This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
#Requires -Module Ctypes | |
Function Split-ExeArgument { | |
[OutputType([string])] | |
[CmdletBinding()] | |
param ( | |
[Parameter(Mandatory, ValueFromPipeline)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import os.path | |
import subprocess | |
import sys | |
import xml.etree.ElementTree as ET | |
def main(): | |
iface = sys.argv[1] | |
hook_case = sys.argv[2] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
#Requires -Module Ctypes | |
#Requires -Version 7.3 | |
Function Get-FileProcess { | |
<# | |
.SYNOPSIS | |
Get the process that has opened the requested file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ctypes_struct WINTRUST_DATA { | |
[int]$cbStruct | |
[IntPtr]$pPolicyCallbackData | |
[IntPtr]$pSIPClientData | |
[int]$dwUIChoice | |
[int]$fdwRevocationChecks | |
[int]$dwUnionChoice | |
[IntPtr]$pCatalog | |
[int]$dwStateAction | |
[IntPtr]$hWVTStateData |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
#Requires -Modules Ctypes | |
#Requires -Version 7.3 | |
Function Get-SignedCatalogFile { | |
<# | |
.SYNOPSIS | |
Gets the .cat file for the specified file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
"""POC for running exe's over RDP | |
This is a very rough attempt at trying to run an exe using a headless RDP | |
connection. It aims to be able to provide an interactive console session as | |
well as a headless one. | |
Requires aardwolf - https://github.com/skelsec/aardwolf as a Python dependency. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2024 Jordan Borean | |
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | |
from __future__ import annotations | |
DOCUMENTATION = """ | |
name: kinit | |
type: aggregate | |
short_description: POC to run kinit on a playbook run. | |
description: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
Function Get-ServiceDacl { | |
<# | |
.SYNOPSIS | |
Gets the service DACL entries. | |
.DESCRIPTION | |
Gets all the DACL entries for the service(s) specified. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
Function Get-PowerShellAssemblyMetadata { | |
<# | |
.SYNOPSIS | |
Gets the cmdlets and aliases in a dotnet assembly. | |
.PARAMETER Path | |
The assembly to inspect. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
Function Test-Tls { | |
[CmdletBinding()] | |
param ( | |
[Parameter(Mandatory)] | |
[string] | |
$HostName, |
NewerOlder