Leo Pitt D00MFist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for file in /Applications/* | |
| do | |
| echo "--------------" >>results.out | |
| echo "$file" >>results.out | |
| codesign -d --entitlements - "$file" >> results.out | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "options": { | |
| "logger_snapshot_event_type": "true", | |
| "schedule_splay_percent": 10 | |
| }, | |
| "platform": "darwin", | |
| "schedule": { | |
| "authorized_keys": { | |
| "query": "SELECT * FROM users CROSS JOIN authorized_keys USING (uid);", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --allow_unsafe | |
| --audit_allow_config=true | |
| --audit_allow_sockets=true | |
| --audit_persist=true | |
| --disable_audit=false | |
| --events_expiry=1 | |
| --events_max=50000 | |
| --logger_plugin=filesystem | |
| --disable_events=false | |
| --config_path=/var/osquery/osquery.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get-process | select -exp processname -Unique | % { Get-ProcessMitigation -ErrorAction SilentlyContinue -RunningProcesses $_ | select processname, Id, @{l="Only MS Store"; e={$_.BinarySignature|select -exp AllowStoreSignedBinaries}}} 2> $null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get-process | select -exp processname -Unique | % { Get-ProcessMitigation -ErrorAction SilentlyContinue -RunningProcesses $_ | select processname, Id, @{l="Block non-MS Binaries"; e={$_.BinarySignature|select -exp MicrosoftSignedOnly}}} 2> $null |
D00MFist
/ Notes on adding metadata to go binary
Created
April 10, 2020 22:33
Add meta data to go binary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| go get github.com\josephspurrier\goversioninfo | |
| build the main.go in cmd/goversioninfo | |
| edit the version.json and copy to the location of the main.go want to add metadata to | |
| Add below to the top of source code | |
| //go:generate C:\Users\Leo\Desktop\workspace\src\github.com\josephspurrier\goversioninfo\cmd\goversioninfo\main.exe | |
| go generate | |
| go build |
D00MFist
/ Process-Start-Log.py
Created
April 10, 2020 18:39
ETW log for Microsoft-Windows-Kernel-Process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Original Author: In Ming Loh | |
| Requirements: | |
| 1. Python 3 | |
| 2. pip install pywintrace | |
| 4. Windows machine | |
| ''' | |
| import time |
D00MFist
/ bashrc log
Created
February 21, 2020 20:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS1='[`date +"%d-%b-%y %T"`] > ' | |
| test "$(ps -ocommand= -p $PPID | awk '{print $1}')" == 'script' || (script -f $HOME/logs/$(date +"%d-%b-%y_%H-%M-%S")_shell.log) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://king-sabri.net/how-to-compile-embed-and-use-sharpsploit/ | |
| //https://dotnetnsqlcorner.blogspot.com/2014/04/how-to-disable-generating-pdb-files.html | |
| //Imbed https://github.com/cobbr/SharpSploit/tree/52ad861d98d75bb0a7f6cd9d421dc8a8463adc08 | |
| using System.Diagnostics; | |
| using SharpSploit.Execution; | |
| using SharpSploit.Execution.Injection; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #add date & time stamp | |
| if [ "$color_prompt" = yes ]; then | |
| PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\] [\D{%F %T %z}] \[\03$ | |
| else | |
| PS1=[\D{%F %T %z}] \w # ' | |
| fi | |
| unset color_prompt force_color_prompt |