Download Winlogbeat and place in same directory as script or in $PATH
PS>
#!/bin/bash | |
#bashrc config | |
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> $HOME/.bashrc | |
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> sudo tee -a /root/.bashrc | |
echo "export PATH=~/.local/bin:$PATH" >> $HOME/.bashrc | |
echo "export PATH=~/.local/bin:$PATH" >> /root/.bashrc | |
#apt general | |
sudo apt-get update -y |
#!/bin/bash | |
apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common | |
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - | |
echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" >> /etc/apt/sources.list | |
apt update | |
apt-get install -y docker-ce docker-ce-cli containerd.io |
{ | |
"user_options":{ | |
"misc":{ | |
"hotkeys":[ | |
{ | |
"action":"editor_url_decode", | |
"hotkey":"Ctrl+Shift+U" | |
}, | |
{ | |
"action":"editor_url_encode_all_characters", |
function Invoke-AESEncryptDirectory | |
{ | |
param( | |
[string]$directory, | |
[string]$extension | |
) | |
$csharp = @" | |
//https://stackoverflow.com/questions/27645527/aes-encryption-on-large-files | |
using System; |
import boto3 | |
from botocore import UNSIGNED | |
from botocore.client import Config | |
s3 = boto3.client('s3', config=Config(signature_version=UNSIGNED)) | |
s3.head_bucket(Bucket="bucketname") | |
print(s3.head_bucket(Bucket="flaws.cloud")["ResponseMetadata"]["HTTPHeaders"]["x-amz-bucket-region"]) # output: us-west-2 |
# based on NetCease: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b | |
# can be deployed on a per-host basis using this script - e.g. via something like SCCM | |
# or, once deployed to one host, can be deployed via GPO Registry preferences by copying the set registry value | |
# (lanmanserver still needs to be restarted when done this way) | |
# see: https://adsecurity.org/?p=3299 -> Disable Windows Legacy & Typically Unused Features -> Disable Net Session Enumeration (NetCease) | |
# constants | |
$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity" | |
$name = "SrvsvcSessionInfo" |
. |
"""A module for translating and manipulating SDDL strings. | |
SDDL strings are used by Microsoft to describe ACLs as described in | |
http://msdn.microsoft.com/en-us/library/aa379567.aspx. | |
Example: D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU) | |
""" | |
__author__ = 'tojo2000@tojo2000.com (Tim Johnson)' |
from pyspark.sql import Row | |
# mydict is something like {"abc":"def", "ghi":"jkl"} | |
computer = Row(*mydict.keys()) | |
rows = [computer(*mydict.values())] | |
display(spark.createDataFrame(row)) |