RalphDesmangles
RalphDesmangles
/ hwbp.ps1
Last active
June 6, 2024 05:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #S-1-5-21-1363448606-2532500905-3522898959-4676 | |
| $HardwareBreakpoint = @" | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq.Expressions; | |
| using System.Linq; | |
| using System.Runtime.CompilerServices; | |
| using System.Net; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; |
RalphDesmangles
/ dc_lookup.py
Last active
May 22, 2024 15:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import dns.resolver | |
| import sys | |
| list_of_dcs = [] | |
| new_dict = {} | |
| GREEN = '\033[0;32m' | |
| def print_colored(message, color_code): | |
| RESET_COLOR = "\033[0m" | |
| print(f"{color_code}{message}{RESET_COLOR}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "queries": [ | |
| { | |
| "name": "Find all Certificate Templates", | |
| "category": "Certificates", | |
| "queryList": [ | |
| { | |
| "final": true, | |
| "query": "MATCH (n:GPO) WHERE n.type = 'Certificate Template' RETURN n" | |
| } |
RalphDesmangles
/ GetLoggedOnUsersRegistry.cs
Last active
February 15, 2024 13:22
Enumerating Logged-On Users on Remote Systems via RemoteRegistry / Winreg Named Pipe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Security.Principal; | |
| using System.Text.RegularExpressions; | |
| /* | |
| PoC To enumerate logged on users on a remote system using the winreg named pipe. | |
| Based on the work of Rohan Vazarkar (@cptjesus) and Antonio Cocomazzi (@splinter_code). | |
| RemoteRegistry service must be enabled (default) for this to work. |