Skip to content

Instantly share code, notes, and snippets.

View vector-sec's full-sized avatar

Eric vector-sec

51 followers · 0 following
View GitHub Profile
@vector-sec
vector-sec / duo_auth_api.vbs
Created August 5, 2016 05:00
VBscript for making a GET request to Duo's Auth API
Function ToString(rabyt,datatype)
With CreateObject("MSXML2.DOMDocument")
.LoadXML "<root />"
.DocumentElement.DataType = datatype
.DocumentElement.nodeTypedValue = rabyt
ToString = Replace(.DocumentElement.text, vbLf, "")
End With
End Function
Function ToSHA1HMAC(sTextToHash, sSharedSecretKey)
@vector-sec
vector-sec / Modified_Bloodhound.ps1
Created August 10, 2016 17:23
This is a modified version of Bloodhound.ps1, a part of https://github.com/adaptivethreat/BloodHound/
#requires -version 2
<#
PowerSploit File: PowerView.ps1
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
@vector-sec
vector-sec / keybase.io
Created December 6, 2016 16:21
### Keybase proof
I hereby claim:
* I am vector-sec on github.
* I am vector_sec (https://keybase.io/vector_sec) on keybase.
* I have a public key whose fingerprint is 374D C736 0AC6 1C4A 8605 73C4 39B3 4B9B AED1 83D8
To claim this, I am signing this object:
@vector-sec
vector-sec / EmpireCOMPosh.cs
Created March 28, 2017 15:25
Allows PowerShell Commands To Execute via JavaScript via COM. PowerShell without PowerShell.exe
using System;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
//Add For PowerShell Invocation
using System.Collections.ObjectModel;
using System.Management.Automation;
@vector-sec
vector-sec / Create-LNK.ps1
Created June 30, 2017 15:59 — forked from enigma0x3/Create-LNK.ps1
function Create-LNKPayload{
<#
.SYNOPSIS
Generates a malicous LNK file
.PARAMETER LNKName
Name of the LNK file you want to create.
@vector-sec
vector-sec / Get-Doppelgangers.ps1
Created January 1, 2018 21:04 — forked from dezhub/Get-Doppelgangers.ps1
function Get-Doppelgangers
{
<#
.SYNOPSIS
Detects use of NTFS transactions for stealth/evasion, aka 'Process Doppelganging'
Author: Joe Desimone (@dez_)
License: BSD 3-Clause
@vector-sec
vector-sec / gist:0f0e23961ed5eddfce60a9559683ea54
Created July 12, 2018 20:36
### Keybase proof
I hereby claim:
* I am vector-sec on github.
* I am vector_sec (https://keybase.io/vector_sec) on keybase.
* I have a public key whose fingerprint is 45F7 FBFB 85BC 9C5D 26AF FA50 CDD7 1C71 4152 0611
To claim this, I am signing this object:
@vector-sec
vector-sec / gist:9caa8e14b2adba7ab0c215a6bf856953
Created November 28, 2017 15:09
Carbon Black API - PowerShell Example - Find All FileMods By certutil.exe - Type 1 == PE Write.
$APIKey = 'KEY'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$url = "https://www.example.com/api/v1/process?q=process_name:certutil.exe"
$hdrs = @{}
$hdrs.Add("X-Auth-Token",$APIKey)
$response = Invoke-RestMethod -Uri $url -Headers $hdrs
for($i =0; $i -lt $response.total_results; $i++)
{
@vector-sec
vector-sec / Get-InjectedThread.ps1
Created May 10, 2017 15:38 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@vector-sec
vector-sec / duo_security_sha1hmac.vbs
Created August 4, 2016 07:29
VBScript implementation of SHA1HMAC meeting Duo Security's specifications
Function ToString(rabyt,datatype)
With CreateObject("MSXML2.DOMDocument")
.LoadXML "<root />"
.DocumentElement.DataType = datatype
.DocumentElement.nodeTypedValue = rabyt
ToString = Replace(.DocumentElement.text, vbLf, "")
End With
End Function
Function ToSHA1HMAC(sTextToHash, sSharedSecretKey)