scusi / spipe-ssh.md

0 喜歡

0 分支

1 檔案

最後活躍 1 month ago

Protecting sshd with spiped

This repository shows how to place spiped in front of your SSH daemon (sshd) in order to add an extra layer of symmetric-key protection and drastically reduce your exposed attack surface.

What is spiped?

spiped is a lightweight daemon designed to create symmetrically encrypted and authenticated “pipes” between socket addresses. It binds a local TCP port and forwards traffic to another socket—typically on the same machine—while encrypting and verifying all data in transit.

scusi / ConvertBinaryBpjmData.sh

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

BPJM

1	#!/bin/sh
2	#
3	# USAGE:
4	# $> ./ConvertBinaryBpjmData.sh bpjm.data
5	#
6
7	RAWFILE=$1
8	OUTFILE=`strings $RAWFILE \| head -n 1`
9
10	od -t x1 -An -j 64 $RAWFILE \| tr -d '\n ' > $OUTFILE

scusi / dns_xor.go

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

DNS-Tunnel FrameworkPOS Malware golang

1	// domain data encoding/decoding algo for FrameworkPOS Malware DNS-Tunneling Variant,
2	// as described on:
3	// https://blog.gdata.de/artikel/neue-variante-von-frameworkpos-schoepft-daten-ueber-dns-anfragen-ab/
4	//
5
6	package main
7
8	import(
9	"fmt"
10	"os"

scusi / parseFritzBpjmFile.go

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

BPJM FritzBox golang

1	// parse a FritzBox Bpjm File
2
3	package main
4
5	import (
6	"os"
7	"fmt"
8	"bytes"
9	"io"
10	"io/ioutil"

scusi / bpjm.go

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

go lib to scope with BPJM Lists

BPJM FritzBox golang

1	// go library to scope with the BPjM Censorship list
2
3	package Bpjm
4
5	import (
6	"net/url"
7	"regexp"
8	"crypto/md5"
9	"strings"
10	"bytes"

scusi / Parse.go

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

script to parse BPJM file from a fritzbox

BPJM FritzBox golang

1	// tool that uses my bpjm library to load and parse a BPJM File from a FritzBox
2	package main
3
4	import(
5	"github.com/scusi/bpjm"
6	"fmt"
7	"os"
8	)
9
10	func main(){

scusi / gifExeExtract.go

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

go prog to extract EXE from GIF as Trojan-Ransom.Win32.Foreign did

GIF Malware

1	## see also https://0x41414141.de/blog/2017-03-30-trojan-ransom.win32.foreign-hides-payload-exe-in-gif-file/
2	#
3	package main
4
5	import (
6	"bufio"
7	"bytes"
8	"container/ring"
9	"encoding/hex"
10	"flag"

scusi / rolling xor in go

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

go prog which implements a rolling XOR

XOR golang

1	package main
2
3	import (
4	"container/ring"
5	"flag"
6	"io/ioutil"
7	"log"
8	)
9
10	var keyFile string

scusi / disableTelemetry.ps1

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

powershell script to disable telemetry in win10

powershell telemetry win10

1	# powershell script to disable telemetry in win10
2	#
3	# Source:
4	# https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Analyse_Telemetriekomponente.pdf?__blob=publicationFile&v=3
5
6	# run as admin
7	if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
8
9	# Step 1: deactivate DiagTrack service
10	Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DiagTrack\ -name Start -Value 4

scusi / enableTelemetry.ps1

0 喜歡

0 分支

1 檔案

最後活躍 6 months ago

powershell script to (re-)enable telemetry in win10

powershell telemetry win10

1	# powershell script to (re-)enable telemetry in win10
2	#
3	# flw@posteo.de
4	#
5
6	# run as admin
7	if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }
8
9	# Step 1: deactivate DiagTrack service
10	Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\DiagTrack\ -name Start -Value 2