joeyaiello

# These are the demos I delivered at Ignite for BRK3179 - PowerShell 7

# Not all of them are intended be run as-is, as they may require some dependency
# or be intended to showcase a more complex point (e.g. the AzVM example on &&)

# Those that were executed in the presentation were run with 7.0-preview.5 on the latest Windows 10

#region ETW Provider Definitions
$Providers = @("OAlerts","PowerShellCore/Operational","Microsoft-Windows-WMI-Activity/Operational","Microsoft-Windows-WLAN-AutoConfig/Operational","Microsoft-Windows-Wired-AutoConfig/Operational","Microsoft-Windows-WinRM/Operational","Microsoft-Windows-Winlogon/Operational","Microsoft-Windows-WinINet-Config/ProxyConfigChanged","Microsoft-Windows-WindowsUpdateClient/Operational","Microsoft-Windows-WindowsSystemAssessmentTool/Operational","Microsoft-Windows-Windows Firewall With Advanced Security/Firewall","Microsoft-Windows-Windows Defender/Operational","Microsoft-Windows-WFP/Operational","Microsoft-Windows-WebAuthN/Operational","Microsoft-Windows-W

JohnLaTwC

olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
===============================================================================
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls 
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(empty macro)
-------------------------------------------------------------------------------

JohnLaTwC

## uploaded by @JohnLaTwC
https://www.virustotal.com/en/file/0c30d700b131246e302ff3da1c4180d21f4650db072e287d1b9d477fe88d312f/analysis/
https://docs.microsoft.com/en-us/windows/desktop/api/wininet/nf-wininet-internetconnecta
void InternetConnectA(
  HINTERNET     hInternet,
  LPCSTR        lpszServerName,
  INTERNET_PORT nServerPort,
  LPCSTR        lpszUserName,
  LPCSTR        lpszPassword,
  DWORD         dwService,

leoloobeek

//Base64 Raw Decoder 

function Base64Decode(str) {
    if (!(/^[a-z0-9+/]+={0,2}$/i.test(str)) || str.length%4 != 0) throw Error('Not base64 string');

    var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    var o1, o2, o3, h1, h2, h3, h4, bits, d=[];

    for (var c=0; c<str.length; c+=4) {  // unpack four hexets into three octets

netbiosX

[version]
Signature=$chicago$
AdvancedINF=2.5

[DefaultInstall_SingleUser]
RegisterOCXs=RegisterOCXSection

[RegisterOCXSection]
C:\Users\test.PENTESTLAB\pentestlab.dll

cizixs

Linux NetFilter, IP Tables and Conntrack Diagrams

IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

NickTyrer

;cmstp.exe /s cmstp.inf

[version]
Signature=$chicago$
AdvancedINF=2.5

[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection

[UnRegisterOCXSection]

sneakymonk3y

BinText / strings / strings2 / bstrings
Process Monitor  
Process Hacker  
Autoruns  
PEiD  
Regshot  
LordPE  
Ollydbg
IDA Pro/FREE
WireShark

herrcore

import idautils 
import idaapi

def memdump(ea, size, file):
    data = idc.GetManyBytes(ea, size)
    with open(file, "wb") as fp:
        fp.write(data)
        print "Memdump Success!"

Geoyi

How to install virtualenv:

Install pip first

sudo apt-get install python3-pip

Then install virtualenv using pip3

sudo pip3 install virtualenv