Skip to content

Instantly share code, notes, and snippets.

View christian-taillon's full-sized avatar

christian christian-taillon

View GitHub Profile
christian-taillon / Get-InjectedThread.ps1
Created January 30, 2023 20:48 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
Looks for threads that were created as a result of code injection.
christian-taillon / inputs.conf
Created January 6, 2023 21:35 — forked from automine/inputs.conf
Nice windows event blacklisting
disabled = 0
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
blacklist3 = EventCode="4688" Message="New Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)"
blacklist4 = EventCode="4689" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)"
christian-taillon / cmd.jsp
Created April 8, 2022 18:26 — forked from nikallass/cmd.jsp
Simple JSP cmd shell
<%@ page import="java.util.*,*"%>
Commands with JSP
<INPUT TYPE="text" NAME="cmd">
<INPUT TYPE="submit" VALUE="Send">

You need spice-vdagent

Debian or Kali Linux installed to as KVM guests do not automatically have qemu-guest-agent or spice-vdagent installed. This will prevent seamless movement of the mouse cursor between the guest and host desktop in Virtual Machine Manager (requiring the use of a Ctrl-Alt to release the cursor from the guest window).

To cure this, install both qemu-guest-agent and spice-vdagent on each guest and reboot (the guests).

$ sudo apt install qemu-guest-agent
$ sudo apt install spice-vdagent