oneoy oneoy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVEs: | |
| • http://blog.ptsecurity.com/2020/03/cve-2019-18683-exploiting-linux-kernel.html | |
| Exploiting a Linux kernel vuln. in the V4L2 subsystem (CVE-2019-18683). | |
| • https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html | |
| Turning \x00\x00 into 10000$ (CVE-2021-22555). | |
| • https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ | |
| CRS Request Body Bypass (CVE-2021-35368). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using NtApiDotNet; | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading; | |
| using System.Threading.Tasks; |
GelosSnake
/ crypto-Miners_public_pools_sig.txt
Last active
April 8, 2022 10:44
suricata crypto-miner pool rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Suricata 3.2+ | |
| alert dns $HOME_NET any -> any any (msg:"Observed DNS Query to public CryptoMining pool Domain (pool.minergate.com)"; dns_query; content:"pool.minergate.com"; nocase; isdataat:!1,relative; classtype:trojan-activity; sid:20000000; rev:1;) | |
| #Suricata 1.3+ | |
| alert udp $HOME_NET any -> any 53 (msg:"Observed DNS Query to public CryptoMining pool Domain (pool.minergate.com)"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|04|pool|09|minergate|03|com|00|"; nocase; distance:0; fast_pattern; classtype:trojan-activity; sid:20000000; rev:1;) | |
| #Suricata 3.2+ | |
| alert dns $HOME_NET any -> any any (msg:"Observed DNS Query to public CryptoMining pool Domain (pool.minexmr.com)"; dns_query; content:"pool.minexmr.com"; nocase; isdataat:!1,relative; classtype:trojan-activity; sid:20000001; rev:1;) |
dduvnjak
/ add_cloudflare_ips.sh
Last active
April 20, 2025 05:41
Add CloudFlare IP addresses to an EC2 Security Group using awscli
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # first we download the list of IP ranges from CloudFlare | |
| wget https://www.cloudflare.com/ips-v4 | |
| # set the security group ID | |
| SG_ID="sg-00000000000000" | |
| # iterate over the IP ranges in the downloaded file | |
| # and allow access to ports 80 and 443 | |
| while read p | |
| do |