Skip to content

Instantly share code, notes, and snippets.

@marcosd4h
marcosd4h / secedit_output.txt
Created October 10, 2022 15:46
Comparison between secedit.exe and osquery system security tables output
Command
--------
secedit.exe /export /areas SECURITYPOLICY /cfg secedit_output.txt
Output
------
[Unicode]
Unicode=yes
@marcosd4h
marcosd4h / poc_issue.go
Created September 30, 2022 23:52
Process enumeration issue with gopsutil package
package main
import (
"errors"
"fmt"
"strings"
"syscall"
"time"
"unsafe"
@marcosd4h
marcosd4h / gist:a4cadedcbd0debaf254823d227ec6a39
Created September 22, 2022 21:54
ETW trace on the Microsoft-Windows-Services ETW provider
[
{
"header":{
"activity_id":"{00000000-0000-0000-0000-000000000000}",
"event_flags":576,
"event_id":103,
"event_name":"",
"event_opcode":1,
"event_version":0,
"process_id":644,
@marcosd4h
marcosd4h / tuf_hash_checker.ps1
Created September 21, 2022 14:37
TUF SHA512 hash dump
param (
[string]$tufFile = $(throw "-tufFile is required."),
[string]$rootUrl = "https://tuf.fleetctl.com/"
)
#Main logic
$ErrorActionPreference = 'Stop'
#File checks
if (!(Test-Path $tufFile))