Skip to content

Instantly share code, notes, and snippets.

View jlawhon's full-sized avatar

JL jlawhon

20 followers · 37 following
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active June 28, 2024 12:07
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@nullenc0de
nullenc0de / apk_relative_links.txt
Created August 13, 2021 00:07
@0xmachos
0xmachos / macOS-IR-Forensics.md
Last active July 4, 2024 09:46
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
@fr0gger
fr0gger / DhashIcon.py
Last active November 30, 2023 11:36
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Thomas Roccia | IconDhash.py
# pip3 install lief
# pip3 install pillow
# resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html
import lief
import os
import argparse
@mgraeber-rc
mgraeber-rc / log_nothing.xml
Created March 16, 2021 14:43
A sysmon configuration that defaults to logging nothing. I use this as a baseline configuration for testing purposes where I can selectively turn on log sources by changing "include" to "exclude"
<Sysmon schemaversion="4.50">
<HashAlgorithms>md5,sha256</HashAlgorithms>
<EventFiltering>
<!--Event ID 1: Process creation-->
<ProcessCreate onmatch="include"></ProcessCreate>
<!--Event ID 2: A process changed a file creation time-->
<FileCreateTime onmatch="include"></FileCreateTime>
<!--Event ID 3: Network connection-->
<NetworkConnect onmatch="include"></NetworkConnect>
<!--Event ID 5: Process terminated-->
@jdhitsolutions
jdhitsolutions / Get-ADUserAudit.ps1
Last active February 18, 2024 05:18
A PowerShell function and format file for getting Active Directory user management events from the security event logs on domain controllers.
#requires -version 5.1
#requires -module ActiveDirectory
#you might need to increase the size of the Security eventlog
# limit-eventlog -LogName security -ComputerName dom2,dom1 -MaximumSize 1024MB
Function Get-ADUserAudit {
[cmdletbinding()]
Param(
[Parameter(Position=0,HelpMessage = "Specify one or more domain controllers to query.")]
@muff-in
muff-in / resources.md
Last active June 29, 2024 02:00
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@henrik242
henrik242 / Disable Device Enrollment Program (DEP) notification on macOS Ventura.md
Last active July 2, 2024 16:31 — forked from sghiassy/Disable Device Enrollment Notification on Mac.md
@dmaasland
dmaasland / Invoke-Procdump.ps1
Created November 27, 2019 12:28
$Source = @"
using System;
using System.Runtime.InteropServices;
namespace ProcDump {
public static class DbgHelp {
[DllImport("Dbghelp.dll")]
public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
}
}
@williballenthin
williballenthin / macOS_savedstate.py
Last active April 20, 2024 21:13
parse macOS savedState files
'''
parse SavedState artifacts extracted from OSX.
author: Willi Ballenthin (william.ballenthin@fireeye.com)
license: Apache 2.0
'''
import re
import sys
import json
import struct