People
 :bowtie: |
😄 :smile: |
😆 :laughing: |
|---|---|---|
😊 :blush: |
😃 :smiley: |
:relaxed: |
😏 :smirk: |
😍 :heart_eyes: |
😘 :kissing_heart: |
😚 :kissing_closed_eyes: |
😳 :flushed: |
😌 :relieved: |
😆 :satisfied: |
😁 :grin: |
😉 :wink: |
😜 :stuck_out_tongue_winking_eye: |
😝 :stuck_out_tongue_closed_eyes: |
😀 :grinning: |
😗 :kissing: |
😙 :kissing_smiling_eyes: |
😛 :stuck_out_tongue: |
| # Run me with: | |
| # | |
| # $ nginx -p /path/to/this/file/ -c nginx.conf | |
| # | |
| # All requests are then routed to authenticated user's index, so | |
| # | |
| # GET http://user:password@localhost/_search?q=* | |
| # | |
| # is rewritten to: | |
| # |
| ########################################################################### | |
| # Rotating bits (tested with Python 2.7) | |
| from __future__ import print_function # PEP 3105 | |
| # max bits > 0 == width of the value in bits (e.g., int_16 -> 16) | |
| # Rotate left: 0b1001 --> 0b0011 | |
| rol = lambda val, r_bits, max_bits: \ | |
| (val << r_bits%max_bits) & (2**max_bits-1) | \ |
| @echo off | |
| echo Uninstalling KB3075249 (telemetry for Win7/8.1) | |
| start /w wusa.exe /uninstall /kb:3075249 /quiet /norestart | |
| echo Uninstalling KB3080149 (telemetry for Win7/8.1) | |
| start /w wusa.exe /uninstall /kb:3080149 /quiet /norestart | |
| echo Uninstalling KB3021917 (telemetry for Win7) | |
| start /w wusa.exe /uninstall /kb:3021917 /quiet /norestart | |
| echo Uninstalling KB3022345 (telemetry) | |
| start /w wusa.exe /uninstall /kb:3022345 /quiet /norestart | |
| echo Uninstalling KB3068708 (telemetry) |
| <!-- | |
| This is a Microsoft Sysmon configuration to be used on Windows workstations | |
| v0.2.1 December 2016 | |
| Florian Roth (with the help and ideas of others) | |
| The focus of this configuration is | |
| - malware detection (execution) | |
| - malware detection (network connections) | |
| - exploit detection | |
| It is not focussed on |
| ### | |
| ### | |
| ### UPDATE: For Win 11, I recommend using this tool in place of this script: | |
| ### https://christitus.com/windows-tool/ | |
| ### https://github.com/ChrisTitusTech/winutil | |
| ### https://www.youtube.com/watch?v=6UQZ5oQg8XA | |
| ### iwr -useb https://christitus.com/win | iex | |
| ### | |
| ### |
| # Simulate fake processes of analysis sandbox/VM that some malware will try to evade | |
| # This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...) | |
| # It's just a PoC and it's ugly as f*ck but hey, if it works... | |
| # Usage: .\fake_sandbox.ps1 -action {start,stop} | |
| param([Parameter(Mandatory=$true)][string]$action) | |
| $fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe", | |
| "VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe", |
| <# | |
| Powershell script to create and monitor a ransomware canary file; | |
| If the canary is modified, the script will notify the user, log the data, | |
| create an entry in the event log, and stop the workstation service, | |
| crippling the machine's ability to map or access network drives. | |
| Modified from a script found at freeforensics.org | |
| #> | |
| $DirPath = "C:\Temp\" |
credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic
context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation
| 😒🙅🙄 | |
| $thing for fun and profit | |
| all your $thing are belong to $shutup | |
| honey I $verbed the $thing | |
| $thing demystified | |
| $thing: a deep dive | |
| $verb all the things | |
| make $thing great again | |
| $x and $y and $z, oh my! |