(C-x means ctrl+x, M-x means alt+x)
The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:
luxcupitor
RamblingCookieMonster
/ Get-WinEventData and Sysmon.ps1
Last active
October 29, 2022 14:28
Extract detailed data from Sysmon event logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download and dot source Get-WinEventData | |
| # https://gallery.technet.microsoft.com/scriptcenter/Get-WinEventData-Extract-344ad840 | |
| . "\\path\to\Get-WinEventData.ps1" | |
| # Download and Set up Sysmon as desired | |
| # http://technet.microsoft.com/en-us/sysinternals/dn798348 | |
| # http://www.darkoperator.com/blog/2014/8/8/sysinternals-sysmon | |
| #Use Get-WinEvent and Get-WinEventData to obtain events and extract XML data from them - let's see all the properties behind one! | |
| Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Sysmon/Operational";id=3} | |
gdbassett
/ bulk_netflow_import.py
Created
November 20, 2014 02:51
A script to bulk import netflow records into a Neo4j graph database. Designed for efficiency, can import roughly 1 million flows every 2 hours.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- encoding: utf-8 -*- | |
| """ | |
| AUTHOR: Gabriel Bassett | |
| DATE: 11-19-2014 | |
| DEPENDENCIES: py2neo | |
| Copyright 2014 Gabriel Bassett | |
mattifestation
/ drop_binary.bat
Created
July 12, 2015 05:49
Drop binary data from the command line w/o needing PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo -----BEGIN CERTIFICATE----- > encoded.txt | |
| echo Just Base64 encode your binary data | |
| echo TVoAAA== >> encoded.txt | |
| echo -----END CERTIFICATE----- >> encoded.txt | |
| certutil -decode encoded.txt decoded.bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Threading; | |
| using System.Windows.Forms; | |
| class Program { | |
| [DllImport("user32.dll")] | |
| static extern short GetAsyncKeyState(Keys vKey); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function join($path) | |
| { | |
| $files = Get-ChildItem -Path "$path.*.part" | Sort-Object -Property @{Expression={ | |
| $shortName = [System.IO.Path]::GetFileNameWithoutExtension($_.Name) | |
| $extension = [System.IO.Path]::GetExtension($shortName) | |
| if ($extension -ne $null -and $extension -ne '') | |
| { | |
| $extension = $extension.Substring(1) | |
| } | |
| [System.Convert]::ToInt32($extension) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| -------- dllinjshim.cpp -------- | |
| > cl /Fe:dllinjshim.exe dllinjshim.cpp | |
| > dllinjshim.exe | |
| > sdbinst moo.sdb | |
| /!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called | |
| in `SdbGetDllPath` which will check the DLL name against the following list: |
Make sure all required build tools are installed at build server.
- Install Runner on build server (download the version for OS).
- Configure runner. Enter URL and token from Project > settings > runners page. Choose executor as shell.
- Start command prompt with normal (DO NOT start as Administrator).
$ gitlab-runner register
$ gitlab-runner run
Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*
- Reconnaissance
- Passive/Semi-Passive
- Tools
- Passive/Semi-Passive
- Discover - https://github.com/leebaird/discover
ryhanson
/ ExcelXLL.md
Last active
March 29, 2024 05:27
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method
A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.
When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.
The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN
The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc
OlderNewer