| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
| #!/bin/bash | |
| ipt4='/sbin/iptables' | |
| ipt6='/sbin/ip6tables' | |
| for i in $ipt4 $ipt6; do | |
| # Flush Rules | |
| echo 'Flushing IPTables: ' $i | |
| $i -F | |
| $i -X |
| ########################### | |
| # Bash ~/.bashrc | |
| ########################### | |
| function CONPS() { | |
| n=$1 | |
| export PS1='\n$n \D{%F %T}\n> ' | |
| } | |
| alias consult00='CONPS Consult00; cd ~/Documents/consult00' |
| Disable Windows Defender | |
| NOTE: These settings may be permeant. | |
| • Get-MpComputerStatus | |
| • Set-MpPreference -DisableRealtimeMonitoring $true | |
| • Set-MpPreference -DisableBehaviorMonitoring $true | |
| • Set-MpPreference -DisableIntrusionPreventionSystem $true | |
| • Set-MpPreference -DisableIOAVProtection $true | |
| • Set-MpPreference -DisableScriptScanning $true | |
| • Get-MpComputerStatus |
PCAPs Resources
• Download PCAPs
○ Free PCAPS: https://www.netresec.com/?page=PcapFiles
○ SecRepo: https://www.secrepo.com/
• ICS Port Numbers
○ IPv4 Multicast Addresses
§ https://www.iana.org/assignments/multicast-addresses/multicast-addresses.txt
○ Old Digital Bond: https://github.com/ITI/ICS-Security-Tools/blob/master/protocols/PORTS.md
| from mitmproxy import http | |
| import paramiko | |
| # Original Example: https://stackoverflow.com/questions/27369144/use-mitmproxy-to-translate-a-form-key-value-to-a-body-post | |
| DEBUG = False | |
| #DEBUG = True | |
| class GetRTUCreds: | |
| localhost = '127.0.0.1' |