Skip to content

Instantly share code, notes, and snippets.

View tmux aliases
alias tmconf='vim ~/.tmux.conf'
alias tmls='tmux ls'
alias tmsess='tmux attach -t'
alias tmcolors='for i in {0..255}; do printf "\x1b[38;5;${i}mcolor%-5i\x1b[0m" $i ; if ! (( ($i + 1 ) % 8 )); then echo ; fi ; done'
alias tmnew='tmux new -s'
alias tmload='tmux source-file ~/.tmux.conf'
alias tmlayout='tmux list-windows | sed -n "s/.*layout \(.*\)] @.*/\1/p"'
alias mux='tmuxinator'
View convert.sh
#!/bin/bash
# Converts AD pwdlastset field to readable date
# Kudos: https://www.adminsys.ch/2013/07/31/convert-active-directory-pwdlastset-attribute-readable-time/
function convert {
unixepoc=$((($1/10000000)-11644473600))
adlastset=$(/bin/date -d "1970-01-01 ${unixepoc} sec GMT")
echo -e ${adlastset}
}
@curi0usJack
curi0usJack / sources.list
Created Apr 25, 2019 — forked from h0bbel/sources.list
/etc/apt/sources.list for Ubuntu 18.04.1 LTS Bionic Beaver
View sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
View msbuild_ghostpack_seatbelt.txt
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Target Name="NotSubTee">
<BusinessTime />
</Target>
<UsingTask
TaskName="BusinessTime"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<ParameterGroup/>
<Task>
@curi0usJack
curi0usJack / aai_bash_aliases
Created Aug 17, 2018
Advanced Attack Infrastructure Training Aliases
View aai_bash_aliases
alias vim='sudo vim'
alias nano='sudo nano'
alias vi='sudo vi'
alias aplog='sudo tail -f /var/log/apache2/CHANGEME.log'
alias apedit='sudo nano /etc/apache2/sites-available/CHANGEME.conf'
alias apstart='sudo service apache2 start'
alias apstop='sudo service apache2 stop'
alias apload='sudo service apache2 reload'
View cbapi-ps-lsass-loop.py
# Carbon Black Evil PowerShell LSASS Query
#
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe
#
# Author: Jason Lang (@curi0usJack)
#
# Prereqs (Windows 10)
# Install bash on Win10
# sudo apt-get install python-pip
# sudo pip install --upgrade requests
View calc2.sct
<?XML version="1.0"?>
<scriptlet>
<registration
classid="{00000001-0001-0001-0001-0000DEADBEEF}"
remotable="true"
>
</registration>
<script language="JScript">
View calc.sct
<?XML version="1.0"?>
<scriptlet>
<registration
progid="COMHijackTesting"
remoteable="true"
version="1.00"
classid="{00000001-0001-0001-0001-0000DEADBEEF}" >
</registration>
View graylog_custom_index_mapping.json
{
"template": "graylog_*",
"mappings" : {
"message" : {
"properties" : {
"CommandLine" : {
"type" : "string",
"index" : "analyzed"
},
"ScriptBlockText" : {
View graylog_sigma_queries
# This is not my work. All credit goes to https://github.com/Neo23x0/sigma. I just used the tool to convert to graylog format,
# skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error.
rules/application/appframework_django_exceptions.yml
("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied")