start new:
tmux
start new with session name:
tmux new -s myname
ProbieK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Compiled source # | |
| ################### | |
| *.com | |
| *.class | |
| *.dll | |
| *.exe | |
| *.o | |
| *.so | |
| # Packages # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e # bail on errors | |
| # Make sure your shell history isn't saved | |
| hsback=$HISTFILE | |
| unset HISTFILE | |
| echo "Enter you current PIN - leave blank if default:" | |
| read oldpin |
mattifestation
/ WMI_attack_detection.ps1
Last active
March 16, 2021 23:02
BlueHat 2016 - WMI attack detection demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region Scriptblocks that will execute upon alert trigger | |
| $LateralMovementDetected = { | |
| $Event = $EventArgs.NewEvent | |
| $EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED) | |
| $MethodName = $Event.MethodName | |
| $Namespace = $Event.Namespace | |
| $Object = $Event.ObjectPath | |
| $User = $Event.User |
pkirkovsky
/ yubikey-reset.sh
Last active
October 20, 2023 21:57
Utility for resetting a Yubikey to factory defaults using gpg-connect-agent. This will wipe out any stored keys and reset PINs to default values.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Adapted from https://developers.yubico.com/ykneo-openpgp/ResetApplet.html | |
| gpg-connect-agent <<EOF | |
| /hex | |
| scd serialno | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 |
Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)
Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18
Accelerator: 8x Nvidia GTX 1080 Founders Edition
tyranid
/ bypass_uac.ps1
Last active
February 16, 2024 08:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Powershell script to bypass UAC on Vista+ assuming | |
| # there exists one elevated process on the same desktop. | |
| # Technical details in: | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html | |
| # https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html | |
| # You need to Install-Module NtObjectManager for this to run. | |
| Import-Module NtObjectManager |
staaldraad
/ onDC.ps1
Created
May 30, 2017 14:47
Detect Possible Ruler usage On Exchange and Domain Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-EventLog -InstanceId 4776 -LogName "Security" | ForEach-Object { | |
| $sp = $_.message -split "`n" | |
| $tmp = $sp | Select-String -Pattern 'RULER' | |
| if($tmp.count -ge 1){ | |
| Write-Host "Possible Ruler usage at: " $_.TimeGenerated | |
| $sp | Select-String -Pattern 'Logon Account:' | write-host | |
| } | |
| } |
vulnersCom
/ Petya_ransomware.md
Last active
July 6, 2023 19:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rough summary of developing BadRabbit info | |
| ------------------------------------------ | |
| BadRabbit is locally-self-propagating ransomware (ransom: 0.05 BTC), spreading via SMB once inside. | |
| Requires user interaction. | |
| Mostly targeting Russia and Ukraine so far, with a few others (Germany, Turkey, Bulgaria, Montenegro ...) | |
| Not globally self-propagating, but could be inflicted on selected targets on purpose. | |
| May be part of same group targeting Ukraine generally (BACKSWING) (per FireEye) | |
| Confirmed to use ETERNALROMANCE exploit, and same source code and build chain as NotPetya (per Talos) | |
| Mitigations are similar to Petya/NotPetya resistance. An inoculation is also available (see below). |
OlderNewer