@dtmsecurity dtmsecurity
dtmsecurity
/ mscache.py
Created Oct 24, 2017
Needed a dirty way to convert mimikatz output for mscache to hashcat
View mscache.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import re | |
| # .\hashcat64.exe -m 2100 .\inhash.txt .\rockyou.txt | |
| if len(sys.argv[1]) > 0: | |
| fh = open(str(sys.argv[1]),"r") | |
| lines = fh.readlines() | |
| fh.close() |
dtmsecurity
/ goldfermi.py
Created Jul 27, 2020
Integrate URLs scraped from liked tweets and Notion using the unofficial API
View goldfermi.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib | |
| from bs4 import BeautifulSoup | |
| import tweepy | |
| from urlextract import URLExtract | |
| from notion.client import NotionClient | |
| from notion.block import TodoBlock, BookmarkBlock | |
| import os | |
| from unshortenit import UnshortenIt |
View doh_test.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| printf "===START dns.google.com===\n" | |
| curl -k -H "accept: application/dns-json" "https://dns.google.com/resolve?name=example.com&type=AAAA" | |
| printf "\n===END dns.google.com===\n" | |
| printf "===START cloudflare-dns.com===\n" | |
| curl -k -H "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=example.com&type=AAAA" | |
| printf "\n===END cloudflare-dns.com===\n" | |
| printf "===START 1.1.1.1===\n" | |
| curl -k -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=example.com&type=AAAA" | |
| printf "\n===END 1.1.1.1===\n" |
View ISeeSharpProcess.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| namespace ISeeSharpProcess | |
| { | |
| class Program | |
| { | |
| // Port of https://gist.github.com/mubix/1536156f06633a54e7f1f819d7fa740a | |
| static void GetCSharpProcess() | |
| { |
dtmsecurity
/ SPNs.qds
Created Aug 14, 2020
Find user accounts with servicePrincipalName attribute set in native QDS file
View SPNs.qds
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CommonQuery] | |
| Handler=5EE6238AC231D011891C00A024AB2DBBC1 | |
| Form=E33FEE83D957D011B93200A024AB2DBBE6 | |
| [DsQuery] | |
| ViewMode=0413000017 | |
| EnableFilter=0000000000 | |
| [Microsoft.PropertyWell] | |
| Items=0000000000 | |
| QueryStringLength=4500000045 | |
| QueryStringValue=2800260028006F0062006A0065006300740043006C006100730073003D007500730065007200290028006F0062006A00650063007400430061007400650067006F00720079003D0070006500720073006F006E0029002900280073006500720076006900630065005000720069006E0063006900700061006C004E0061006D0065003D002A0029000000D7 |
View sharpgen.cna
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
| $sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
| $temppath = "/tmp/"; | |
| beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
| alias sharpgen{ | |
| $executionId = "sharpgen_" . int(rand() * 100000); | |
| $temporaryCsharp = $temppath . $executionId . ".cs"; | |
| $executableFilename = $temppath . $executionId . ".exe"; |
View netbios_encode.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Implemented the reverse of the compact answer on: | |
| # https://stackoverflow.com/questions/1965065/encode-netbios-name-python/1965140 | |
| def netbios_encode(input_string): | |
| return ''.join([chr((ord(c)>>4)+ord('A'))+chr((ord(c)&0xF)+ord('A')) for c in input_string]) | |
| def netbios_decode(netbios): | |
| i = iter(netbios.upper()) | |
| try: | |
| return ''.join([chr(((ord(c)-ord('A'))<<4)+((ord(next(i))-ord('A'))&0xF)) for c in i]) |
dtmsecurity
/ getStager.py
Created Nov 8, 2018
Simple test script to get a stager from Cobalt Strike External C2
View getStager.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import struct | |
| def recv_frame(sock): | |
| try: | |
| chunk = sock.recv(4) | |
| except: | |
| return("") | |
| if len(chunk) < 4: | |
| return() |