Skip to content

Instantly share code, notes, and snippets.

View jaredhaight's full-sized avatar

Jared Haight jaredhaight

399 followers · 4 following
  • Trimarc Security
  • San Diego, CA
View GitHub Profile
@jaredhaight
jaredhaight / PPID Spoof & BlockDLLs
Created January 15, 2020 22:42 — forked from rasta-mouse/PPID Spoof & BlockDLLs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
{
class Program
{
static void Main(string[] args)
{
@jaredhaight
jaredhaight / kerberos_attacks_cheatsheet.md
Created August 28, 2019 02:52 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@jaredhaight
jaredhaight / katz.cs
Created August 1, 2018 00:35
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018...
This file has been truncated, but you can view the full file.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
/*
@jaredhaight
jaredhaight / bash_prompt.sh
Created July 29, 2018 18:50 — forked from insin/bash_prompt.sh
Set color bash prompt according to active virtualenv, git branch and return status of last command.
#!/bin/bash
#
# DESCRIPTION:
#
# Set the bash prompt according to:
# * the active virtualenv
# * the branch/status of the current git repository
# * the return value of the previous command
# * the fact you just came from Windows and are used to having newlines in
# your prompts.
@jaredhaight
jaredhaight / windows_hardening.cmd
Last active April 28, 2024 16:59 — forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS.
::
::#######################################################################
::
:: Change file associations to protect against common ransomware attacks
:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell
:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)
:: ---------------------
ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"
@jaredhaight
jaredhaight / Invoke-Kerberoast.ps1
Created November 1, 2016 21:54
Get Kerberoastable SPNs
<#
Invoke-Kerberoast.ps1
Author: Will Schroeder (@harmj0y), @machosec
License: BSD 3-Clause
Required Dependencies: None
Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast).
Note: the primary method of use will be Invoke-Kerberoast with various targeting options.
@jaredhaight
jaredhaight / Invoke-MimikatzSharp.cs.ps1
Created December 22, 2015 15:34
Invoke-Mimikatz.cs.ps1 Invokes x86 or x64 Mimiktaz Inside of PowerShell Process
$Source = @"
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;