Skip to content

Instantly share code, notes, and snippets.

View EvanMcBroom's full-sized avatar

Evan McBroom EvanMcBroom

130 followers · 151 following
View GitHub Profile
@mattifestation
mattifestation / TLGMetadataParser.psm1
Last active January 18, 2024 17:21
Retrieves TraceLogging metadata from a file.
#requires -version 5
<#
The things you find on Google searching for specific GUIDs...
Known Keyword friendly names:
"UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328"
"UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664"
"UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832"
"UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648"
@arkadiyt
arkadiyt / cryptopals_set_8.md
Last active April 25, 2023 11:19
Cryptopals Set 8

Cryptopals is a set of cryptographic challenges, originally published here: https://cryptopals.com

Set 8 of the challenges was never published publicly, until late March 2018. However the cryptopals website was not updated to include the challenges. This gist compiles the 8th set of the Cryptopals challenges.

title link
57. Diffie-Hellman Revisited: Small Subgroup Confinement https://toadstyle.org/cryptopals/513b590b41d19eff3a0aa028023349fd.txt
58. Pollard's Method for Catching Kangaroos https://toadstyle.org/cryptopals/3e17c7b35fcf491d08c989081ed18c9a.txt
59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks https://toadstyle.org/cryptopals/a0833e607878a80fdc0808f889c721b1.txt
@mattifestation
mattifestation / WmiEventConsumerClassDerivation.ps1
Last active November 15, 2023 18:21
function New-ActiveScriptEventConsumerClass {
<#
.SYNOPSIS
Creates an ActiveScriptEventConsumer WMI class in the namespace of your choosing.
.DESCRIPTION
New-ActiveScriptEventConsumerClass creates a clone of the ActiveScriptEventConsumer WMI event consumer class using the class name and namespace name of your choosing.
@danzek
danzek / WindowsNTFS.md
Last active March 25, 2022 12:25
Some important articles on Windows/NTFS

Important articles about Windows/NTFS

This also contains quotes from the articles in case they are moved/deleted/etc.

A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 Coordinated Universal Time (UTC). The system records file times when applications create, access, and write to files.

The NTFS file system stores time values in UTC format, so they are not affected by changes in time zone or daylight saving time. The FAT file system stores time values based on the local time of the computer. For example, a file that is saved at 3:00pm PST in Washington is seen as 6:00pm EST in New York on an NTFS volume, but it is seen as 3:00pm EST in New York on a FAT volume.

@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active April 29, 2024 13:06
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@tknerr
tknerr / README.md
Last active January 23, 2024 16:42
Vagrant with Ansible Provisioner on Windows

Vagrant with Ansible Provisioner on Windows

Long story short, ansible does not work on a Windows control machine, so you basically have to:

  • either run ansible --connection=local ... in the target vm
  • set up a separate control vm where ansible is installed via shell provisioner

Below are Vagrantfile examples for both approaches

Within the Target VM

@myusuf3
myusuf3 / delete_git_submodule.md
Created November 3, 2014 17:36
How effectively delete a git submodule.

To remove a submodule you need to:

  • Delete the relevant section from the .gitmodules file.
  • Stage the .gitmodules changes git add .gitmodules
  • Delete the relevant section from .git/config.
  • Run git rm --cached path_to_submodule (no trailing slash).
  • Run rm -rf .git/modules/path_to_submodule (no trailing slash).
  • Commit git commit -m "Removed submodule "
  • Delete the now untracked submodule files rm -rf path_to_submodule
@richard-to
richard-to / x11_screen_grab.cpp
Created April 7, 2014 10:30
X11 Example code for grabbing screenshots of window and sending key events
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <opencv2/imgproc/imgproc.hpp>
#include <opencv2/highgui/highgui.hpp>
#include <X11/Xlib.h>
@glombard
glombard / ClipboardNotification.cs
Created December 16, 2013 12:34
Monitor Clipboard changes in C# using AddClipboardFormatListener / WM_CLIPBOARDUPDATE. See Clipboard class: http://msdn.microsoft.com/en-us/library/system.windows.clipboard(v=vs.110).aspx
// from: http://stackoverflow.com/questions/2226920/how-to-monitor-clipboard-content-changes-in-c
/// <summary>
/// Provides notifications when the contents of the clipboard is updated.
/// </summary>
public sealed class ClipboardNotification
{
/// <summary>
/// Occurs when the contents of the clipboard is updated.
/// </summary>