secdev02

<#
.SYNOPSIS

This script demonstrates the ability to capture and tamper with Web sessions.  
For secure sessions, this is done by dynamically writing certificates to match the requested domain. 
This is only proof-of-concept, and should be used cautiously, to demonstrate the effects of such an attack. 
This script requires local administrative privileges to execute properly.  

Function: Interceptor
Author: Casey Smith, Twitter: @subTee

secdev02

# We'll just store the cloned certificates in current user "Personal" store for now.
$CertStoreLocation = @{ CertStoreLocation = 'Cert:\CurrentUser\My' }

$MS_Root_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32Root.cer
$Cloned_MS_Root_Cert = New-SelfSignedCertificate -CloneCert $MS_Root_Cert @CertStoreLocation

$MS_PCA_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32PCA.cer
$Cloned_MS_PCA_Cert = New-SelfSignedCertificate -CloneCert $MS_PCA_Cert -Signer $Cloned_MS_Root_Cert @CertStoreLocation

$MS_Leaf_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32Leaf.cer

secdev02

function New-SelfSignedRootCertificate {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true)]
        [string] $Name,

        [Parameter(Mandatory = $true)]
        [string] $CertStoreLocation,

        [Parameter()]

secdev02

def modular_sqrt(a, p):

    def legendre_symbol(a, p):
        """ Compute the Legendre symbol a|p using
            Euler's criterion. p is a prime, a is
            relatively prime to p (if p divides
            a, then a|p = 0)

            Returns 1 if a has a square root modulo
            p, -1 otherwise.

secdev02

primes = [ 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
73, 79, 83, 89, 97, 101, 103, 107, 109, 113,
127, 131, 137, 139, 149, 151, 157, 163, 167, 173,
179, 181, 191, 193, 197, 199, 211, 223, 227, 229,
233, 239, 241, 251, 257, 263, 269, 271, 277, 281,
283, 293, 307, 311, 313, 317, 331, 337, 347, 349,
353, 359, 367, 373, 379, 383, 389, 397, 401, 409,
419, 421, 431, 433, 439, 443, 449, 457, 461, 463,
467, 479, 487, 491, 499, 503, 509, 521, 523, 541,

secdev02

The Scriptless Scriptlet

Or how to execute JavaScript from CSS in MSIE11 without using Scripts

Stop! This text is only interesting for you if you...

• Like popping alerts in weird situations
• Miss CSS expressions as much as we do
• Have an unhealthy obsession for markup porn

Introduction

secdev02

<?xml version='1.0'?>
<data>
  <circle>
    <radius>12</radius>
  </circle>
  <circle>
    <radius>37.5</radius>
  </circle>
</data>

secdev02

<#
    This is an attempt at a script to provision a DC VM in a disposable testlab
    This will also set the DC as authoritative time source, DHCP, and DNS server
    Windows Server® 2012 and 2012 R2 Core Network Guide
    https://gallery.technet.microsoft.com/Windows-Server-2012-and-7c5fe8ea
#>

# rename the computer and reboot, this isn't needed if using Vagrant
#Rename-Computer -NewName newhost -Restart -Force

secdev02

#This script checks if all AD-relevant SRV-Records exist in DNS. Also it looks for netlogon.dns and the A-Record for the DC.

$Domain = (Get-ADDomain).DNSRoot
$DCName = (Get-ADDomainController).Name
$msdcs = (Get-DnsServerResourceRecord -ZoneName _msdcs.$Domain -RRType Srv)
$ARR = (Get-DnsServerResourceRecord -ZoneName $Domain -RRType A)
$PDC = [string] "_ldap._tcp.pdc"
$GC = [string] "_ldap._tcp.gc"
$KDC = [string] "_kerberos._tcp.dc"
$DC = [string] "_ldap._tcp.dc"

secdev02

XZ Backdoor symbol deobfuscation. Updated as i make progress