Skip to content

Instantly share code, notes, and snippets.

View tmux aliases
alias tmconf='vim ~/.tmux.conf'
alias tmls='tmux ls'
alias tmsess='tmux attach -t'
alias tmcolors='for i in {0..255}; do printf "\x1b[38;5;${i}mcolor%-5i\x1b[0m" $i ; if ! (( ($i + 1 ) % 8 )); then echo ; fi ; done'
alias tmnew='tmux new -s'
alias tmload='tmux source-file ~/.tmux.conf'
alias tmlayout='tmux list-windows | sed -n "s/.*layout \(.*\)] @.*/\1/p"'
alias mux='tmuxinator'
# Converts AD pwdlastset field to readable date
# Kudos:
function convert {
adlastset=$(/bin/date -d "1970-01-01 ${unixepoc} sec GMT")
echo -e ${adlastset}
curi0usJack / sources.list
Created Apr 25, 2019 — forked from h0bbel/sources.list
/etc/apt/sources.list for Ubuntu 18.04.1 LTS Bionic Beaver
View sources.list
# See for how to upgrade to
# newer versions of the distribution.
deb bionic main restricted
# deb-src bionic main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb bionic-updates main restricted
# deb-src bionic-updates main restricted
View msbuild_ghostpack_seatbelt.txt
<Project ToolsVersion="4.0" xmlns="">
<Target Name="NotSubTee">
<BusinessTime />
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
curi0usJack / aai_bash_aliases
Created Aug 17, 2018
Advanced Attack Infrastructure Training Aliases
View aai_bash_aliases
alias vim='sudo vim'
alias nano='sudo nano'
alias vi='sudo vi'
alias aplog='sudo tail -f /var/log/apache2/CHANGEME.log'
alias apedit='sudo nano /etc/apache2/sites-available/CHANGEME.conf'
alias apstart='sudo service apache2 start'
alias apstop='sudo service apache2 stop'
alias apload='sudo service apache2 reload'
# Carbon Black Evil PowerShell LSASS Query
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe
# Author: Jason Lang (@curi0usJack)
# Prereqs (Windows 10)
# Install bash on Win10
# sudo apt-get install python-pip
# sudo pip install --upgrade requests
View calc2.sct
<?XML version="1.0"?>
<script language="JScript">
View calc.sct
<?XML version="1.0"?>
classid="{00000001-0001-0001-0001-0000DEADBEEF}" >
View graylog_custom_index_mapping.json
"template": "graylog_*",
"mappings" : {
"message" : {
"properties" : {
"CommandLine" : {
"type" : "string",
"index" : "analyzed"
"ScriptBlockText" : {
View graylog_sigma_queries
# This is not my work. All credit goes to I just used the tool to convert to graylog format,
# skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error.
("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied")