The goal state for this setup is:
- OPNsense acts as a core firewall and regulates access between all VMs.
- All VMs share the same bridge interface to reduce setup needed for each VM.
jbfuzier
iamsilk
/ proxmox_complete_microsegmentation.md
Created
July 26, 2025 13:30
tothi
/ krbrelay_privesc_howto.md
Last active
April 23, 2025 01:59
Privilege Escalation using KrbRelay and RBCD
Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.
No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.
Prerequisites:
- LDAP signing not required on Domain Controller (default!)
Neo23x0
/ log4j_rce_detection.md
Last active
August 15, 2025 09:49
Log4j RCE CVE-2021-44228 Exploitation Detection
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
gladiatx0r
/ Workstation-Takeover.md
Last active
July 9, 2025 19:15
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
ttimasdf
/ 00-Systemd_service_for_autossh.md
Last active
August 18, 2025 02:31
— forked from thomasfr/autossh.service
Systemd service for autossh
curl -sSL https://gist.githubusercontent.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98/raw/autossh@host1 | \
sudo tee /etc/default/autossh@example
curl -sSL https://gist.githubusercontent.com/ttimasdf/ef739670ac5d627981c5695adf4c8f98/raw/[email protected] | \
sudo tee /etc/systemd/system/[email protected]
sudo useradd -g nogroup -s /bin/false -m tunnel
sudo -u tunnel mkdir -p ~tunnel/.ssh # and copy your private key here
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # A script to enable TCP BBR on a Linux system. | |
| # | |
| # @author Dumitru Uzun (DUzun.Me) | |
| # @version 1.0.0 | |
| # @distro ArchLinux/Manjaro | |
| # | |
| old_cc=`sysctl net.ipv4.tcp_congestion_control | awk -F= '{print $2}' | sed -e s/\^\\s//` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* SMBLoris attack proof-of-concept | |
| * | |
| * Copyright 2017 Hector Martin "marcan" <marcan@marcan.st> | |
| * | |
| * Licensed under the terms of the 2-clause BSD license. | |
| * | |
| * This is a proof of concept of a publicly disclosed vulnerability. | |
| * Please do not go around randomly DoSing people with it. | |
| * | |
| * Tips: do not use your local IP as source, or if you do, use iptables to block |
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
May 14, 2025 19:15
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
jbfuzier
/ gist:7ee6ecdb716f8bb69c8555b437abef08
Created
February 13, 2017 17:32
Python Timezone conversion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from dateutil import tz | |
| tzone = tz.gettz('Europe/Paris') | |
| utc = tz.gettz('UTC') | |
| # Make datetime object timezone aware | |
| datetime_local = datetime_local.replace(tzinfo=tzone) | |
| # Do the timezone change | |
| date_utc = datetime_local.astimezone(utc) |
bkifft
/ amiiscript.sh
Created
September 24, 2016 18:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #requirements: | |
| #sha1sum (part of coreutils) | |
| #xxd (part of vim) | |
| #https://github.com/socram8888/ulread | |
| #https://github.com/socram8888/amiitool | |
| #put ulread, ulwrite and amiitool in the same directory as this script | |
| if [ $# -ne 2 ] |
NewerOlder