| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
Filippo Mottini teoseller
Neo23x0
/ Base64_CheatSheet.md
Last active
May 23, 2024 08:25
Learning Aid - Top Base64 Encodings Table
defensivedepth
/ logstash-osquery-shipped-WEL.conf
Created
December 21, 2018 17:14
Logstash configuration snippet for Windows eventlogs shipped by the osquery table windows_events
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| json { | |
| # Do the initial JSON parse | |
| source => "message" | |
| target => "osquery" | |
| } | |
| mutate { | |
| # Remove the \\x0A |
adepasquale
/ Dockerfile.postfix-catchall
Last active
February 22, 2021 08:43
Dockerfile for Postfix server with catch-all configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine:latest | |
| RUN apk add --no-cache postfix postfix-pcre rsyslog | |
| RUN postconf -e "myhostname=localhost" \ | |
| && postconf -e "mynetworks_style=host" \ | |
| && postconf -e "mail_spool_directory=/var/mail/" \ | |
| && postconf -e "virtual_alias_maps=pcre:/etc/postfix/virtual" \ | |
| && echo "/.*/ root" > /etc/postfix/virtual \ | |
| && postmap /etc/postfix/virtual \ |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
mattifestation
/ autodump_powershell_process.ps1
Last active
September 16, 2019 04:58
Automatically capture a full PowerShell memory dump upon any PowerShell host process termination
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $EventFilterArgs = @{ | |
| EventNamespace = 'root/cimv2' | |
| Name = 'PowerShellProcessStarted' | |
| Query = 'SELECT FileName, ProcessID FROM Win32_ModuleLoadTrace WHERE FileName LIKE "%System.Management.Automation%.dll"' | |
| QueryLanguage = 'WQL' | |
| } | |
| $Filter = New-CimInstance -Namespace root/subscription -ClassName __EventFilter -Property $EventFilterArgs | |
| $CommandLineConsumerArgs = @{ |
atcuno
/ gist:3425484ac5cce5298932
Last active
March 25, 2024 13:55
HowTo: Privacy & Security Conscious Browsing
The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.
I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Please set the ROOT to the folder your nxlog was installed into, | |
| ## otherwise it will not start. | |
| #define ROOT C:\Program Files\nxlog | |
| define ROOT C:\Program Files (x86)\nxlog | |
| define ROOT_STRING C:\Program Files (x86)\\nxlog | |
| Moduledir %ROOT%\modules | |
| CacheDir %ROOT%\data | |
| Pidfile %ROOT%\data\nxlog.pid |