Skip to content

Instantly share code, notes, and snippets.

View aglerj's full-sized avatar

Joe Agler aglerj

7 followers · 32 following
View GitHub Profile
@aglerj
aglerj / README.md
Created October 18, 2022 01:14
Table Top With Teeth - Training Exercise

Instructions

The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities.

The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet

This script is self-contained. It should dynamically write a DLL to disk and load it in to cscript.exe

To Invoke cscript.exe stranger_things.js This example expects a 64bit system.

@simonhearne
simonhearne / rpi-speedtest-influx.py
Last active February 3, 2024 17:54
#!/usr/bin/env python
import datetime
import speedtest
from influxdb import InfluxDBClient
# influx configuration - edit these
ifuser = "grafana"
ifpass = "<yourpassword>"
ifdb = "home"
@lizthegrey
lizthegrey / attributes.rb
Last active February 24, 2024 14:11
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@mattifestation
mattifestation / SimpleTCGLogParser.ps1
Last active April 14, 2019 01:43
If you have the HgsDiagnostics PowerShell module, then you can parse TCG logs.
Import-Module HgsDiagnostics
$GetHgsTrace = Get-Command Get-HgsTrace
$RemoteAttestationCoreReference = $GetHgsTrace.ImplementingType.Assembly.GetReferencedAssemblies() | Where-Object { $_.Name -eq 'Microsoft.Windows.RemoteAttestation.Core' }
Add-Type -AssemblyName $RemoteAttestationCoreReference.FullName
$MostRecentTCGLog = Get-ChildItem C:\Windows\Logs\MeasuredBoot | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1 | Select-Object -ExpandProperty FullName
$LogBytes = [IO.File]::ReadAllBytes($MostRecentTCGLog)
$ParsedTCGLog = [Microsoft.Windows.RemoteAttestation.Core.TcgEventLog]::Parse($LogBytes)
$ParsedTCGLog.TcgData.Children | Sort-Object -Property PcrIndex | Group-Object -Property PcrIndex
@rudfoss
rudfoss / Get-AzTemplateParameters.ps1
Last active July 7, 2023 04:22
<#
.SYNOPSIS
Returns a hashtable of all parameters from the template file merged with the parameters object you provide
#>
function Get-AzTemplateParameters{
param(
[string]
$ParametersFilePath,
[hashtable]
@mattifestation
mattifestation / GetPEFeature.ps1
Last active March 6, 2022 20:12
filter Get-PEFeature {
<#
.SYNOPSIS
Retrieves key features from PE files that can be used to build detections.
.DESCRIPTION
Get-PEFeature extracts key features of PE files that are relevant to building detections.
@7MinSec
7MinSec / mostly_painless_cuckoo_sandbox_install.md
Last active July 21, 2022 02:27
Mostly painless Cuckoo Sandbox install

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

  1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:
  • 100GB hard drive
  • 2 procs
  • 8 gigs of RAM
@apolloclark
apolloclark / lock_down_public_s3_buckets.md
Last active January 27, 2023 08:10
Bash one-liner to find public facing AWS S3 buckets, and make them private

Command

aws s3api list-buckets --query 'Buckets[*].[Name]' --output text | xargs -I {} bash -c 'if [[ $(aws s3api get-bucket-acl --bucket {} --query '"'"'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers` && Permission==`READ`]'"'"' --output text) ]]; then aws s3api put-bucket-acl --acl "private" --bucket {} ; fi'



1. List all of the user's buckets, and output the name, as text.

@mackwage
mackwage / windows_hardening.cmd
Last active April 28, 2024 20:54
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@mattifestation
mattifestation / DeviceGuard_Driver_Strict_Enforcement_policy.xml
Created November 20, 2017 00:38
File-based driver enforcement Device Guard policy for my Surface Laptop w/ Windows 10 Enterprise.
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.0.0.0</VersionEx>
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>