Michael shiftybitshiftr

## RMM-detection.md

      
              3 files
            
          
              4 forks
            
          
              1 comment
            
          
              22 stars
            
          
                brokensound77
                / RMM-detection.md
            
            
              Last active
              June 28, 2024 13:51
            
              
                Detection Engineering: RMM analysis 
              
          
    Detecting RMM

ℹ️ This was duplicated to this blog for readability and reference

The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.

  
## checkjndi.ps1
# This script is deprecated.
# See https://github.com/CERTCC/CVE-2021-44228_scanner for up-to-date scanners

## 20211210-TLP-WHITE_LOG4J.md

      
              1 file
            
          
              94 forks
            
          
              777 comments
            
          
              1090 stars
            
          
                SwitHak
                / 20211210-TLP-WHITE_LOG4J.md
            
            
              Last active
              June 28, 2024 12:07
            
              
                BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
              
          
    Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
Errors, typos, something to say ?


If you want to add a link, comment or send it to me
Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources


Royce Williams list sorted by vendors responses Royce List
Very detailed list NCSC-NL
The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List


## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              377 forks
            
          
              5 comments
            
          
              1098 stars
            
          
                TarlogicSecurity
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              May 14, 2019 13:33
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## Windows command line gui access.md

      
              1 file
            
          
              16 forks
            
          
              1 comment
            
          
              64 stars
            
          
                scotgabriel
                / Windows command line gui access.md
            
            
              Last active
              November 11, 2023 14:53
            
              
                Common windows functions via rundll user32 and control panel
              
          
    Rundll32 commands

OS: Windows 10/8/7

Add/Remove Programs


RunDll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,0

Content Advisor


RunDll32.exe msrating.dll,RatingSetupUI

Control Panel


## list-usb-devices.ps1
gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} | Sort Manufacturer,Description,DeviceID | Ft -GroupBy Manufacturer Description,Service,DeviceID
	# This script is deprecated.
	# See https://github.com/CERTCC/CVE-2021-44228_scanner for up-to-date scanners