PE Injection/Impersonation:
View GetAMSIEvent.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Author: Matt Graeber | |
# Company: Red Canary | |
# To start a trace, run the following from an elevated command prompt: logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets | |
# To stop the trace, run the following: logman stop AMSITrace -ets | |
# Example usage: Get-AMSIEvent -Path .\AMSITrace.etl | |
function Get-AMSIEvent { | |
param ( |
View beacon.ksy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
meta: | |
id: beaconconfig | |
title: Cobalt Strike Beacon Config | |
endian: be | |
doc: | | |
Cobalt Strike Beacon is a popular offensive security tool. Beacon itself | |
is a DLL that gets injected into memory and can be staged from C2 servers. | |
The Beacon DLL (in unencoded form) contains a configuration section that gets | |
patched by the C2 server. This section is a fixed predictable structure |
View twittermute.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mute these words in your settings here: https://twitter.com/settings/muted_keywords | |
ActivityTweet | |
generic_activity_highlights | |
generic_activity_momentsbreaking | |
RankedOrganicTweet | |
suggest_activity | |
suggest_activity_feed | |
suggest_activity_highlights | |
suggest_activity_tweet |
View Invoke-ExShellcode.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Lateral movement and shellcode injection via Excel 4.0 macros | |
Author: Philip Tsukerman (@PhilipTsukerman) | |
License: BSD 3-Clause | |
Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank - https://github.com/outflanknl/Excel4-DCOM | |
#> | |
function Invoke-ExShellcode | |
{ | |
<# |
View Invoke-Excel4DCOM64.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#********************************************************************** | |
# Invoke-Excel4DCOM64.ps1 | |
# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support | |
# Author: Stan Hegt (@StanHacked) / Outflank, x64 support by Philip Tsukerman (@PhilipTsukerman) / Cybereason | |
# Date: 2019/04/21 | |
# Version: 1.1 | |
#********************************************************************** | |
function Invoke-Excel4DCOM | |
{ |
View ui-frameworks.md
React
- Ant Design - https://ant.design/
- Atlaskit by Atlassian - https://atlaskit.atlassian.com/
- Base Web by Uber - https://baseweb.design/
- Blueprint by Palantir - https://blueprintjs.com/
- Carbon by IBM - https://www.carbondesignsystem.com/
- Elastic UI by Elastic - https://elastic.github.io/eui/
- Evergreen by Segment - https://evergreen.segment.com/
View jwtex_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package jwtex | |
import ( | |
"encoding/base64" | |
"encoding/json" | |
"fmt" | |
"strings" | |
"testing" | |
) |
View cobaltstrike_sa.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows version: | |
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |
Users who have authed to the system: | |
ls C:\Users\ | |
System env variables: | |
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment | |
Saved outbound RDP connections: |
NewerOlder