Pedro Cabral prcabral
prcabral
/ smbspray-poc.py
Created
February 21, 2019 20:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import getopt, sys, subprocess | |
| def help(): | |
| print """ | |
| Usage: smbspray-poc [options]" | |
| \t-l: user list to password spray | |
| \t-c: hostnames to rotate through for each request | |
| \t-p: password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.00"> | |
| <!--SYSMON META CONFIG--> | |
| <HashAlgorithms>sha256</HashAlgorithms> <!-- Both MD5 and SHA256 are the industry-standard algorithms for identifying files --> | |
| <CheckRevocation/> <!-- Check loaded drivers, log if their code-signing certificate has been revoked, in case malware stole one to sign a kernel driver --> | |
| <!-- <ImageLoad/> --> <!-- Would manually force-on ImageLoad monitoring, even without configuration below. Included only documentation. --> | |
| <!-- <ProcessAccessConfig/> --> <!-- Would manually force-on ProcessAccess monitoring, even without configuration below. Included only documentation. --> | |
| <!-- <PipeMonitoringConfig/> --> <!-- Would manually force-on PipeCreated / PipeConnected events, even without configuration below. Included only documentation. --> | |
| <EventFiltering> |