tr4nc3
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b.amazonaws.com | |
| access-analyzer.amazonaws.com | |
| account.amazonaws.com | |
| acm-pca.amazonaws.com | |
| acm.amazonaws.com | |
| airflow-env.amazonaws.com | |
| airflow.amazonaws.com | |
| alexa-appkit.amazon.com | |
| alexa-connectedhome.amazon.com | |
| amazonmq.amazonaws.com |
xpn
/ azuread_decrypt_msol_v2.ps1
Created
April 11, 2020 01:34
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb..." | |
| return |
dangtrinhnt
/ ad_utils.py
Created
July 28, 2016 02:03
Get Active Directory group members using python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/env python | |
| # | |
| # USAGE | |
| # $ python ad_utils.py "My Group Name" | |
| # | |
| # Author: | |
| # Trinh Nguyen | |
| # dangtrinhnt@gmail.com | |
| # www.dangtrinh.com |
its-a-feature
/ Domain Enumeration Commands
Created
January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |
maxvt
/ infra-secret-management-overview.md
Last active
February 28, 2024 20:53
Infrastructure Secret Management Software Overview
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
iann0036
/ gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active
February 28, 2024 19:39
List of expensive / long-term effect AWS IAM actions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| route53domains:RegisterDomain | |
| route53domains:RenewDomain | |
| route53domains:TransferDomain | |
| ec2:ModifyReservedInstances | |
| ec2:PurchaseHostReservation | |
| ec2:PurchaseReservedInstancesOffering | |
| ec2:PurchaseScheduledInstances | |
| rds:PurchaseReservedDBInstancesOffering | |
| dynamodb:PurchaseReservedCapacityOfferings | |
| s3:PutObjectRetention |
NyaMisty
/ outline_graph.py
Created
September 1, 2022 01:02
IDA Graph view with outlined function included
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| summary: drawing custom graphs | |
| description: | |
| Showing custom graphs, using `ida_graph.GraphViewer`. In addition, | |
| show how to write actions that can be performed on those. | |
| keywords: graph, actions | |
| """ | |
| from __future__ import print_function | |
| # ----------------------------------------------------------------------- |
atifaziz
/ Unprotect-ProtectedData.ps1
Created
March 31, 2017 06:25
Decrypting DPAPI-protected Base64 data from PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -AssemblyName System.Security; | |
| [Text.Encoding]::ASCII.GetString([Security.Cryptography.ProtectedData]::Unprotect([Convert]::FromBase64String((type -raw (Join-Path $env:USERPROFILE foobar))), $null, 'CurrentUser')) |
NewerOlder