This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Run this script on the agent.log file after you've run the situational_awareness/network/powerview/get_user module. | |
# userdata.log file is pipe delimited. | |
import sys | |
import os | |
class User: | |
UserName = "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"template": "graylog_*", | |
"mappings" : { | |
"message" : { | |
"properties" : { | |
"CommandLine" : { | |
"type" : "string", | |
"index" : "analyzed" | |
}, | |
"ScriptBlockText" : { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alias vim='sudo vim' | |
alias nano='sudo nano' | |
alias vi='sudo vi' | |
alias aplog='sudo tail -f /var/log/apache2/CHANGEME.log' | |
alias apedit='sudo nano /etc/apache2/sites-available/CHANGEME.conf' | |
alias apstart='sudo service apache2 start' | |
alias apstop='sudo service apache2 stop' | |
alias apload='sudo service apache2 reload' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Carbon Black Evil PowerShell LSASS Query | |
# | |
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe | |
# | |
# Author: Jason Lang (@curi0usJack) | |
# | |
# Prereqs (Windows 10) | |
# Install bash on Win10 | |
# sudo apt-get install python-pip | |
# sudo pip install --upgrade requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
set PROMPT %red%L %yel%J %grn%S %blu%D | |
load nessus | |
load alias | |
alias j "jobs -v" | |
alias s "sessions -v" | |
alias -f w "workspace" | |
alias so "show options" | |
alias sa "show advanced" | |
alias -f e "exploit -j -z" | |
alias um "use multi/handler" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to | |
# newer versions of the distribution. | |
deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted | |
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted | |
## Major bug fix updates produced after the final release of the | |
## distribution. | |
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted | |
# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Converts AD pwdlastset field to readable date | |
# Kudos: https://www.adminsys.ch/2013/07/31/convert-active-directory-pwdlastset-attribute-readable-time/ | |
function convert { | |
unixepoc=$((($1/10000000)-11644473600)) | |
adlastset=$(/bin/date -d "1970-01-01 ${unixepoc} sec GMT") | |
echo -e ${adlastset} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add to your .bashrc. May need to tweak the ifconfig output for your distro. | |
# Ubuntu | |
PROMPT_COMMAND='PS1="\[\033[01;34m\][\u.\h \[\033[0;33m\]`ifconfig eth0 2>/dev/null | sed -n 2,2p | cut -d":" -f 2| cut -d" " -f 1`: \[\033[32m\]\`if [[ `pwd|wc -c|tr -d " "` > 18 ]]; then echo "\\W"; else echo "\\w"; fi\`]\$\[\033[0m\] "' | |
# Kali | |
PROMPT_COMMAND='PS1="\[\033[01;34m\][\u.\h \[\033[0;33m\]`ifconfig eth1 2>/dev/null | sed -n 2,2p | awk {'"'"'print $2'"'"'}`: \[\033[32m\]\`if [[ `pwd|wc -c|tr -d " "` > 18 ]]; then echo "\\W"; else echo "\\w"; fi\`]\$\[\033[0m\] "' | |
# AWS EC2 | |
PROMPT_COMMAND='PS1="\[\033[01;34m\][\u.\h \D{%F %T} \[\033[0;33m\]`curl http://169.254.169.254/latest/meta-data/public-ipv4 2>/dev/null`: \[\033[32m\]\`if [[ `pwd|wc -c|tr -d " "` > 18 ]]; then echo "\\W"; else echo "\\w"; fi\`]\n\$\[\033[0m\] "' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is not my work. All credit goes to https://github.com/Neo23x0/sigma. I just used the tool to convert to graylog format, | |
# skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error. | |
rules/application/appframework_django_exceptions.yml | |
("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied") | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alias tmconf='vim ~/.tmux.conf' | |
alias tmls='tmux ls' | |
alias tmsess='tmux attach -t' | |
alias tmcolors='for i in {0..255}; do printf "\x1b[38;5;${i}mcolor%-5i\x1b[0m" $i ; if ! (( ($i + 1 ) % 8 )); then echo ; fi ; done' | |
alias tmnew='tmux new -s' | |
alias tmload='tmux source-file ~/.tmux.conf' | |
alias tmlayout='tmux list-windows | sed -n "s/.*layout \(.*\)] @.*/\1/p"' | |
alias mux='tmuxinator' |
OlderNewer