Skip to content

Instantly share code, notes, and snippets.

View mwendwa-victor's full-sized avatar
👾

Mw3ndwa Victor mwendwa-victor

👾
2 followers · 15 following
View GitHub Profile
@mwendwa-victor
mwendwa-victor / suspicious_msdt_execution.yml
Created June 10, 2022 19:29 — forked from embee-research/suspicious_msdt_execution.yml
title: Suspicious msdt.exe execution - Office Exploit
id: 97a80ed7-1f3f-4d05-9ef4-65760e634f6b
status: experimental
description: This rule will monitor suspicious arguments passed to the msdt.exe process. These arguments are an indicator of recent Office/Msdt exploitation.
references:
- https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
- https://twitter.com/MalwareJake/status/1531019243411623939
author: 'Matthew Brennan'
tags:
- attack.execution
@mwendwa-victor
mwendwa-victor / GoogleDorking.md
Created December 24, 2021 05:30 — forked from sundowndev/GoogleDorking.md
Google dork cheatsheet

Google dork cheatsheet

Search filters

Filter Description Example
allintext Searches for occurrences of all the keywords given. allintext:"keyword"
intext Searches for the occurrences of keywords all at once or one at a time. intext:"keyword"
inurl Searches for a URL matching one of the keywords. inurl:"keyword"
allinurl Searches for a URL matching all the keywords in the query. allinurl:"keyword"
intitle Searches for occurrences of keywords in title all or one. intitle:"keyword"
@mwendwa-victor
mwendwa-victor / log4j_rce_detection.md
Created December 23, 2021 04:59 — forked from Neo23x0/log4j_rce_detection.md
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log