Skip to content

Instantly share code, notes, and snippets.

View shadowbq's full-sized avatar
👔
Doing Things

shadowbq shadowbq

👔
Doing Things
63 followers · 30 following
View GitHub Profile
@shadowbq
shadowbq / Outline.md
Created July 20, 2025 20:45

FirstName LastName

July 20, 2025

A Moment to Remember

Paragraph 1 – Introduction (3–5 sentences)

  • Sentence 1: A hook using alliteration or imagery to draw the reader in.
  • Sentence 2: Introduce the memory — when/where it happened (no details yet).
@shadowbq
shadowbq / Inindo game
Created May 24, 2024 12:24
Inindo way of the ninja
Inindo: Way Of The Ninja Maps
© 1993 KOEI Corporation
Maps Of The Month: March 2019 (zagato blackfist)
World World 9216 x 9245 1.19 MB PNG ripped zagato blackfist
Mutsu Castle Mutsu Castle 1236 x 802 29.5 kB PNG ripped zagato blackfist
Dewa Castle Dewa Castle 1268 x 898 32.3 kB PNG ripped zagato blackfist
R Castle Rikuchu Castle 1716 x 834 36.4 kB PNG ripped zagato blackfist
Rikuzen Castle Rikuzen Castle 1204 x 770 29.7 kB PNG ripped zagato blackfist
@shadowbq
shadowbq / .README.md
Last active May 22, 2023 16:37 — forked from mattifestation/MDE_DataCollection_Scripts.md
Microsoft MDE EDR LiveResponse and SenseIR collection powershell scripts

Microsoft Defender PowerShell and LUA delivery

Microsoft Defender for Endpoint ensures the integrity of the scripts it pushes and executes.

First, they ensure that the script to execute matches the expected file hash. Example:

powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd871ab44a81b93cdf3c7e235c246ea8b4bf65
@shadowbq
shadowbq / README - LVM Encryption Resize.md
Last active March 15, 2023 18:17
Enlarge LVM on LUKS encrypted VG

Enlarge LVM on LUKS

Example #1 - Move Data from small physical drive to another bigger physical drive

Enlarging a LVM-on-LUKS logical partition, for instance after migrating to a larger hard disk, is done in the opposite way - from the outermost to the innermost partition:

primary partition(LUKS device{volume group[(logical partition1)(logical partition2-->)]}) Preparation Create a new partition on the new hard disk of wanted size, f.i. by using GNU Parted, and clone the old partition sdX1, containing your LUKS container, into the new partition sdY1:

@shadowbq
shadowbq / py_in_bash.sh
Created January 31, 2023 00:32
Python in Bash for script delivery
#!/usr/bin/env bash
set -a
command -v python3 >/dev/null 2>&1 || {
echo >&2 "Python3 required. Aborting."
exit 1
}
MYSTRING="Do something in bash"
export $MYSTRING
@shadowbq
shadowbq / epoch.sh
Created May 17, 2012 13:32
Epoch to Date inline replace for unix cli
#!/usr/bin/env bash
# Note: this works for dates Sat Sep 8 21:46:40 EDT 2001 onward to Nov 2286.
#
# Usage:
# echo 'Awesome example 1316716805 to 1330000000 with data' | ~/epoch
# Awesome example Thu Sep 22 14:40:05 EDT 2011 to Thu Feb 23 07:26:40 EST 2012 with data
#
<<LICENSE
@shadowbq
shadowbq / minimal-defender-bypass.profile
Created January 4, 2022 17:56 — forked from tothi/minimal-defender-bypass.profile
Minimal Cobalt Strike C2 Profile for Bypassing Defender
# in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures)
# as stage0, remote injecting a thread into a suspended process works
set host_stage "false";
set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62";
set sleeptime "10000";
stage {
set allocator "MapViewOfFile";
set name "notevil.dll";
@shadowbq
shadowbq / README.md
Created September 29, 2021 13:50
SSL/TLS Certificate Files and How to Convert Them

DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them

Certificates and Encodings

At its core an X.509 certificate is a digital document that has been encoded and/or digitally signed according to RFC 5280.

In fact, the term X.509 certificate usually refers to the IETF’s PKIX Certificate and CRL Profile of the X.509 v3 certificate standard, as specified in RFC 5280, commonly referred to as PKIX for Public Key Infrastructure (X.509).

X509 File Extensions

@shadowbq
shadowbq / output.txt
Last active July 1, 2021 14:49
## Generate TCP Flags Definition File
1: ["FIN"]
2: ["SYN"]
3: ["SYN", "FIN"]
4: ["RST"]
5: ["RST", "FIN"]
6: ["RST", "SYN"]
7: ["RST", "SYN", "FIN"]
8: ["PUSH"]
9: ["PUSH", "FIN"]
10: ["PUSH", "SYN"]
@shadowbq
shadowbq / Powershell.log
Last active April 30, 2021 13:07
PDH with Powershell for Network Stats
' Notes:
' https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-counter?view=powershell-5.1
' https://docs.bmc.com/docs/display/public/bcmco95/Windows+IPv4+and+IPv6+Statistics
' https://kb.paessler.com/en/topic/50673-how-can-i-find-out-the-names-of-available-performance-counters
' https://docs.microsoft.com/en-us/windows-server/networking/technologies/network-subsystem/net-sub-performance-counters
' https://leanpub.com/windowspowershellnetworkingguide/read#leanpub-auto-performance-counters
PS C:\Users\jdoe> powershell –ExecutionPolicy Bypass
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.