labs_campaigns's People
Forkers
freeide lbahtarliev 3453-315h porpoise-trend oberhofers ye-man thetraker r3tr0g4m3r iloleg kingmasombuka rajivraj xiaoeryu1 techris45 dgamee jeremiteki cybermonitor erdoukki nikosch86 steffikerst cmcc11 summercms woodymax pearlyclq laurensvleeuwen bluerabbitcode frajico drunk-penguin ryzr001 r4b3rt protiguous subtrooper grmrobertson chiukiang altmanplants cephurs luckydag asroma90 tenway-feng horschig 86zhou mrrobot2500 ilhamkusdi endliang jgalfaro jamesgol andrewbates09 leoheck generalkoskov d97jro g7tnz fbion duquedeturing 3v0lver iz8mbw narayanr7 netwrkspider wuyuqidian fritexvz anggadaz mehrdad-shokri thompkwt dadelson kirkrodrigues securityanalysts elouhi cvepoc dmdv cybernetics gusguevarajr young28dos tadryanom diotro hollyboom commandline-be l1kw1d rohitcse58 michaeltool zha0 5l1v3r1 qcomer ekmixon johns347 roi0009 abarashikhin 00k13 owarz nlx-bw parlendir mhakimit stuff2600 phi-nx christafarai kst00l5 tzeroem codeforeverzou horga83 mygotoguy ckotherproject skyn9ne tosunkayalabs_campaigns's Issues
NFS file systems unlink() renames
When searching for "deleted" missing the case where the
executable was run and deleted on an NFS volume.
eg
/proc/114028/exe -> /people/tiffin/.nfs0000000004b40e9f00093dd8
Detect Vollgar issues within powershell
Vollgar_Detect_Issue.txt
Even with Execution policy bypass, powershell is not properly running the script. Powershell has administrator rights.
Get ALL PIDs for a process
Small change for the detection of a deleted process:
for pn in "${proc_names[@]}"
do
for exe_pid in $(pidof $pn)
do
exe_path=$(ls -l /proc/$exe_pid/exe 2>/dev/null | grep deleted)
if [[ $exe_path ]]
then
malicious_proc=true
echo "[*] Fileless process" $pn "is running on the server."
fi
done
done
False/Postives on open-port detection
Just a small one:
netstat -ano | grep LISTEN | grep 1234
would also detect other open ports from othe processes like postfix running on 12346.
maybe would be better to use grep with "-w" option, to select only those lines containing matches that form whole word.
newer systems don't have netstat by default
netstat missing
you might want to update to us SS -ano if netstat is missing
if [[ -x "$(command -v netstat)" ]]; then
if [[ $(netstat -ano | grep LISTEN | grep 1234) ]]; then
listening_port=true
echo "[*] Listening on port 1234"
fi
fi
if [[ -x "$(command -v ss)" ]]; then
if [[ $(ss -ano | grep LISTEN | grep 1234) ]]; then
listening_port=true
echo "[*] Listening on port 1234"
fi
fi
Special characters are invalid in host style lists
Hello,
I have identified that special characters are used in the host style list provided here.
Neither !
nor *
are valid domain characters. International domain names (IDN) are typically requested only in their encoded form
Can you please verify and remove them or include ASCII characters only.
THX
autodiscover-tlds.txt with domains only
Hello,
could you provide the list with domain names only in another file?
FortiGates are capable of fetching this data in Threat feets.
With that I can create a firewall rules to block traffic to that.
Thank you.
Cheers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.