Eric vector-sec
vector-sec
/ EmpireCOMPosh.cs
Created
March 28, 2017 15:25
Allows PowerShell Commands To Execute via JavaScript via COM. PowerShell without PowerShell.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //Add For PowerShell Invocation | |
| using System.Collections.ObjectModel; | |
| using System.Management.Automation; |
vector-sec
/ keybase.io
Created
December 6, 2016 16:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am vector-sec on github. | |
| * I am vector_sec (https://keybase.io/vector_sec) on keybase. | |
| * I have a public key whose fingerprint is 374D C736 0AC6 1C4A 8605 73C4 39B3 4B9B AED1 83D8 | |
| To claim this, I am signing this object: |
vector-sec
/ Modified_Bloodhound.ps1
Created
August 10, 2016 17:24
This is a modified version of Bloodhound.ps1, a part of https://github.com/adaptivethreat/BloodHound/ The modification is simply adding a GroupName paramter to Get-BloodhoundData to use in conjunction with -CollectionMethod Group
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 2 | |
| <# | |
| PowerSploit File: PowerView.ps1 | |
| Author: Will Schroeder (@harmj0y) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None |
vector-sec
/ Modified_Bloodhound.ps1
Created
August 10, 2016 17:23
This is a modified version of Bloodhound.ps1, a part of https://github.com/adaptivethreat/BloodHound/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 2 | |
| <# | |
| PowerSploit File: PowerView.ps1 | |
| Author: Will Schroeder (@harmj0y) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None |
vector-sec
/ duo_auth_api.vbs
Created
August 5, 2016 05:00
VBscript for making a GET request to Duo's Auth API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function ToString(rabyt,datatype) | |
| With CreateObject("MSXML2.DOMDocument") | |
| .LoadXML "<root />" | |
| .DocumentElement.DataType = datatype | |
| .DocumentElement.nodeTypedValue = rabyt | |
| ToString = Replace(.DocumentElement.text, vbLf, "") | |
| End With | |
| End Function | |
| Function ToSHA1HMAC(sTextToHash, sSharedSecretKey) |
vector-sec
/ duo_security_sha1hmac.vbs
Created
August 4, 2016 07:29
VBScript implementation of SHA1HMAC meeting Duo Security's specifications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function ToString(rabyt,datatype) | |
| With CreateObject("MSXML2.DOMDocument") | |
| .LoadXML "<root />" | |
| .DocumentElement.DataType = datatype | |
| .DocumentElement.nodeTypedValue = rabyt | |
| ToString = Replace(.DocumentElement.text, vbLf, "") | |
| End With | |
| End Function | |
| Function ToSHA1HMAC(sTextToHash, sSharedSecretKey) |
vector-sec
/ hid_ntevent_wmi_event_subscription
Created
August 4, 2016 04:35
An example of how to use permanent WMI event subscriptions to log that a keyboard/mouse was connected to the windows event log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based off @mattifestation's example: https://gist.github.com/mattifestation/aff0cb8bf66c7f6ef44a | |
| # Define the signature - i.e. __EventFilter | |
| $EventFilterArgs = @{ | |
| EventNamespace = 'root/cimv2' | |
| Name = 'HumanInterfaceDevice' | |
| Query = 'SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA "Win32_PointingDevice" OR TargetInstance ISA "Win32_KeyBoard"' | |
| QueryLanguage = 'WQL' | |
| } | |
| $InstanceArgs = @{ |
NewerOlder