nasbench

# Source: System.Management.Automation.dll
# This list is used to determin if a ScriptBlock contains potential suspicious content
# If a match is found an automatic 4104 with a "warning" level is generated.
# https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs
- "Add-Type"
- "AddSecurityPackage"
- "AdjustTokenPrivileges"
- "AllocHGlobal"
- "BindingFlags"
- "Bypass"

mgreen27

#!/bin/bash
# 
# Author: Matt Green - @mgreen27
# Description: script to download and build x64 and x86 Velociraptor local live response tool
# 3rd party binaries embedded in output files
# Linux requirements: wget, curl, zip
# Tested: Velociraptor 0.3.7

# latest Velociraptor release binary from github
LINUX="$(curl -s https://api.github.com/repos/Velocidex/velociraptor/releases/latest  | grep browser_download_url | cut -d '"' -f 4 | grep linux-amd64)"

Neo23x0

/*
WARNING:
 
the newest version of this rule is now hosted here:
https://github.com/Neo23x0/god-mode-rules/blob/master/godmode.yar
*/


/*
      _____        __  __  ___        __      

jaredcatkinson

function Get-InjectedThread
{
    <# 
    
    .SYNOPSIS 
    
    Looks for threads that were created as a result of code injection.
    
    .DESCRIPTION
    

jb510

1. Place homebrewupdate.sh where ever you like, I use ~/bin/homebrewupdate.sh
2. Place the .plist file in ~/Library/LaunchAgents and update the path to your bash script
3. run launchctl load ~/Library/LaunchAgents/com.jb510.homebrewupdate.plist or whatever you've named your plist file.
4. check launchctl list | grep jb510 to see that it's running

Note: You might need to chmod +x homebrewupdate.sh

Note 2: you can run this manually to test your script ~/bin/homebrewupdate.sh

Future: Update this to also update casks https://github.com/buo/homebrew-cask-upgrade or using brew cask list | xargs brew cask reinstall