Kali Linux

Heyserial : Programmatically Create Hunting Rules For Deserialization Exploitation

Heyserial will Programmatically create hunting rules for deserialization exploitation with multiple

  • keywords (e.g. cmd.exe)
  • gadget chains (e.g. CommonsCollection)
  • object types (e.g. ViewState, Java, Python Pickle, PHP)
  • encodings (e.g. Base64, raw)
  • rule types (e.g. Snort, Yara)

Usage

Help: python3 heyserial.py -h

Examples:

python3 heyserial.py -c ‘ExampleChain::condition1+condition2’ -t JavaObj
python3 heyserial.py -k cmd.exe whoami ‘This file cannot be run in DOS mode’
python3 heyserial.py -k Process.Start -t NETViewState -e base64 “base64+utf16le”

Utils

utils/checkyoself.py

This is a tool to automate bulk testing of Snort and Yara rules on a variety of sample files.

Usage: python3 checkyoself.py [-y rules.yara] [-s rules.snort] [-o file_output_prefix] [--matches] [--misses] -d malware.exe malware.pcap

Examples: python3 checkyoself.py -y rules/javaobj -s rules/javaobj -d payloads/javaobj pcaps --misses -o java_misses

utils/generate_payloads.ps1

YSoSerial.NET v1.34 payload generation. Run on Windows from the ./utils directory.

  • Source: https://github.com/pwntester/ysoserial.net
  • License: ysoserial.net_LICENSE.txt

utils/generate_payloads.sh

YSoSerial payload generation. Run on Linux from the ./utils directory.

  • Source: https://github.com/frohoff/ysoserial
  • License: ysoserial_LICENSE.txt

utils/install_snort.sh

Installing Snort on a Debian based system was a bit finnicky for me, so I wrote my install notes here.

Use at your own risk in a VM that you have snapshotted recently.

utils/server.py

Simple Python script that runs an HTTP server on 127.0.0.1:12345 and accepts POST requests.

Handy for generating test PCAPs.

R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

7 days ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

7 days ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

7 days ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

7 days ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago