scrapped from @x0rz,@etlow,@Dinosn,@hackerfantastic,@highmeh,@cyb3rops and others
- A quick analysis of the latest Shadow Brokers dump https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/
- Timestamps
$path = "REGISTRY::HKEY_CLASSES_ROOT\CLSID\" | |
Get-ChildItem -Path $path -Recurse | foreach { | |
$CurrentKey = Get-ItemProperty -Path $_.PsPath | |
if ($CurrentKey.PSChildName -match "Elevation") { | |
$details = Get-ItemProperty -Path $CurrentKey.PSParentPath | |
Out-File -FilePath ".\elevation.txt" -InputObject $details -Append | |
} | |
} |
scrapped from @x0rz,@etlow,@Dinosn,@hackerfantastic,@highmeh,@cyb3rops and others
Yokogawa;CENTUM CS 3000 DCS;CENTUM:CENTUM | |
Yokogawa;EJX910A Multivariable Transmitter HART Communication Type;YOKOGAWA. (to release the Write Protect mode) | |
Yokogawa;WT 3000 Driver;anonymous:blank (Ethernet access) | |
Yokogawa;DX1000/DX1000N/DX2000 Advanced;Administrator 1:Admin1 etc./ User 1:User01 etc. | |
Yokogawa;YFGW410 gateway;admin:!admin | |
Wonderware;System Platform/Archestra;administrator:blank | |
Wonderware;Intouch;Administrator:Wonderware | |
Wonderware;Historian;SQL Server Login: aadbo:pwddbo, wwdbo:pwddbo, aaAdmin:pwAdmin, wwAdmin:wwAdmin, aaPower:pwPower, wwPower:wwPower, aaUser:pwUser, wwUser:wwUser | |
Westermo;TDW 33;no password, just return, Hardcoded password: n3Y9kA6otYZu8, (?? TD-36) | |
Westermo;MRD-305-DIN/MRD-310/MRD-315/MRD-330/MRD-355/MRD-350/MRD-455;admin:westermo |