$ uname -r
cdn415
wpg4665
/ reclaimWindows10.ps1
Last active
November 11, 2018 02:26
— forked from alirobe/reclaimWindows10.ps1
"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Forked from http://pastebin.com/gQxCUkLP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| # Tweaked Win10 Initial Setup Script | |
| # Primary Author: Disassembler <disassembler@dasm.cz> | |
| # Original Version: 1.4, 2016-01-16 | |
| # Tweaked based on personal preferences for @alirobe 2016-03-23 - v1.4.1 | |
| # NOTE: MAKE SURE YOU READ THIS SCRIPT CAREFULLY BEFORE RUNNING IT + ADJUST COMMENTING AS APPROPRIATE | |
| ########## | |
| # Ask for elevated permissions if required | |
| If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { |
ipbastola
/ clean-up-boot-partition-ubuntu.md
Last active
June 5, 2024 21:05
Safest way to clean up boot partition - Ubuntu 14.04LTS-x64, Ubuntu 16.04LTS-x64
MHaggis
/ Beacon.csv
Created
December 23, 2020 14:12
Extraction of Spawnto's in public CobaltStrike servers, related to https://twitter.com/M_haggis/status/1341746928665542659?s=20, https://twitter.com/MichalKoczwara/status/1341659356866240517
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spawnto | count | |
|---|---|---|
| WUAUCLT.exe | 1 | |
| WerFault.exe | 3 | |
| batchexe | 2 | |
| cmstp.exe | 1 | |
| compact.exe | 1 | |
| dllhost.exe | 3 | |
| eventvwr.exe | 1 | |
| gpresult.exe | 2 | |
| gpupdate.exe | 16 |
gladiatx0r
/ Workstation-Takeover.md
Last active
June 23, 2024 22:01
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
johnkhbaek
/ msbuild_ntqueueapcthread
Last active
October 19, 2021 15:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj --> | |
| <!-- Save This File And Execute The Above Command --> | |
| <!-- Original Author: Casey Smith, Twitter: @subTee --> | |
| <!-- Modified by John Baek, @exploitpreacher to use ntqueueapcthread (https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop) --> | |
| <!-- License: BSD 3-Clause --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> |