Ollie olliencc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:16.04 | |
| RUN apt-get update && apt-get install -y openssh-server | |
| RUN mkdir /var/run/sshd | |
| RUN echo 'root:toor' | chpasswd | |
| RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config | |
| # SSH login fix. Otherwise user is kicked off after login | |
| RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:16.04 | |
| RUN apt-get update && apt-get install -y openssh-server | |
| RUN mkdir /var/run/sshd | |
| RUN echo 'root:toor' | chpasswd | |
| RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config | |
| # SSH login fix. Otherwise user is kicked off after login | |
| RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd |
olliencc
/ DLLLoadReasonEnumeratorWithWhen.cpp
Created
January 7, 2022 13:55
Enumerates which DLL loaded when and why for each process via PEB enumeration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| DLL Load Reason Enumerator for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This was the first version - the newer version also includes *When* it was loaded also. | |
| https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1 | |
| */ |
olliencc
/ WindowsThreadStartModule.cpp
Last active
January 26, 2022 06:21
Thread Start Address Enumerator for Microsoft Windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Thread Start Address Enumerator for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ DetectImpersonatingThreads.cpp
Last active
December 19, 2023 03:03
Detect Windows threads which are impersonating
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TEB Detect Impersonating Threads for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ DetectHardwareBreakPointMisuse.cpp
Last active
March 2, 2023 01:17
Detect Windows processes with hardware breakpoints set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Debug register (hardware breakpoint) misuse detector for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ WindowsVEHusingProcEnumandCountandDecode.cpp
Created
January 3, 2022 14:01
Enumerates processes which use VEH via their PEB and then counts the number of VEHs present - decodes pointers and works out which module they are in
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| VEH misuse detector for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ WindowsVEHusingProcEnumandCount.cpp
Created
January 2, 2022 10:25
Enumerates processes which use VEH via their PEB and then counts the number of VEHs present
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| VEH misuse detector for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ WindowsVEHusingProcEnum.cpp
Created
January 1, 2022 08:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| VEH using process enumerator for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
NewerOlder