Skip to content

Instantly share code, notes, and snippets.

@nguyenl95
nguyenl95 / powershell-non-domain-remoting.md
Created Jan 7, 2020 — forked from cmcginty/powershell-non-domain-remoting.md
Windows Powershell Remoting into Non-Domain Joined System
View powershell-non-domain-remoting.md

Powershell Remoting to a Non-Domain Host

  1. From an admin shell, enable PS remoting on the machine you wish to access:
New-ItemProperty -Name LocalAccountTokenFilterPolicy `
  -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System `
  -PropertyType DWord -Value 1

Enable-PsRemoting -Force
@nguyenl95
nguyenl95 / ida_memdump.py
Created Jan 2, 2020 — forked from herrcore/ida_memdump.py
Dump a blob of memory into a file - IDA Pro script
View ida_memdump.py
import idautils
import idaapi
def memdump(ea, size, file):
data = idc.GetManyBytes(ea, size)
with open(file, "wb") as fp:
fp.write(data)
print "Memdump Success!"
@nguyenl95
nguyenl95 / ida_memdump.py
Created Jan 2, 2020 — forked from herrcore/ida_memdump.py
Dump a blob of memory into a file - IDA Pro script
View ida_memdump.py
import idautils
import idaapi
def memdump(ea, size, file):
data = idc.GetManyBytes(ea, size)
with open(file, "wb") as fp:
fp.write(data)
print "Memdump Success!"
View 0c30d700b131246e302ff3da1c4180d21f4650db072e287d1b9d477fe88d312f
## uploaded by @JohnLaTwC
https://www.virustotal.com/en/file/0c30d700b131246e302ff3da1c4180d21f4650db072e287d1b9d477fe88d312f/analysis/
https://docs.microsoft.com/en-us/windows/desktop/api/wininet/nf-wininet-internetconnecta
void InternetConnectA(
HINTERNET hInternet,
LPCSTR lpszServerName,
INTERNET_PORT nServerPort,
LPCSTR lpszUserName,
LPCSTR lpszPassword,
DWORD dwService,
@nguyenl95
nguyenl95 / base64-to-hex.py
Created Nov 13, 2019 — forked from kkirsche/base64-to-hex.py
Decode base64 and convert to hex format, like shellcode
View base64-to-hex.py
#!/usr/bin/env python
from base64 import b64decode
from urllib import unquote
base64_strs = ['xU5LNJhXeo9B6o4Ri%2FxFHodARXWqgtNufNrYzqG05nGOLNboDgJtkw%3D%3D',
'%2BjAd73J7RAZgLxAUkIG5l0cMPLQEBAtZRMP3WdXr1%2BMYdrg2cZKaow%3D%3D']
for bstr in base64_strs:
unquoted_bstr = unquote(bstr)
View StartLogging.xml
<Sysmon schemaversion="4.1">
<!-- Capture all hashes -->
<HashAlgorithms>*</HashAlgorithms>
<EventFiltering>
<!-- Event ID 1 == Process Creation. Log all newly created processes except -->
<ProcessCreate onmatch="exclude">
<Image condition="contains">splunk</Image>
<Image condition="contains">btool.exe</Image>
<Image condition="contains">SnareCore</Image>
<Image condition="contains">nxlog</Image>
View mount-shared-folder-linux.sh
# use x.sh <share-name> <mounted-folder>
sudo vmhgfs-fuse .host:/${1} ${2} -o allow_other -o uid=1000
@nguyenl95
nguyenl95 / configure.sh
Created Aug 16, 2019
config elasticsearch
View configure.sh
#!/usr/bin/env bash
# Production settings for Elasticsearch in Ubuntu 16.04
set -eux
CURRENT_USER=$(whoami)
CURRENT_DIR=$(dirname $0)
cd ${CURRENT_DIR}
@nguyenl95
nguyenl95 / change_sources_list.sh
Last active Aug 16, 2019
linux quick and dirty scripts
View change_sources_list.sh
sudo sed -ie 's/\([a-zA-Z0-9]*\.archive\.\)\{0,1\}\(archive\.\)\{0,1\}\(security\.\)\{0,1\}ubuntu\.com/opensource\.xtdv\.net/g' /etc/apt/sources.list
You can’t perform that action at this time.