Brian Maloney Beercow

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Beercow
                / keybase.md
            
            
              Created
              July 14, 2016 10:36
            
          
    Keybase proof

I hereby claim:

I am beercow on github.
I am beercow (https://keybase.io/beercow) on keybase.
I have a public key whose fingerprint is 9501 0FD3 AF08 DF20 B68A  DA77 28C3 1FB1 7677 4021

To claim this, I am signing this object:

  
## gist:cc898d3be88d509677aa119617017cd3
### Keybase proof

I hereby claim:

  * I am beercow on github.
  * I am beercow (https://keybase.io/beercow) on keybase.
  * I have a public key ASAJTCOoPPRdcXdy_uePSyojq5R5VwRMVWxg07cSkEX0JAo

To claim this, I am signing this object:

## Get-AdGroupMembershipChange.ps1
#requires -Module ActiveDirectory

<#
        .SYNOPSIS
        This script queries multiple Active Directory groups for new members in a domain.  It records group membership
        in a CSV file in the same location as the script is located. On the script's initial run it will simply record
        all members of all groups into this CSV file.  On subsequent runs it will query each group's member list and compare
        that list to what's in the CSV file.  If any differences are found (added or removed) the script will update the
        CSV file to reflect current memberships and notify an administrator of which members were either added or removed.
        .NOTES

## config-server.xml
<!--
   This is a Microsoft Sysmon configuation to be used on Windows server systems
   v0.1
   Florian Roth

   The focus of this configuration is
   - hacking activity on servers / lateral movement (bad admin, attacker)
   It is not focussed on
   - malware detection (execution)
   - malware detection (network connections)

## config-client.xml
<!--
   This is a Microsoft Sysmon configuation to be used on Windows workstations
   v0.1
   Florian Roth (with the help and ideas of others)

   The focus of this configuration is
   - malware detection (execution)
   - malware detection (network connections)
   - exploit detection
   It is not focussed on

## wcr.py
#!/usr/bin/python

import re
import os,sys
import pefile
import struct
import zipfile
import hashlib
import StringIO
from Crypto import Random

## POSeidon.py
#!/usr/bin/env python
#author Beercow

import dpkt, re, base64, sys

def decodeb64(data):
    data = base64.b64decode(str(data))
    return data

def decodexor(data):

## Notepad++ Python IDE Setup.md

      
              1 file
            
          
              8 forks
            
          
              9 comments
            
          
              2 stars
            
          
                Beercow
                / Notepad++ Python IDE Setup.md
            
            
              Last active
              May 7, 2024 04:07
            
          
Install Notepad++ (check "set as default HTML editor" to replace Notepad in IE).


Run Notepad++, update its plugins, and install "NppExec" via Plugins, Plugin Manager.


Download DBGpPlugin . Place in C:\Program Files (x86)\Notepad++\plugins\DBGpPlugin


Use this link to download a modified version of the Komodo Remote Debugging Package. Place in plugin directory. (Unmodified Komodo package does not work with DBGpPlugin) Also contains DBGpPlugin


Enter these scripts for Python debugging:
Press F6 to create a NppExec Execute script, save as "Run Python":
cd "$(CURRENT_DIRECTORY)"


## eztools.nlp
[General]
SoftwareCount=21
GroupCount=3
Name=Eric Zimmerman Tools

[Group0]
name=Command-Line Utilities

[Group1]
name=GUI Utilities

## event_data.ps1
$provider = get-winevent -ListProvider *
$Collection =@()
foreach ($entry in $provider)
    {
    foreach ($object in $entry.events)
       {
       foreach ($log in $entry.LogLinks.LogName)
            {
            [xml]$data = $object.Template
            foreach ($DataType in $data.template.data.name)
	### Keybase proof

	I hereby claim:

	* I am beercow on github.
	* I am beercow (https://keybase.io/beercow) on keybase.
	* I have a public key ASAJTCOoPPRdcXdy_uePSyojq5R5VwRMVWxg07cSkEX0JAo

	To claim this, I am signing this object:
	#requires -Module ActiveDirectory

	<#
	.SYNOPSIS
	This script queries multiple Active Directory groups for new members in a domain. It records group membership
	in a CSV file in the same location as the script is located. On the script's initial run it will simply record
	all members of all groups into this CSV file. On subsequent runs it will query each group's member list and compare
	that list to what's in the CSV file. If any differences are found (added or removed) the script will update the
	CSV file to reflect current memberships and notify an administrator of which members were either added or removed.
	.NOTES
	<!--
	This is a Microsoft Sysmon configuation to be used on Windows server systems
	v0.1
	Florian Roth

	The focus of this configuration is
	- hacking activity on servers / lateral movement (bad admin, attacker)
	It is not focussed on
	- malware detection (execution)
	- malware detection (network connections)
	#!/usr/bin/python

	import re
	import os,sys
	import pefile
	import struct
	import zipfile
	import hashlib
	import StringIO
	from Crypto import Random
	#!/usr/bin/env python
	#author Beercow

	import dpkt, re, base64, sys

	def decodeb64(data):
	data = base64.b64decode(str(data))
	return data

	def decodexor(data):
	[General]
	SoftwareCount=21
	GroupCount=3
	Name=Eric Zimmerman Tools

	[Group0]
	name=Command-Line Utilities

	[Group1]
	name=GUI Utilities
	$provider = get-winevent -ListProvider *
	$Collection =@()
	foreach ($entry in $provider)
	{
	foreach ($object in $entry.events)
	{
	foreach ($log in $entry.LogLinks.LogName)
	{
	[xml]$data = $object.Template
	foreach ($DataType in $data.template.data.name)