Skip to content

Instantly share code, notes, and snippets.

@Beercow
Beercow / wcr.py
Last active May 16, 2017 18:24 — forked from mak/wcr.py
Extract everything from WannaCry
#!/usr/bin/python
import re
import os,sys
import pefile
import struct
import zipfile
import hashlib
import StringIO
from Crypto import Random
@Beercow
Beercow / config-client.xml
Created November 19, 2016 02:16 — forked from Neo23x0/config-client.xml
Sysmon Base Configuration - Workstations
<!--
This is a Microsoft Sysmon configuation to be used on Windows workstations
v0.1
Florian Roth (with the help and ideas of others)
The focus of this configuration is
- malware detection (execution)
- malware detection (network connections)
- exploit detection
It is not focussed on
@Beercow
Beercow / config-server.xml
Created November 19, 2016 02:16 — forked from Neo23x0/config-server.xml
Sysmon Base Configuration - Windows Server
<!--
This is a Microsoft Sysmon configuation to be used on Windows server systems
v0.1
Florian Roth
The focus of this configuration is
- hacking activity on servers / lateral movement (bad admin, attacker)
It is not focussed on
- malware detection (execution)
- malware detection (network connections)
@Beercow
Beercow / Get-AdGroupMembershipChange.ps1
Created October 23, 2016 02:35 — forked from anonymous/Get-AdGroupMembershipChange.ps1
Detect Changes to AD Group Members and Notify on Change
#requires -Module ActiveDirectory
<#
.SYNOPSIS
This script queries multiple Active Directory groups for new members in a domain. It records group membership
in a CSV file in the same location as the script is located. On the script's initial run it will simply record
all members of all groups into this CSV file. On subsequent runs it will query each group's member list and compare
that list to what's in the CSV file. If any differences are found (added or removed) the script will update the
CSV file to reflect current memberships and notify an administrator of which members were either added or removed.
.NOTES