This guide is unmaintained and was created for a specific workshop in 2017. It remains as a legacy reference. Use at your own risk.
Workshop Instructor:
- Lilly Ryan @attacus_au
This workshop is distributed under a CC BY-SA 4.0 license.
ilya ilyaglow
brianreitz
/ msobjs_message_table.txt
Last active
December 6, 2023 13:03
msobjs.dll Message Table by MessageID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %%279 : Undefined Access (no effect) Bit 7 | |
| %%1536 : Unused message ID | |
| %%1537 : DELETE | |
| %%1538 : READ_CONTROL | |
| %%1539 : WRITE_DAC | |
| %%1540 : WRITE_OWNER | |
| %%1541 : SYNCHRONIZE | |
| %%1542 : ACCESS_SYS_SEC | |
| %%1543 : MAX_ALLOWED | |
| %%1552 : Unknown specific access (bit 0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |
ropnop
/ kinit_brute.sh
Last active
June 6, 2021 18:23
A quick tool to bruteforce an AD user's password by requesting TGTs from the Domain Controller with 'kinit'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Title: kinit_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
| # Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
jgamblin
/ newtoday.r
Last active
December 2, 2017 12:15
Find New Domains For Today On Cisco's Top 1 Million Lists.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| library(leaflet) | |
| library(ipapi) | |
| #devtools::install_github("hrbrmstr/ipapi") | |
| library(tidyverse) | |
| # Get Todays List | |
| if (file.exists(fn)) file.remove(fn) | |
| temp <- tempfile() | |
| download.file("http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip",temp) | |
| unzip(temp, "top-1m.csv") |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
attacus
/ riot-matrix-workshop.md
Last active
March 13, 2024 00:16
Create your own encrypted chat server with Riot and Matrix
simonw
/ recover_source_code.md
Last active
May 21, 2024 19:04
How to recover lost Python source code if it's still resident in-memory
I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6
apt-get update && apt-get install gdb
patrickmslatteryvt
/ Docker API via the Unix socket.md
Last active
February 28, 2024 18:48
# Pull the necessary images:
docker pull nathanleclaire/curl:latest
docker pull openjdk:8u111-jre-alpine
# Start the controller container, note that it has RW access to the Docker API socket:
docker run \
-ti \
--rm \
atoponce
/ gist:07d8d4c833873be2f68c34f9afc5a78a
Last active
May 14, 2024 00:59
— forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from
NewerOlder