Skip to content

Instantly share code, notes, and snippets.

View Und3rf10w's full-sized avatar

Und3rf10w

668 followers · 66 following
View GitHub Profile
@rsmudge
rsmudge / getenv.cna
Last active December 11, 2019 19:45
#
# Aggressor Script means to parse/use environment vars in a Beacon session.
#
global('%bvars');
# request environment variables for every new Beacon that comes in.
on beacon_initial {
# ideally, we'd have a bshell that could take callbacks. We don't have
# this yet. Eventually though, we will.
@SadProcessor
SadProcessor / Get-RickAstley.ps1
Created March 21, 2016 23:46
Not intended for nefarious purposes...
function Get-RickAstley(){
[console]::beep(440,150)#A
[console]::beep(493,150)#B
[console]::beep(587,150)#D
[console]::beep(493,150)#B
Start-Sleep -m 20
[console]::beep(698,400)#F
[console]::beep(698,400)#F
[console]::beep(659,500)#E
Start-Sleep -m 50
@rsmudge
rsmudge / getexplorer.cna
Created March 18, 2016 20:47
# getexplorerpid($bid, &callback);
sub getexplorerpid {
bps($1, lambda({
local('$pid $name $entry');
foreach $entry (split("\n", $2)) {
($name, $pid) = split("\\s+", $entry);
if ($name eq "explorer.exe") {
# $1 is our Beacon ID, $pid is the PID of explorer.exe
[$callback: $1, $pid];
}
@mattifestation
mattifestation / WMI_attack_detection.ps1
Last active March 16, 2021 23:02
BlueHat 2016 - WMI attack detection demo
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
@monoxgas
monoxgas / Rulz.py
Created October 14, 2015 17:31
#!/usr/bin/env python
# Rulz.py
# Author: Nick Landers (@monoxgas) - Silent Break Security
import os
import sys
import argparse
import re
import binascii
import codecs
@Belphemur
Belphemur / iptables-tarpit.conf
Last active October 10, 2022 18:29
Tarpit Action for Fail2ban with rate limit
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
# Modified: Yaroslav O. Halchenko <[email protected]>
# made active on all ports from original iptables.conf
# Modified: Antoine Aflalo <[email protected]>
# Used the iptables-allports.conf as base for TARPIT.
#
#
@kalkin
kalkin / QubesOS Zsh Completion
Created October 23, 2014 09:13
_qvm-run() {
local app_vms
app_vms=( $(qvm-ls --raw-list|grep -v "^dom0$") )
local exc=
if (( words[(I)--all] )); then
exc="*--exclude=[When --all is used: exclude this VM name (may be repeated)]:QubesVMs:($app_vms)"
fi
_arguments -S '(-a --auto)'{-a,--auto}'[Auto start the VM if not running]'\
@grugq
grugq / gist:03167bed45e774551155
Last active April 15, 2025 11:22
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.