Skip to content

Instantly share code, notes, and snippets.

View jmo3's full-sized avatar

jmo3

5 followers · 17 following
View GitHub Profile
@mattifestation
mattifestation / EnableAMSILogging.ps1
Last active August 21, 2025 16:06
Enables AMSI logging to the AMSI/Operational event log
$AutoLoggerName = 'MyAMSILogger'
$AutoLoggerGuid = "{$((New-Guid).Guid)}"
New-AutologgerConfig -Name $AutoLoggerName -Guid $AutoLoggerGuid -Start Enabled
Add-EtwTraceProvider -AutologgerName $AutoLoggerName -Guid '{2A576B87-09A7-520E-C21A-4942F0271D67}' -Level 0xff -MatchAnyKeyword ([UInt64] (0x8000000000000001 -band ([UInt64]::MaxValue))) -Property 0x41
@jermdw
jermdw / tanium_hunting_questions.md
Last active January 2, 2024 18:50
Tanium Hunting Questions

Tanium Hunting Questions

Initial Infection

New Scripts in Webroot Paths

Get "Trace File Operations[unlimited, 1488479715768|1488483314768, 1, 0, 0, 10, .*\\wwwroot\\.*\.(asp|aspx|cfm|jsp|php), CreateNewFile, , , ]" from all machines
@delay
delay / slack-layout.html
Created October 21, 2017 05:51
slack semantic ui layout
<html>
<head>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.2.9/semantic.min.css" />
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.2.9/semantic.min.js"></script>
<style>
body {
margin: 0;
padding: 0;
@Zoramite
Zoramite / jinja_deps.py
Last active July 22, 2019 01:04
Jinja2 Dependency Detection
"""Test how the Jinja templates"""
import os
import jinja2
from jinja2.ext import Extension
class DependenciesExt(Extension):
"""This extension attempts to track the dependencies used in a template."""
def filter_stream(self, stream):
@jtschichold
jtschichold / minemeld-sync.py
Last active January 22, 2024 17:31
Utility for synchronizing a list of indicators with a MineMeld local DB Miner (Python 2.7.9+)
#!/usr/bin/env python
# Copyright 2015-present Palo Alto Networks, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
@Te-k
Te-k / shadowbrokers-processes.csv
Created April 16, 2017 03:24
ShadowBrokers list of processes
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
000stthk.exe|Toshiba Hotkey Configuration|NONE
007ssinstall.exe|007 Spy Software|NONE
00thotkey.exe|Toshiba Keyboard Helper|NONE
123downloadsuk[1].exe|123Mania Hijacker|NONE
12popup.exe|12Ghosts Popup-Killer|NONE
153.exe|??? Dialer.W32.153 ???|MALICIOUS_SOFTWARE
180sainstalleradperform.exe|180Solutions Zango|NONE
180sainstallernusac.exe|180SearchAssistant|NONE
1xconfig.exe|SCM MicroSystems Helper|NONE
2portalmon.exe|2wSysTray|NONE
@sxslex
sxslex / template_jijja2.py
Last active August 2, 2019 02:36
exemplo jinja2 tojson
def template(html, **params):
import jinja2
env = jinja2.Environment(loader=FileSystemLoader(''))
def tojson(s):
import json
return json.dumps(s)
env.filters['tojson'] = tojson
@davidgilbertson
davidgilbertson / good-enough.css
Last active July 4, 2018 09:12
body {
color: #212121;
font-family: "Helvetica Neue", "Calibri Light", Roboto, sans-serif;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
letter-spacing: 0.02em;
}
@minniel
minniel / gist:58a930e09c05792699716501c6cbb460
Created November 11, 2016 15:53 — forked from levelsio/gist:122907e95956602e5c09
slack2html
<?
/////////////////////
// slack2html
// by @levelsio
/////////////////////
//
/////////////////////
// WHAT DOES THIS DO?
/////////////////////
//
@toioski
toioski / guide.md
Created November 2, 2016 20:16
Import OVA/OVF virtual machine to Parallels Desktop
  1. Open OVA/OVF file with VirtualBox
  2. Right click the virtual machine and select 'Clone'
  3. Import the generated .vbox file with Parallels Desktop