Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-ChainReaction { | |
<# | |
.SYNOPSIS | |
A single script that combines the original Chain Reactions from the Atomic Red Team project | |
.PARAMETER Reaction | |
Specifies the ChainReaction to execute. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
You can create a GPO to test changing the default behavior of the following extensions to not behave as a script | |
but rather as a benign text file opened in notepad. | |
js | |
wsh | |
vbs | |
wsc | |
sct | |
jse | |
wsf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
# | |
# Note this version requires Apache 2.4+ | |
# | |
# Save this file into something like /etc/apache2/redirect.rules. | |
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
# | |
# Include /etc/apache2/redirect.rules | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Sysmon schemaversion="4.32"> | |
<!-- Capture all hashes --> | |
<HashAlgorithms>*</HashAlgorithms> | |
<DnsLookup>False</DnsLookup> | |
<ArchiveDirectory>Archive</ArchiveDirectory> | |
<EventFiltering> | |
<RuleGroup name="" groupRelation="or"> | |
<!-- Event ID 1 == Process Creation. Log all newly created processes except --> | |
<ProcessCreate onmatch="exclude"> | |
<Image condition="contains">splunk</Image> |