Riebart

"""
Mitmdump extension script that can be used to dump content to disk in a way that can be processed after the fact by arbitrary tools.
"""

import time
import uuid
import json
import os.path

from mitmproxy import http

Riebart

# Generate a new certificate with key, marked exportable (the default), suitable for code signing.
# The certificate is stored in the personal certificate store.
New-SelfSignedCertificate -Subject "CN={YOUR NAME}" -KeySpec "Signature" -KeyUsage "DigitalSignature" -KeyUsageProperty "Sign" -Friendlyname "Code Signing" -NotAfter $([datetime]::now.AddYears(5)) -Type "CodeSigningCert" -CertStoreLocation cert:\currentuser\my -KeyAlgorithm RSA -Keylength 4096 -HashAlgorithm "SHA256" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"

# To Sign a Powershell script with a certificate
# - Find the key, which you can usually do with the thumbprint and knowing where it was stored
# - This may or may not work for you, depending on whether or not you have access to a functioning timestamp server
#   - Regardless of the timestamp, the signature will still work, just won't say when it was signed.
$cert = (ls cert:currentuser\my\0BD717BC985949E736067A15CC7502A1EAE6D031)

Riebart

#!/bin/bash

# get device names from: ffmpeg -list_devices true -f dshow -i dummy

ffmpeg \
  -f dshow -ac 1 -i audio="Audio Input Device A" \
  -f dshow -ac 1 -i audio="Audio Input Device B" \
  -ac 2 -filter_complex "[0:a][1:a]amerge[outA]" -map "[outA]:a" multitrack_out.wav

Riebart

#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}

Riebart

#!/bin/bash

ghostscript -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/printer -dNOPAUSE -dQUIET -dBATCH -sOutputFile=output.pdf PDFsam_merge.pdf

Riebart

#
# These variables are device properties.  For people who are very
# curious about this, you can download the Windows Driver Kit headers and
# look for pciprop.h.  All of these are contained in that file.
#
$devpkey_PciDevice_DeviceType = "{3AB22E31-8264-4b4e-9AF5-A8D2D8E33E62}  1"
$devpkey_PciDevice_RequiresReservedMemoryRegion = "{3AB22E31-8264-4b4e-9AF5-A8D2D8E33E62}  34"
$devpkey_PciDevice_AcsCompatibleUpHierarchy = "{3AB22E31-8264-4b4e-9AF5-A8D2D8E33E62}  31"

$devprop_PciDevice_DeviceType_PciConventional                        =   0

Riebart

#!/usr/bin/env python

# Source: https://stackoverflow.com/questions/12977179/reading-living-process-memory-without-interrupting-it
#
# Adapted to be python3

import os
import re
import sys

Riebart

$session=(query session | select-string Active)[0].ToString().split(" ")[0].substring(1)
Start-Process -verb runas tscon -ArgumentList "$session /dest:console"

Riebart

#!/usr/bin/env python3

import time
import uuid
import random
import re
import sys

import requests

Riebart

Syslog logging levels and parameters

All logs

All logs should contain the following information, preferably encoded in JSON so that it is easily machine-parsable as well as human readable. Graylog can parse JSON, so encoding your fields in that way makes it easy to alert and filter on messaged components.

• Message: The message should be a plaintext description of the event, optionally including an application-unique code.
• Impact: This field should describe the impact, if any (there is no impact for debug and informational events), on the state, output, and resiliency of the application. It should be short (one sentence), but contain enough information for someone not familiar with the application to triage the event.
• Correction: This field should describe any corrective action, if any (there is no corrective action required for debug, informational, and notice level events), that could, or should, be taken to resolve the impacts caused by the event. This should be short (at most two sentences) an