Brian Maloney Beercow
Beercow
/ Get-AdGroupMembershipChange.ps1
Created
October 23, 2016 02:35
— forked from anonymous/Get-AdGroupMembershipChange.ps1
Detect Changes to AD Group Members and Notify on Change
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Module ActiveDirectory | |
| <# | |
| .SYNOPSIS | |
| This script queries multiple Active Directory groups for new members in a domain. It records group membership | |
| in a CSV file in the same location as the script is located. On the script's initial run it will simply record | |
| all members of all groups into this CSV file. On subsequent runs it will query each group's member list and compare | |
| that list to what's in the CSV file. If any differences are found (added or removed) the script will update the | |
| CSV file to reflect current memberships and notify an administrator of which members were either added or removed. | |
| .NOTES |
Beercow
/ config-server.xml
Created
November 19, 2016 02:16
— forked from Neo23x0/config-server.xml
Sysmon Base Configuration - Windows Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| This is a Microsoft Sysmon configuation to be used on Windows server systems | |
| v0.1 | |
| Florian Roth | |
| The focus of this configuration is | |
| - hacking activity on servers / lateral movement (bad admin, attacker) | |
| It is not focussed on | |
| - malware detection (execution) | |
| - malware detection (network connections) |
Beercow
/ config-client.xml
Created
November 19, 2016 02:16
— forked from Neo23x0/config-client.xml
Sysmon Base Configuration - Workstations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| This is a Microsoft Sysmon configuation to be used on Windows workstations | |
| v0.1 | |
| Florian Roth (with the help and ideas of others) | |
| The focus of this configuration is | |
| - malware detection (execution) | |
| - malware detection (network connections) | |
| - exploit detection | |
| It is not focussed on |
Beercow
/ wcr.py
Last active
May 16, 2017 18:24
— forked from mak/wcr.py
Extract everything from WannaCry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import re | |
| import os,sys | |
| import pefile | |
| import struct | |
| import zipfile | |
| import hashlib | |
| import StringIO | |
| from Crypto import Random |