Skip to content

Instantly share code, notes, and snippets.

nguyenl95

Block or report user

Report or block nguyenl95

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@nguyenl95
nguyenl95 / powershell-non-domain-remoting.md
Created Jan 7, 2020 — forked from cmcginty/powershell-non-domain-remoting.md
Windows Powershell Remoting into Non-Domain Joined System
View powershell-non-domain-remoting.md

Powershell Remoting to a Non-Domain Host

  1. From an admin shell, enable PS remoting on the machine you wish to access:
New-ItemProperty -Name LocalAccountTokenFilterPolicy `
  -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System `
  -PropertyType DWord -Value 1

Enable-PsRemoting -Force
@nguyenl95
nguyenl95 / ida_memdump.py
Created Jan 2, 2020 — forked from herrcore/ida_memdump.py
Dump a blob of memory into a file - IDA Pro script
View ida_memdump.py
import idautils
import idaapi
def memdump(ea, size, file):
data = idc.GetManyBytes(ea, size)
with open(file, "wb") as fp:
fp.write(data)
print "Memdump Success!"
@nguyenl95
nguyenl95 / ida_memdump.py
Created Jan 2, 2020 — forked from herrcore/ida_memdump.py
Dump a blob of memory into a file - IDA Pro script
View ida_memdump.py
import idautils
import idaapi
def memdump(ea, size, file):
data = idc.GetManyBytes(ea, size)
with open(file, "wb") as fp:
fp.write(data)
print "Memdump Success!"
View 0c30d700b131246e302ff3da1c4180d21f4650db072e287d1b9d477fe88d312f
## uploaded by @JohnLaTwC
https://www.virustotal.com/en/file/0c30d700b131246e302ff3da1c4180d21f4650db072e287d1b9d477fe88d312f/analysis/
https://docs.microsoft.com/en-us/windows/desktop/api/wininet/nf-wininet-internetconnecta
void InternetConnectA(
HINTERNET hInternet,
LPCSTR lpszServerName,
INTERNET_PORT nServerPort,
LPCSTR lpszUserName,
LPCSTR lpszPassword,
DWORD dwService,
@nguyenl95
nguyenl95 / base64-to-hex.py
Created Nov 13, 2019 — forked from kkirsche/base64-to-hex.py
Decode base64 and convert to hex format, like shellcode
View base64-to-hex.py
#!/usr/bin/env python
from base64 import b64decode
from urllib import unquote
base64_strs = ['xU5LNJhXeo9B6o4Ri%2FxFHodARXWqgtNufNrYzqG05nGOLNboDgJtkw%3D%3D',
'%2BjAd73J7RAZgLxAUkIG5l0cMPLQEBAtZRMP3WdXr1%2BMYdrg2cZKaow%3D%3D']
for bstr in base64_strs:
unquoted_bstr = unquote(bstr)
View StartLogging.xml
<Sysmon schemaversion="4.1">
<!-- Capture all hashes -->
<HashAlgorithms>*</HashAlgorithms>
<EventFiltering>
<!-- Event ID 1 == Process Creation. Log all newly created processes except -->
<ProcessCreate onmatch="exclude">
<Image condition="contains">splunk</Image>
<Image condition="contains">btool.exe</Image>
<Image condition="contains">SnareCore</Image>
<Image condition="contains">nxlog</Image>
View mount-shared-folder-linux.sh
# use x.sh <share-name> <mounted-folder>
sudo vmhgfs-fuse .host:/${1} ${2} -o allow_other -o uid=1000
@nguyenl95
nguyenl95 / change_sources_list.sh
Last active Aug 16, 2019
linux quick and dirty scripts
View change_sources_list.sh
sudo sed -ie 's/\([a-zA-Z0-9]*\.archive\.\)\{0,1\}\(archive\.\)\{0,1\}\(security\.\)\{0,1\}ubuntu\.com/opensource\.xtdv\.net/g' /etc/apt/sources.list
@nguyenl95
nguyenl95 / configure.sh
Created Aug 16, 2019
config elasticsearch
View configure.sh
#!/usr/bin/env bash
# Production settings for Elasticsearch in Ubuntu 16.04
set -eux
CURRENT_USER=$(whoami)
CURRENT_DIR=$(dirname $0)
cd ${CURRENT_DIR}
View format-vsusb.py
#!/usr/bin/python2
import binascii
import hashlib
drv='/dev/sdb'
mode='rb+'
# pwd default is 'admin'
You can’t perform that action at this time.