IDA Plugins | Preferred | Neutral | Unreviewed |
---|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Lateral Movement alias | |
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ | |
# register help for our alias | |
beacon_command_register("com-exec", "lateral movement with DCOM", | |
"Synopsis: com-exec [target] [listener]\n\n" . | |
"Run a payload on a target via DCOM MMC20.Application Object"); | |
# here's our alias to collect our arguments | |
alias com-exec { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Demonstrate how to queue tasks to execute with each checkin... | |
# | |
# | |
# yield tells a function to pause and return a value. The next time the same instance of the | |
# function is called, it will resume after where it last yielded. | |
# | |
sub stuffToDo { | |
# Tasks for first checkin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Param([parameter(Mandatory=$true, | |
HelpMessage="Directory to search for .NET Assemblies in.")] | |
$Directory, | |
[parameter(Mandatory=$false, | |
HelpMessage="Whether or not to search recursively.")] | |
[switch]$Recurse = $false, | |
[parameter(Mandatory=$false, | |
HelpMessage="Whether or not to include DLLs in the search.")] | |
[switch]$DLLs = $false, | |
[parameter(Mandatory=$false, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function dockershell() { | |
docker run --rm -i -t --entrypoint=/bin/bash "$@" | |
} | |
function dockershellsh() { | |
docker run --rm -i -t --entrypoint=/bin/sh "$@" | |
} | |
function dockershellhere() { | |
dirname=${PWD##*/} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#@author matterpreter | |
#@category | |
#@keybinding | |
#@menupath | |
#@toolbar | |
### | |
# To import to Neo4j: | |
# CREATE CONSTRAINT function_name ON (n:Function) ASSERT n.name IS UNIQUE | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Requires: curl, jq | |
# Download MITRE ATT&CK data from GitHub repository | |
curl -o enterprise-attack.json https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json | |
# List all ATT&CK object types | |
jq -r '[ .objects[].type ] | unique | .[]' enterprise-attack.json | |
# List all ATT&CK technique identifiers | |
jq -r '[ .objects[] | select(.type == "attack-pattern") | .external_references[] | select(.source_name == "mitre-attack") | .external_id ] | sort | .[]' enterprise-attack.json |
Some golden links when you are having issues: https://social.technet.microsoft.com/Forums/windows/en-US/96016a13-9062-4842-b534-203d2f400cae/ca-certificate-request-error-quotdenied-by-policy-module-0x80094800quot-windows-server-2008?forum=winserversecurity
Download and install Certi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
BOOL SetPrivilege(HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) { | |
TOKEN_PRIVILEGES tp; | |
LUID luid; | |
TOKEN_PRIVILEGES tpPrevious; | |
DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES); | |
if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------------------------- | |
<WinProcess "smss.exe" pid 520 at 0x5db0c50L> | |
64 | |
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000 | |
-------------------------------------------------------------------------------- | |
<WinProcess "csrss.exe" pid 776 at 0x5db0908L> | |
64 | |
Interfaces : | |
Endpoints : |