This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
Write-Warning "This script will not function with administrative privileges. Please run as a normal user." | |
Break | |
} | |
$outfile = "acltestfile" | |
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";") | |
Foreach ($path in $paths) { | |
# This prints a table of ACLs | |
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import re | |
if len(sys.argv) <= 1: exit() | |
scriptpath = sys.argv[1] | |
with open(scriptpath, 'r') as scriptfile: | |
script = scriptfile.read().replace('^', '') | |
p = re.compile('\([Ss][Ee][Tt][^=]+=([^&]+)&&') | |
s = p.search(script) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
' ASR rules bypass creating child processes | |
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
Sub ASR_blocked() | |
Dim WSHShell As Object | |
Set WSHShell = CreateObject("Wscript.Shell") | |
WSHShell.Run "cmd.exe" | |
End Sub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://ghostbin.com/paste/4x325 | |
<o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o> | |
* * * * * * * * * * * * * * * * * * * * * | |
* * | |
* * | |
* The Unofficial * | |
* * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL | |
1. Open Excel | |
2. Click on the active tab | |
3. Select "Insérer" | |
4. Click on "Macro MS Excel 4.0". | |
5. This will create a new worksheet called "Macro1" | |
================================================================================ | |
In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from scapy.all import * | |
from py2neo import Graph, Node, Relationship | |
packets = rdpcap("<your_pcap_file>") | |
g = Graph(password="<your_neo4j_password>") | |
for packet in packets.sessions(): | |
pkt = packet.split() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Unhide all the very hidden sheets in an Office 97 Excel file. | |
from __future__ import print_function | |
import re | |
import sys | |
# Read in the Excel file for which to unhide sheets. | |
fname = sys.argv[1] | |
f = open(fname, 'rb') | |
data = f.read() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
from __future__ import print_function | |
import os | |
import sys | |
try: | |
import olefile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations] | |
"HighRiskFileTypes"=".appinstaller;.application;.appx;.appxbundle;.diagcab;.diagpkg;.diagcfg;.fluid;.fxb;.glb;.gltf;.library-ms;.loop;.msix;.partial;.perfmoncfg;.pko;.ply;.ppkg;.qds;.rat;.resmoncfg;.search-ms;.searchConnector-ms;.settingcontent-ms;.stl;.symlink;.theme;.themepack;.UDL;.url;.wab;.wbcat;.wcx;.website;.whiteboard;.xbap;.ZFSendToTarget;" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
' Proof of Concept: retrieving SSN for syscalling in VBA | |
' Author: Juan Manuel Fernandez (@TheXC3LL) | |
'Based on: | |
'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ | |
'https://www.crummie5.club/freshycalls/ | |
Private Type LARGE_INTEGER |