I hereby claim:
- I am diyinfosec on github.
- I am ane2843 (https://keybase.io/ane2843) on keybase.
- I have a public key ASBVHEdc_Yub7TdQ7oulsyilO33pP4Y1T0iX2ukTTXKkcQo
To claim this, I am signing this object:
diyinfosec
diyinfosec
/ keybase.md
Created
August 30, 2022 10:09
diyinfosec
/ ext4_test.sh
Last active
June 2, 2022 20:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #- This script is just a collection of functions that I created for learning ext4. | |
| #- Just run ". ./manage_ext4.sh" from the command prompt and it will load the functions into your current session. | |
| #- To list the functions defined in your Bash shell use: "declare -F" | |
| #- For our purposes you can ignore functions starting with _. So "declare -F | grep -v ' _'" gives you a shorter list. | |
| #================================== | |
| #- Comments about multipass | |
| #================================== |
diyinfosec
/ manage.sh
Created
May 28, 2022 16:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #- Script to setup Docker, Minikube, Kubectl, Helm on Ubuntu. | |
| #- On the K8s cluster install - Vault, Consul, Datadog agent. | |
| #- Access to K8s dashboard is provided through nginx on port 5000. http://<host_ip>:5000 | |
| #- Acess to Vault UI is provided through kubectl port-forward. http://<host_ip>:8200 | |
| #- I use multipass for the VMs, so rebuild a VM the following steps are applicable. | |
| #- For the first time, the first two commands can be ignored. | |
| # multipass delete ktest |
diyinfosec
/ k8s-audit-policy.yaml
Created
May 24, 2022 21:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: audit.k8s.io/v1beta1 | |
| kind: Policy | |
| rules: | |
| # non relevant rules | |
| - level: None | |
| nonResourceURLs: | |
| - "/healthz*" | |
| - "/logs" | |
| - "/metrics" | |
| - "/swagger*" |
diyinfosec
/ ntfs_ads_limit_test.ps1
Created
February 3, 2022 18:07
Testing the number of possible Alternate Data Streams for a file in NTFS.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #- Iterate over the maximum size of Attribute ID | |
| for($i=1; $i -lt 65536; $i++) | |
| { | |
| #- This file must already exist. Additional hardlinks will be created for this file. | |
| $original_file_name="file.txt"; | |
| #- Testing the upper limit for ADS creation, breaking off once there is an non-terminating error [Set-Content : Could not open the alternate data stream ‘<stream_name>’ of the file] | |
| #- Non-terminating errors are not handled using try/catch. To force a non-terminating error to be caught we use "-ErrorAction Stop" | |
| try | |
| { |
diyinfosec
/ ntfs_hardlink_limit_test.ps1
Created
January 30, 2022 17:46
Powershell script to test how many hardlinks are supported for a file in NTFS.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #- Author: Ramprasad R | |
| #- Purpose: This is a simple script I wrote to test how many hardlinks I can create for a file. | |
| #- Language: Powershell | |
| <# | |
| Question: | |
| How many NTFS attributes can a file have? | |
| Hypothesis: | |
| In the MFT, the Attribute ID field is 2 bytes = 16 bits = 2^16 = 65536 | |
| Technically I should be able to create a file with 65536 attributes |
diyinfosec
/ 04-aes-find-ntfs-efs-keys.py
Created
January 28, 2022 18:11
Scan memory and find AES-256 keys used by Encrypting File System (NTFS)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| #- Name of the file/drive letter to scan | |
| #input_file_name="C:\\memory.dmp" | |
| input_file_name="memory.dmp" | |
| key_len=32 | |
| #- Open the input file | |
| with open(input_file_name, "rb") as f: |
diyinfosec
/ 03-aes-key-find-using-schedule.py
Created
January 27, 2022 19:57
Find AES-256 keys in memory dump based on key schedule calculation across a sliding window.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from timeit import default_timer as timer | |
| from binascii import b2a_hex,hexlify | |
| #- First half of the code covers AES schedule calculation. Memory dump processing, line 150 onwards. | |
| #- AES key schedule calculation taken from: https://www.alexrhodes.io/blog/post/30/ | |
| class AesKeySchedule: | |
| #AES S-box | |
| s_box = [ |
diyinfosec
/ 02-aes-bruteforce-with-randomness-check.py
Created
January 27, 2022 18:28
Brute-force AES-256 keys from memory dump with randomness checks (using count of distinct bytes)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from timeit import default_timer as timer | |
| from binascii import b2a_hex | |
| #- Config variables | |
| filename="memory.dmp" | |
| aes_key_size=32 | |
| min_distinct_bytes=10 | |
| #- Variables related to file processing | |
| file_offset=0; |
diyinfosec
/ aes-with-key-schedule.py
Created
January 26, 2022 16:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from timeit import default_timer as timer | |
| from binascii import b2a_hex,hexlify | |
| #- Goto "Memory dump processing" second section | |
| #- AES key schedule calculation taken from: https://www.alexrhodes.io/blog/post/30/ | |
| class AesKeySchedule: | |
| #AES S-box | |
| s_box = [ |
NewerOlder