Skip to content

Instantly share code, notes, and snippets.


2XXE GeneralTesler

View GitHub Profile
mgraeber-rc / GetAMSIEvent.ps1
Created Oct 8, 2021
A simple AMSI event trace parser
View GetAMSIEvent.ps1
# Author: Matt Graeber
# Company: Red Canary
# To start a trace, run the following from an elevated command prompt: logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets
# To stop the trace, run the following: logman stop AMSITrace -ets
# Example usage: Get-AMSIEvent -Path .\AMSITrace.etl
function Get-AMSIEvent {
param (
View beacon.ksy
id: beaconconfig
title: Cobalt Strike Beacon Config
endian: be
doc: |
Cobalt Strike Beacon is a popular offensive security tool. Beacon itself
is a DLL that gets injected into memory and can be staged from C2 servers.
The Beacon DLL (in unencoded form) contains a configuration section that gets
patched by the C2 server. This section is a fixed predictable structure
IanColdwater / twittermute.txt
Last active Jan 26, 2023
Here are some terms to mute on Twitter to clean your timeline up a bit.
View twittermute.txt
Mute these words in your settings here:
View Invoke-ExShellcode.ps1
Lateral movement and shellcode injection via Excel 4.0 macros
Author: Philip Tsukerman (@PhilipTsukerman)
License: BSD 3-Clause
Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank -
function Invoke-ExShellcode
View Invoke-Excel4DCOM64.ps1
# Invoke-Excel4DCOM64.ps1
# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support
# Author: Stan Hegt (@StanHacked) / Outflank, x64 support by Philip Tsukerman (@PhilipTsukerman) / Cybereason
# Date: 2019/04/21
# Version: 1.1
function Invoke-Excel4DCOM
View jwtex_test.go
package jwtex
import (
HarmJ0y / cobaltstrike_sa.txt
Created Sep 28, 2018
Cobalt Strike Situational Awareness Commands
View cobaltstrike_sa.txt
Windows version:
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Users who have authed to the system:
ls C:\Users\
System env variables:
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Saved outbound RDP connections: