Skip to content

Instantly share code, notes, and snippets.

View jonz-secops's full-sized avatar

jonz-secops-offsec jonz-secops

  • Mountain State, USA
View GitHub Profile
jonz-secops / cloud_metadata.txt
Created August 31, 2023 21:29 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
View cloud_metadata.txt
## AWS
jonz-secops / shodan_query_notebook.ipynb
Created August 22, 2023 22:52 — forked from Cdaprod/shodan_query_notebook.ipynb
Shodan Query Notebook and Visualization
View shodan_query_notebook.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
jonz-secops / PowerShell Command Line Logging
Created August 4, 2023 18:02 — forked from gfoss/PowerShell Command Line Logging
Detect and alert on nefarious PowerShell command line activity
View PowerShell Command Line Logging
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions
Log Source Type:
MS Event Log for Win7/Win8/2008/2012 - PowerShell
Add this file to your PowerShell directory to enable verbose command line audit logging
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true
jonz-secops /
Last active June 26, 2023 16:55 — forked from willurd/
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
jonz-secops /
Created May 22, 2023 20:59 — forked from Chaser324/
GitHub Standard Fork & Pull Request Workflow

Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on.

In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project.

Creating a Fork

Just head over to the GitHub page and click the "Fork" button. It's just that simple. Once you've done that, you can use your favorite git client to clone your repo or j

jonz-secops /
Created April 10, 2023 18:06 — forked from Neo23x0/
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16)
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" <. Often used by Emotet (UTF-16)
jonz-secops / oauthServer.go
Created March 16, 2023 23:29 — forked from invokethreatguy/oauthServer.go
A mini OAuth server for Azure
View oauthServer.go
package main
import (
jonz-secops / Windows Defender Exclusions VS 2019.ps1
Created July 14, 2022 14:51 — forked from Braytiner/Windows Defender Exclusions VS 2019.ps1
Adds Windows Defender exclusions for Visual Studio 2019
View Windows Defender Exclusions VS 2019.ps1
$userPath = $env:USERPROFILE
$pathExclusions = New-Object System.Collections.ArrayList
$processExclusions = New-Object System.Collections.ArrayList
$pathExclusions.Add('C:\source\repos') > $null
$pathExclusions.Add('C:\Windows\Microsoft.NET') > $null
$pathExclusions.Add('C:\Windows\assembly') > $null
$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio') > $null
$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio Services') > $null
$pathExclusions.Add($userPath + '\AppData\Local\GitCredentialManager') > $null
View Advanced queries for Logseq
- This page is a collection of some of the Advanced queries from the [[Datalog]] channel on the [[Logseq/Discord]] server. #datalog
id:: 61db13f4-75e8-4f87-ad60-3ac3479c5fc8
- ### Resources
- [link: The first message on the datalog channel](
- [link: Logseq docs - Advanced queries](
- [link: Logseq datascript schema](
- [link: Logseq frontend db model](
- [link: How to Graph Your Data - talk by Paula Gearon](
- [link: Domain modelling with datalog - talk by Norbert Wojtowicz](
- [link: Athens Research ClojureFam](
jonz-secops / EventDiff.ps1
Created May 31, 2022 23:54 — forked from mgraeber-rc/EventDiff.ps1
Display only new event log events - I refer to this as event log differential analysis
View EventDiff.ps1
# Log the time prior to executing the action.
# This will be used as parth of an event log XPath filter.
$DateTimeBefore = [Xml.XmlConvert]::ToString((Get-Date).ToUniversalTime(), [System.Xml.XmlDateTimeSerializationMode]::Utc)
# Do the thing now that you want to see potential relevant events surface...
$null = Mount-DiskImage -ImagePath "$PWD\FeelTheBurn.iso" -StorageType ISO -Access ReadOnly
# Allow a moment to allow events to populate
Start-Sleep -Seconds 5