Skip to content

Instantly share code, notes, and snippets.

View aguytech's full-sized avatar

aguy aguytech

10 followers · 2 following
View GitHub Profile
@aguytech
aguytech / ffmpeg-audacity.md
Last active July 22, 2022 16:15
[ffmpeg] ffmpeg tips #bash #tips #pinned

format for audacity

Export / Export Audio / (external program)

ffmpeg -i - -codec:a libopus -b:a 64k -vbr on -compression_level 10 "%f" # whithout space in path file
@aguytech
aguytech / mimikatz-user-hash.md
Last active June 14, 2022 10:12
[mimikatz] tricks for mimikatz #forensic #malware #disk #trick

start

log mimikatz.log

lsadump

cd $path_hive
@aguytech
aguytech / hivexget-help.md
Last active June 18, 2022 22:37
[hivexget-hivexsh-hivexml] hivex help # bash #help #forensic #disk #hive
hivexget hivefile PATH [NAME]
Get subkey from a Windows Registry binary "hive" file

example

hivexget ${path_hive}/SAM "SAM\Domains\Account\Users\000003E9" V
@aguytech
aguytech / chntpw-help.md
Last active June 18, 2022 22:37
[chntpw-reged-sampasswd] chntpw reged sampasswd help #bash #help #forensic #disk #hive

https://helpmanual.io/man8/chntpw/

chntpw [options] <samfile> [systemfile] [securityfile] [otherreghive] [...]
Utility to overwrite passwords of Windows systems

usage

chntpw -i $hive
@aguytech
aguytech / foralyse--installer.sh
Last active June 21, 2022 22:24
[foralyse] forensic VM on xubuntu #forensic #ubuntu #foralyse #memory #disk #network #install
#!/bin/bash
_PATH_SCRIPT=${0%/*}
file=${_PATH_SCRIPT}/foralyse-inc.sh
! [ -f ${file} ] && echo "Unable to find file: ${file}" && exit 1
! . ${file} && echo -e "Errors encountered. \nSee log files in /var/lkog/foralyse" && exit 1
_call foralyse-host.sh "HOST"
@aguytech
aguytech / volatility3-1-install.sh
Last active June 18, 2022 22:37
[volatility3] Volatility memory analyse #bash #forensic #memory #help #install
#!/bin/bash
python3 -m pip install -U pip
python3 -m pip install -U volatility3
cd /usr/local/bin && sudo ln -sv vol vol3
@aguytech
aguytech / sqlite3-windows-notification.md
Last active June 14, 2022 10:05
[sqlite3] sqlite to analyse windows notification #bash #malware #forensic #tips

sqlitebrowser

file=/vol6/Users/Angela/AppData/Local/Microsoft/Windows/Notifications/wpndatabase.db
sqlitebrowser ${file}

query

SELECT datetime((ArrivalTime/10000000)-11644473600, 'unixepoch') AS ArrivalTime,
@aguytech
aguytech / regripper-install.md
Last active June 14, 2022 10:09
[regripper] Hive analysis #bash #help #forensic #disk #hive

See foralyse

@aguytech
aguytech / reglookup-install.md
Last active June 14, 2022 10:08
[reglookup] Hive analysis #bash #help #forensic #disk #hive

ubuntu

sudo apt install reglookup
@aguytech
aguytech / hive-disable-security-center.reg
Last active June 14, 2022 10:07
[hive] Windows hive analysis #bash #disk #forensic #help #hive #tips #windows
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001