Term | Description | Link(s) |
---|---|---|
Alias | Another email address that people can use to email | |
App Password | An app password is a password that is created within the Azure portal and that allows the user to bypass MFA and continue to use their application. | |
Alternate email address | Required for admins to receive important notifications, or resetting the admin password which cannot be modified by the end users | |
AuditAdmin | ||
AuditDelegate | ||
Delegate | An account with assigned permissions to a mailbox. | |
Display Name | Name that appears in the Address Book & on the TO and From lines on an email. | |
EAC | "Exchange Admin Center" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function New-ModuleOverview { | |
<# | |
.SYNOPSIS | |
Generates a Markdown file with a short description of each public command in a module. | |
.DESCRIPTION | |
Finds all the public commands in a specified module and produces a simple Markdown file detailing the description or synopsis (user choice) for each. | |
.PARAMETER ModuleName | |
Name of the module to generate an overview for. If the module isn't already loaded then it will be loaded. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Uploaded by @JohnLaTwC | |
## Sample hash: fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36 | |
On Error Resume Next | |
Dim objShell : Set objShell = CreateObject("WScript.Shell") | |
If LCase(Right(WScript.FullName, 11)) = "wscript.exe" Then | |
For Each vArg In WScript.Arguments | |
sArgs = sArgs & " """ & vArg & """" | |
Next | |
objShell.Run("cmd.exe /k cscript.exe //nologo " & Chr(34) & WScript.ScriptFullName & Chr(34) & sArgs & " && exit") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
StorageUsage.dll,GetStorageUsageInfo | |
acmigration.dll,ApplyMigrationShims | |
acproxy.DLL,PerformAutochkOperations | |
ppioobe.dll,setupcalendaraccountforuser | |
edgehtml.dll,#125 | |
edgehtml.dll,#133 | |
davclnt.dll,davsetcookie | |
appxdeploymentextensions.onecore.dll,shellrefresh | |
pla.dll,plahost | |
aeinv.dll,updatesoftwareinventory |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
This is a Microsoft Sysmon configuration to be used on Windows workstations | |
v0.2.1 December 2016 | |
Florian Roth (with the help and ideas of others) | |
The focus of this configuration is | |
- malware detection (execution) | |
- malware detection (network connections) | |
- exploit detection | |
It is not focussed on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Id : 1 | |
Version : 0 | |
LogLink : System.Diagnostics.Eventing.Reader.EventLogLink | |
Level : System.Diagnostics.Eventing.Reader.EventLevel | |
Opcode : System.Diagnostics.Eventing.Reader.EventOpcode | |
Task : System.Diagnostics.Eventing.Reader.EventTask | |
Keywords : {, fi:FileNameCreate} | |
Template : <template xmlns="http://schemas.microsoft.com/win/2004/08/events"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
# For detecting dangerous PowerShell Commands/Functions | |
Log Source Type: | |
MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
Add this file to your PowerShell directory to enable verbose command line audit logging | |
profile.ps1 | |
$LogCommandHealthEvent = $true | |
$LogCommandLifeCycleEvent = $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import sys | |
import logging | |
import pefile | |
import ucutils | |
import unicorn | |
import capstone | |
import argparse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
WARNING: | |
the newest version of this rule is now hosted here: | |
https://github.com/Neo23x0/god-mode-rules/blob/master/godmode.yar | |
*/ | |
/* | |
_____ __ __ ___ __ |
OlderNewer