jbarcia

Keybase proof

I hereby claim:

• I am jbarcia on github.
• I am josephbarcia (https://keybase.io/josephbarcia) on keybase.
• I have a public key whose fingerprint is 4700 BEC7 8292 C129 B57B 6CCF 3C65 8F3B BB27 3BE5

To claim this, I am signing this object:

jbarcia

function Get-DownloadedPEHashes
{
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true, Position=0)]
        [String]$Path,
        [Switch]$Recursive = $true
    )

    if (!$Path.EndsWith('\')) 

jbarcia

#!/usr/bin/env ruby
# -*- coding: binary -*-

#
# Poison a system's NetBIOS resolver for the WPAD name (not BadTunnel)
#
#      Usage: ruby netbios-brute-local.rb <evil-wpad-server> <target-ip> <target-port> <pps>
#    Contact: x[at]hdm.io
#    License: https://opensource.org/licenses/BSD-2-Clause
#

jbarcia

#!/usr/bin/env ruby
# -*- coding: binary -*-

#
# Poison a system's NetBIOS resolver for the WPAD name from outside NAT (not BadTunnel)
#
#      Usage: ruby netbios-brute-nat.rb <evil-wpad-server> <pps>
#    Contact: x[at]hdm.io
#    License: https://opensource.org/licenses/BSD-2-Clause
#

jbarcia

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;

namespace Export
{
    class Test
    {

jbarcia

#!/bin/bash

# update apt-get
export DEBIAN_FRONTEND="noninteractive"
sudo apt-get update

# remove previously installed Docker
sudo apt-get purge lxc-docker*
sudo apt-get purge docker.io*

jbarcia

This is a list of SQL Server commands that support UNC path [injections] by default.
The injections can be used to capture or replay the NetNTLM password hash of the
Windows account used to run the SQL Server service. The SQL Server service account 
has sysadmin privileges by default in all versions of SQL Server.

Note: This list is most likely not complete.

-----------------------------------------------------------------------
-- UNC Path Injections Executable by the Public Fixed Server Role 
-----------------------------------------------------------------------

jbarcia

<#

Invoke-Kerberoast.ps1
Author: Will Schroeder (@harmj0y), @machosec
License: BSD 3-Clause
Required Dependencies: None

Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast).

Note: the primary method of use will be Invoke-Kerberoast with various targeting options.

jbarcia

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes c# code. -->
  <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml -->
   <!-- Author: Casey Smith, Twitter: @subTee -->
  <!-- License: BSD 3-Clause -->
  <PropertyGroup>
      <FunctionName Condition="'$(FunctionName)' == ''">None</FunctionName>
      <Cmd Condition="'$(Cmd)' == ''">None</Cmd>
    </PropertyGroup>
  <Target Name="Hello">

jbarcia

# Get-SystemDriver requires the ConfigCI module on Win10 Enterprise
# This will collect all signer information for all PEs in C:\
# This will take a while!!!
$Signers = Get-SystemDriver -ScanPath C:\ -UserPEs

# Associate the subject name of each certificate to the file/signer info
# so we can correlate the two.
$CertSubjectMapping = $Signers | % {
    $Signer = $_