Skip to content

Instantly share code, notes, and snippets.

Disable Device Enrollment Program (DEP) notification on macOS Monterey.md

NB! command-R is replaced with holding the power button on M1 macs.

With full reinstall (recommended)

   a. Boot into recovery using command-R during reboot, wipe the harddrive using Disk Utility, and select reinstall macOS

   b. Initial installation will run for approximately 1 hour, and reboot once

@CyberMonitor
CyberMonitor / proc_mem.py
Created March 14, 2022 03:19 — forked from gamozolabs/proc_mem.py
IDA Python loader for /proc/pid/mem without debugging a process
import re, subprocess, idaapi, ida_segment, ida_kernwin
# To install this, simply put it in your ida_install/loaders folder and open
# a `/proc/<pid>/mem` file!
#
# You might need to set `echo 0 > /proc/sys/kernel/yama/ptrace_scope` if you
# want to be able to dump processes depending on your system configuration.
# Check if the file is supported by our loader
def accept_file(li, filename):
@CyberMonitor
CyberMonitor / Workstation-Takeover.md
Created January 25, 2022 03:01 — forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@CyberMonitor
CyberMonitor / 20211210-TLP-WHITE_LOG4J.md
Created December 12, 2021 11:27 — forked from SwitHak/20211210-TLP-WHITE_LOG4J.md
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 1127 UTC
@CyberMonitor
CyberMonitor / resources.md
Created June 8, 2021 06:33 — forked from muff-in/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis -resources

Keybase proof

I hereby claim:

  • I am cybermonitor on github.
  • I am ziv_chang (https://keybase.io/ziv_chang) on keybase.
  • I have a public key ASBNmYg4u_BEktiVGiSQ1qWgeuLopLyjKebpr4luMZOAbgo

To claim this, I am signing this object:

### Keybase proof
I hereby claim:
* I am cybermonitor on github.
* I am ziv_chang (https://keybase.io/ziv_chang) on keybase.
* I have a public key ASBNmYg4u_BEktiVGiSQ1qWgeuLopLyjKebpr4luMZOAbgo
To claim this, I am signing this object:
@CyberMonitor
CyberMonitor / Intro.md
Created November 14, 2019 16:20 — forked from chrisdone/Intro.md
Statically checked overloaded strings

Statically checked overloaded strings

This gist demonstrates a trick I came up with which is defining IsString for Q (TExp a), where a is lift-able. This allows you to write $$("...") and have the string parsed at compile-time.

This offers a light-weight way to enforce compile-time constraints. It's basically OverloadedStrings with static checks.

This trick works already in existing (old) GHCs.

@CyberMonitor
CyberMonitor / kerberos_attacks_cheatsheet.md
Created August 28, 2019 08:52 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@CyberMonitor
CyberMonitor / plist2hashcat.py
Created August 15, 2019 01:57 — forked from nueh/plist2hashcat.py
Convert Mac OS X 10.8 and later (SALTED-SHA512-PBKDF2) plist to password hash for hashcat. Slightly modified version of ml2john.py.
#!/usr/bin/env python
"""Utilities for writing code that runs on Python 2 and 3"""
import operator
import sys
import types
__author__ = "Benjamin Peterson <[email protected]>"
__version__ = "1.2.0"