| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
Ryan awsmhacks
IISResetMe
/ Find-VulnerableSchemas.ps1
Last active
January 18, 2025 03:39
Find-VulnerableSchemas.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dictionary to hold superclass names | |
| $superClass = @{} | |
| # List to hold class names that inherit from container and are allowed to live under computer object | |
| $vulnerableSchemas = [System.Collections.Generic.List[string]]::new() | |
| # Resolve schema naming context | |
| $schemaNC = (Get-ADRootDSE).schemaNamingContext | |
| # Enumerate all class schemas |
Acebond
/ bh_split2.py
Last active
October 3, 2023 17:39
Split large SharpHound datasets (JSON files) into smaller files that can more easily be imported into BloodHound. Especially useful due to the Electron memory limitations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # Based on https://gist.github.com/deltronzero/7c23bacf97b4b61c7a2f2950ef6f35d8 | |
| # pip install simplejson | |
| import simplejson | |
| import sys | |
| def splitfile(file_name, object_limit): | |
| print(f"[*] Loading {file_name}") | |
| with open(file_name) as f: | |
| data = simplejson.load(f) |
Neo23x0
/ Base64_CheatSheet.md
Last active
October 5, 2025 22:13
Learning Aid - Top Base64 Encodings Table
ihack4falafel
/ Invoke-UpdateMimikatzScript.ps1
Last active
February 11, 2024 18:22
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Invoke-UpdateMimikatzScript created by Hashim Jawad (@ihack4falafel) | |
| .DESCRIPTION | |
| Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire, see the link https://raw.githubusercontent.com/EmpireProject/Empire/dev/data/module_source/credentials/Invoke-Mimikatz.ps1 | |
| .PARAMETER DllPath | |
| Path to powerkatz.dll generated via Visual Studio. | |
| .PARAMETER ScriptPath | |
| Path to Invoke-Mimikatz.ps1 script. |
jeffmcjunkin
/ gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active
August 26, 2025 22:02
Useful Cypher queries for BloodHound
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer | |
| RETURN u.name | |
| That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership | |
| --------------- | |
| MATCH | |
| (U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer) | |
| WITH | |
| U.name as n, |
its-a-feature
/ Domain Enumeration Commands
Created
January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |