Pull docker image
docker pull mcr.microsoft.com/powershell:latest
Run container
docker run -it --rm mcr.microsoft.com/powershell:latest
Install WSMan-Module
Install-Module -Name PSWSMan
Import-Module PSWSMan
i401 b401
b401
/ sysmon_rmm-FileBlockExecutable.xml
Last active
October 15, 2023 14:43
Sysmon - Block RMM software
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Sysmon schemaversion="4.82"> | |
| <EventFiltering> | |
| <RuleGroup name="" groupRelation="or"> | |
| <FileBlockExecutable onmatch="include"> | |
| <!-- List used: https://github.com/0x706972686f/RMM-Catalogue/tree/main --> | |
| <TargetFilename name="RMM Software" condition="end with">rpcgrab.exe</TargetFilename> | |
| <TargetFilename name="RMM Software" condition="end with">rpcsetup.exe</TargetFilename> | |
| <TargetFilename name="RMM Software" condition="end with">action1_agent.exe</TargetFilename> | |
| <TargetFilename name="RMM Software" condition="end with">aeroadmin.exe</TargetFilename> | |
| <TargetFilename name="RMM Software" condition="end with">alitask.exe</TargetFilename> |
b401
/ pssession.md
Last active
May 17, 2022 06:26
Enter-PSSession within powershell docker container
# rtkit for pipewire
security.rtkit.enable = true;
# enable pipewire with wlr support
services.pipewire.enable = true;
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
// https://security.microsoft.com/apiproxy/mtp/huntingService/queries/encode
Advanced hunting encodes the query for sharing purposes.
- \x00 gets added to every second position in the query (DeviceEvents => D\x00e\x00v\x00...)
- Query gets gzip compressed
- Compressed query gets base64 encoded with a limited character set.
- Position 5 - 13 gets replaced with 'A'
You can now send the encoded query through https://security.microsoft.com/v2/advanced-hunting?query={add query here}&timeRangeId=week
b401
/ asciidoc_template
Created
December 9, 2019 15:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| = Title: Subtitle | |
| Firstname Lastname <[email protected]> | |
| :doctype: pdf | |
| :author: firstname lastname | |
| :subtitle: subtitle | |
| :ntitle: title: {subtitle} | |
| :imagesdir: ./images | |
| :class: classname | |
| :pdf-stylesdir: /template/resources/themes | |
| :pdf-fontsdir: /template/resources/fonts |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM node:boron | |
| VOLUME /var/hackadoc | |
| RUN apt update && apt install -y \ | |
| git \ | |
| sqlite3 | |
| RUN git clone https://github.com/hackergarten/hackadoc.git /var/hackadoc | |
| WORKDIR /var/hackadoc |
b401
/ Dockerfile
Created
March 9, 2019 16:09
34c3 Digital Billboard - Easy Challenge as Dockerimage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian:latest | |
| ADD https://archive.aachen.ccc.de/junior.34c3ctf.ccc.ac/uploads/billboard-56c33efc813379c674ea0d0a64258b5fa835f8d4.tar.gz /srv | |
| RUN tar xvf /srv/billboard-56c33efc813379c674ea0d0a64258b5fa835f8d4.tar.gz -C /srv \ | |
| && rm -f /srv/billboard-56c33efc813379c674ea0d0a64258b5fa835f8d4.tar.gz \ | |
| && useradd -g 0 -M -o -u 0 challenge | |
| USER challenge | |
| WORKDIR /srv |