Environments (like XFCE) running under Spice/Libvirt
#!/bin/bash
# SPDX-License-Identifier: MIT
# Steps:
# 1) Make sure bash is available
# 2) Create udev rule
# - path to new udev rule: /etc/udev/rules.d/50-x-resize.rules
# - udev rule content:
# ACTION=="change", KERNEL=="card[0-9]*", SUBSYSTEM=="drm", RUN+="/usr/local/bin/x-resize"
# 3) Create /var/log/autores directory
# 4) Create script /usr/local/bin/x-resize (this file) and make executable
@jborean93
jborean93 / TightVNC Password.ps1
Created August 15, 2023 11:44
Code that can encrypt or decrypt TightVNC server passwords
Function ConvertTo-EncryptedVNCPassword {
[OutputType([byte[]])]
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[SecureString]
$Password
)
# This is hardcoded in VNC applications like TightVNC.
@jwmcgettigan
jwmcgettigan / bitwarden_duplicate_cleaner.py
Last active May 6, 2025 11:56
Identifies and removes duplicate 'items' and 'folders' from your Bitwarden vault. 🎃
#!/usr/bin/env python3
# Copyright © 2023 Justin McGettigan
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software
# and associated documentation files (the “Software”), to deal in the Software without
# restriction, including without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies or
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 26, 2025 21:01
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@gnremy
gnremy / CVE-2021-44228_IPs.csv
Last active April 26, 2023 07:01
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET
ip tag_name
162.155.56.106 Apache Log4j RCE Attempt
223.111.180.119 Apache Log4j RCE Attempt
213.142.150.93 Apache Log4j RCE Attempt
211.154.194.21 Apache Log4j RCE Attempt
210.6.176.90 Apache Log4j RCE Attempt
199.244.51.112 Apache Log4j RCE Attempt
199.101.171.39 Apache Log4j RCE Attempt
197.246.175.186 Apache Log4j RCE Attempt
196.196.150.38 Apache Log4j RCE Attempt
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@michelep
michelep / Wazuh 4.x index management
Last active April 1, 2022 15:55
Wazuh 4.x index management
You can achieve this by setting the policy id in the /etc/filebeat/wazuh-template.json file (on the Wazuh nodes) and then reloading the template. For example, let's say that you have created your ISM policy on Elasticsearch with id wazuh-index-state-policy,
Edit the wazuh-template.json file.
Add the line "opendistro.index_state_management.policy_id": "wazuh-index-state-policy" inside the settingsobject:
"opendistro" : {
"index_state_management" : {
"policy_id" : "hot_warm_delete_workflow"
}
@Chaz6
Chaz6 / readme.md
Last active November 7, 2024 12:26
How to replace UEFI Secure Boot certificates in VMware

Custom Secure Boot configuration while deploying a new Virtual Machine

The Secure Boot configuration is stored in NVRAM. If the NVRAM contains no Secure Boot configuration (a freshly deployed VM, or a VM for which the .nvram file has been deleted from the datastore), the Secure Boot configuration will be reset to the defaults described in the UEFI Specification (the variables named PKDefault, KEKDefault, dbDefault and dbxDefault). You can use advanced VM config options to control those defaults, through which you can pre-populate the Secure Boot configuration before the VM is first powered on.

If you want to deploy the certificates as part of the VM's configuration, copy the DER-encoded certificate into the VM's directory and add the following advanced VM config options:

uefi.secureBoot.dbDefault.file0 = "custom-cert.der"

where "custom-cert.der" is the name of the DER-encoded certificate file within the VM's directory. You can repeat that for file1, file2, file3, etc., to add multiple certificate

$log_file = 'sysmon-checks.log'
$items = @(
"C:\Windows\Sysmon64.exe",
"C:\Windows\SysmonDrv.sys",
"HKLM:\SYSTEM\CurrentControlSet\Services\Sysmon64",
"HKLM:\SYSTEM\CurrentControlSet\Services\SysmonDrv",
"HKLM:\SYSTEM\ControlSet001\Services\Sysmon64",
"HKLM:\SYSTEM\ControlSet001\Services\SysmonDrv",
"HKLM:\SYSTEM\ControlSet002\Services\Sysmon64",