This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!powershell | |
| # Copyright: (c) 2022 Jordan Borean (@jborean93) [email protected] | |
| # Copyright: (c) 2023, Ryan Cobb <[email protected]> | |
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | |
| #AnsibleRequires -CsharpUtil Ansible.Basic | |
| # win_domain_child module |
cobbr
/ covenant-razor-example-1.cs
Created
July 31, 2019 18:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @using Covenant.Core | |
| @using Covenant.Models.Grunts | |
| @model GruntTasking | |
| @{ | |
| Layout = "_GruntTaskingLayout"; | |
| ViewData["Title"] = "Grunts"; | |
| } | |
| <div class="d-flex justify-content-between flex-wrap flex-md-nowrap pb-2 mb-3"> | |
| <h1 class="h2">GruntTasking: <span id="tasking-name" class="text-primary">@Html.DisplayFor(model => model.Name)</span></h1> | |
| </div> |
cobbr
/ hunter.py
Created
December 7, 2018 22:07
— forked from Static-Flow/hunter.py
Simple Python 3 script to pull emails related to a domain from hunter.io and parse the data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| if len(sys.argv) is 3: | |
| domain = sys.argv[1] | |
| api_key = sys.argv[2] | |
| if domain is not None: | |
| url = "https://hunter.io/v2/domain-search?limit=10000&offset=0&domain="\ | |
| +domain+"&api_key="+api_key+"&format=json" | |
| hunterJsonData = requests.get(url) | |
| for email in hunterJsonData.json()['data']['emails']: |
cobbr
/ CollectDotNetEvents.ps1
Last active
January 24, 2019 01:35
— forked from mattifestation/CollectDotNetEvents.ps1
A PoC script to capture relevant .NET runtime artifacts for the purposes of potential detections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Start-DotNetEventCollection | |
| { | |
| Param( | |
| [Parameter(Position = 0)] | |
| [Alias('PSPath')] | |
| [String] $TracePath = './dotNetTrace.etl', | |
| [Parameter(Position = 1)] | |
| [String] $TraceName = 'dotNetTrace' | |
| ) |
cobbr
/ sharpgen.cna
Created
November 8, 2018 19:03
— forked from dtmsecurity/sharpgen.cna
SharpGen Aggressor Beacon Wrapper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
| $sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
| $temppath = "/tmp/"; | |
| beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
| alias sharpgen{ | |
| $executionId = "sharpgen_" . int(rand() * 100000); | |
| $temporaryCsharp = $temppath . $executionId . ".cs"; | |
| $executableFilename = $temppath . $executionId . ".exe"; |
cobbr
/ sharpgen-example-7
Created
November 6, 2018 16:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --no-optimization "Console.WriteLine(Mimikatz.LogonPasswords());" | |
| ... | |
| [*] Compiled assembly written to: /Users/cobbr/SharpGen/Output/example.exe |
cobbr
/ sharpgen-confuserex-1
Created
November 6, 2018 16:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <project baseDir="{0}" outputDir="{1}" xmlns="http://confuser.codeplex.com"> | |
| <module path="{2}"> | |
| <rule pattern="true" inherit="false"> | |
| <!-- <protection id="anti debug" /> --> | |
| <!-- <protection id="anti dump" /> --> | |
| <!-- <protection id="anti ildasm" /> --> | |
| <!-- <protection id="anti tamper" /> --> | |
| <!-- <protection id="constants" /> --> | |
| <!-- <protection id="ctrl flow" /> --> | |
| <!-- <protection id="invalid metadata" /> --> |
cobbr
/ sharpgen-example-6
Created
November 6, 2018 16:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --confuse confuse.cr "Console.WriteLine(Mimikatz.LogonPasswords());" | |
| ... | |
| [+] Confusing assembly... | |
| [INFO] Confuser.Core 1.1.0-alpha1.52+gfe12a44191 Copyright © 2014 Ki, 2018 Martin Karing | |
| [INFO] Running on Unix 17.5.0.0, .NET Framework v4.0.30319.42000, 64 bits | |
| [DEBUG] Discovering plugins... | |
| [INFO] Discovered 10 protections, 1 packers. | |
| [DEBUG] Resolving component dependency... | |
| [INFO] Loading input modules... | |
| [INFO] Loading 'example.exe'... |
cobbr
/ sharpgen-resources-3
Created
November 6, 2018 15:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Name: SharpSploit.Resources.powerkatz_x86.dll | |
| File: powerkatz_x86.dll | |
| Platform: x86 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x64.dll | |
| File: powerkatz_x64.dll | |
| Platform: x64 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x86.dll.comp | |
| File: powerkatz_x86.dll.comp |
cobbr
/ sharpgen-resources-2
Created
November 6, 2018 15:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Name: SharpSploit.Resources.powerkatz_x86.dll | |
| File: powerkatz_x86.dll | |
| Platform: x86 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x64.dll | |
| File: powerkatz_x64.dll | |
| Platform: x64 | |
| Enabled: true |
NewerOlder