2XXE (SRA) 2XXE-SRA

## init.sh
#!/bin/bash

#bashrc config
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> $HOME/.bashrc
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> sudo tee -a /root/.bashrc
echo "export PATH=~/.local/bin:$PATH" >> $HOME/.bashrc
echo "export PATH=~/.local/bin:$PATH" >> /root/.bashrc

#apt general
sudo apt-get update -y

## kali-docker.sh
#!/bin/bash

apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" >> /etc/apt/sources.list
apt update
apt-get install -y docker-ce docker-ce-cli containerd.io

## burp_encode.json
{
    "user_options":{
        "misc":{
            "hotkeys":[
                {
                    "action":"editor_url_decode",
                    "hotkey":"Ctrl+Shift+U"
                },
                {
                    "action":"editor_url_encode_all_characters",

## coolcryptor.ps1
function Invoke-AESEncryptDirectory
{
    param(
        [string]$directory,
        [string]$extension
    )

    $csharp = @"
    //https://stackoverflow.com/questions/27645527/aes-encryption-on-large-files
    using System;

## bucket-region.py
import boto3
from botocore import UNSIGNED
from botocore.client import Config

s3 = boto3.client('s3', config=Config(signature_version=UNSIGNED))
s3.head_bucket(Bucket="bucketname")
print(s3.head_bucket(Bucket="flaws.cloud")["ResponseMetadata"]["HTTPHeaders"]["x-amz-bucket-region"]) # output: us-west-2

## netrelease.ps1
# based on NetCease: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b

# can be deployed on a per-host basis using this script - e.g. via something like SCCM
#   or, once deployed to one host, can be deployed via GPO Registry preferences by copying the set registry value
#   (lanmanserver still needs to be restarted when done this way)
#     see: https://adsecurity.org/?p=3299 -> Disable Windows Legacy & Typically Unused Features -> Disable Net Session Enumeration (NetCease)

# constants
$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
$name = "SrvsvcSessionInfo"

## 2.exe
.

## sddl.py
"""A module for translating and manipulating SDDL strings.


  SDDL strings are used by Microsoft to describe ACLs as described in
  http://msdn.microsoft.com/en-us/library/aa379567.aspx.

  Example: D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)
  """

__author__ = 'tojo2000@tojo2000.com (Tim Johnson)'

## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                2XXE-SRA
                / README.md
            
            
              Last active
              May 20, 2020 21:02
            
              
                Convert Evtx to JSON for Mordor
              
          
    Convert .evtx file to Mordor

Setup

Download Winlogbeat and place in same directory as script or in $PATH
Usage

PS&gt;


## row.py
from pyspark.sql import Row

# mydict is something like {"abc":"def", "ghi":"jkl"}
computer = Row(*mydict.keys())
rows = [computer(*mydict.values())]
display(spark.createDataFrame(row))
	#!/bin/bash

	#bashrc config
	echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> $HOME/.bashrc
	echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> sudo tee -a /root/.bashrc
	echo "export PATH=~/.local/bin:$PATH" >> $HOME/.bashrc
	echo "export PATH=~/.local/bin:$PATH" >> /root/.bashrc

	#apt general
	sudo apt-get update -y
	#!/bin/bash

	apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
	curl -fsSL https://download.docker.com/linux/debian/gpg \| sudo apt-key add -
	echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" >> /etc/apt/sources.list
	apt update
	apt-get install -y docker-ce docker-ce-cli containerd.io
	{
	"user_options":{
	"misc":{
	"hotkeys":[
	{
	"action":"editor_url_decode",
	"hotkey":"Ctrl+Shift+U"
	},
	{
	"action":"editor_url_encode_all_characters",
	function Invoke-AESEncryptDirectory
	{
	param(
	[string]$directory,
	[string]$extension
	)

	$csharp = @"
	//https://stackoverflow.com/questions/27645527/aes-encryption-on-large-files
	using System;
	import boto3
	from botocore import UNSIGNED
	from botocore.client import Config

	s3 = boto3.client('s3', config=Config(signature_version=UNSIGNED))
	s3.head_bucket(Bucket="bucketname")
	print(s3.head_bucket(Bucket="flaws.cloud")["ResponseMetadata"]["HTTPHeaders"]["x-amz-bucket-region"]) # output: us-west-2
	# based on NetCease: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b

	# can be deployed on a per-host basis using this script - e.g. via something like SCCM
	# or, once deployed to one host, can be deployed via GPO Registry preferences by copying the set registry value
	# (lanmanserver still needs to be restarted when done this way)
	# see: https://adsecurity.org/?p=3299 -> Disable Windows Legacy & Typically Unused Features -> Disable Net Session Enumeration (NetCease)

	# constants
	$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
	$name = "SrvsvcSessionInfo"
	"""A module for translating and manipulating SDDL strings.


	SDDL strings are used by Microsoft to describe ACLs as described in
	http://msdn.microsoft.com/en-us/library/aa379567.aspx.

	Example: D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)
	"""

	__author__ = 'tojo2000@tojo2000.com (Tim Johnson)'
	from pyspark.sql import Row

	# mydict is something like {"abc":"def", "ghi":"jkl"}
	computer = Row(*mydict.keys())
	rows = [computer(*mydict.values())]
	display(spark.createDataFrame(row))