mlynchcogent / DriveClean.ps1

Created January 25, 2023 14:15 — forked from mark05e/DriveClean.ps1

Simple script to clear temp files and browser cache/history

	#------------------------------------------------------------------#
	#- Clear-GlobalWindowsCache #
	#------------------------------------------------------------------#
	Function Clear-GlobalWindowsCache {
	Remove-CacheFiles 'C:\Windows\Temp'
	Remove-CacheFiles "C:\`$Recycle.Bin"
	Remove-CacheFiles "C:\Windows\Prefetch"
	C:\Windows\System32\rundll32.exe InetCpl.cpl, ClearMyTracksByProcess 255
	C:\Windows\System32\rundll32.exe InetCpl.cpl, ClearMyTracksByProcess 4351
	}

mlynchcogent / Callback Domains log4j

Created December 13, 2021 16:34 — forked from superducktoes/Callback Domains log4j

Callback Domains log4j

	${lower:l}${lower:d}a${lower:p}://world443.log4j.bin${upper:a}ryedge.io:80/callback
	http://134.209.163.248/callback/https-port-443-and-http-callback-scheme
	ldap://134.209.163.248:80/callback/ldap2
	rmi://134.209.163.248:80/Z
	ldap://205.185.115.217:47324/a
	ldap://193.3.19.159:53/c
	ldap://fb49bb32caca.bingsearchlib.com:39356/a
	ldap://adac95b08630.bingsearchlib.com:39356/a
	:ldap://45.130.229.168:1389/Exploit
	ldap://99.21fqfx.dnslog.cn/a

mlynchcogent / log4j_rce_detection.md

Created December 13, 2021 16:32 — forked from Neo23x0/log4j_rce_detection.md

Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

mlynchcogent / CVE-2021-44228_IPs.csv

Created December 13, 2021 16:29 — forked from gnremy/CVE-2021-44228_IPs.csv

CVE-2021-44228 Apache Log4j RCE Attempts Dec 13th 11:17AM ET

mlynchcogent / check-smb-v3.11.sh

Created March 12, 2020 14:59 — forked from nikallass/check-smb-v3.11.sh

CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.

	#!/bin/bash
	if [ $# -eq 0 ]
	then
	echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
	exit 1
	fi

	echo "Checking if there's SMB v3.11 in" $1 "..."

	nmap -p445 --script smb-protocols -Pn -n $1 \| grep -P '\d+\.\d+\.\d+\.\d+\|^\\|.\s+3.11' \| tr '\n' ' ' \| replace 'Nmap scan report for' '@' \| tr "@" "\n" \| grep 3.11 \| tr '\|' ' ' \| tr '_' ' ' \| grep -oP '\d+\.\d+\.\d+\.\d+'

mlynchcogent / checkaslr.py

Created August 30, 2018 17:24 — forked from wdormann/checkaslrfiles.py

Python script to check for PE files linked with /DYNAMICBASE, but are not actually ASLR compatible due to missing relocation table

	'''checkaslr.py: Check for files that opt into ASLR with /DYNAMICBASE,
	but do not have a relocation table to allow ASLR to function.

	usage: checkaslr.py <dir>
	ex: checkaslr.py "C:\Program Files\"

	requires: pefile <https://github.com/erocarrera/pefile>, which should be
	installable via: pip install pefile
	'''

mlynchcogent / nmap-cmdline

Created September 27, 2017 19:01 — forked from Neo23x0/nmap-cmdline

Nmap Scan Params for CVE-2017-0143 MS17-010 Scanning

	# Scan for CVE-2017-0143 MS17-010
	# The vulnerability used by WannaCry Ransomware
	#
	# 1. Use @calderpwn's script
	# http://seclists.org/nmap-dev/2017/q2/79
	#
	# 2. Save it to Nmap NSE script directory
	# Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
	# OSX - /opt/local/share/nmap/scripts/
	#