Multiple types of Windows logons add to our knowledge about successful or failed logons of a user. Logon types let us know whether a user was in front of a computer, connected remotely, unlocked a save screen, or perhaps a service rather than a person. Knowing the way a user connected gives us a tool to separate suspicious logons from benign ones.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Extract a line-separated list of DNS and IPv4 IOCs from a pdf | |
# Assumes the IOCs are "fanged" and de-fangs them | |
# requires pdftotext application | |
# -- Cole Hocking | |
PDF_FILE="$1" | |
# Reference text file with same basename | |
FILENAME="$(basename -- "${PDF_FILE}")" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# basic API GET request | |
# Token based auth; get URLs/tokens from config.ini file | |
# -- Cole Hocking | |
import configparser, requests, json, os | |
def read_configs(filename, header, value): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from datetime import datetime | |
def convertTime(unix_timestamp): | |
""" | |
:return datetime obj | |
""" | |
try: | |
date_object = datetime.strptime(unix_timestamp, '%Y-%m-%dT%H:%M:%Sz') | |
return date_object |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# Grab vulnerability reports for a list of hosts from Rapid7 InsightIVM | |
# usage: ./vuln_reports.py -f <hostfile> | |
# -- Cole Hocking | |
import xlsxwriter, configparser, argparse, requests, json, os, urllib3, re | |
from requests.auth import HTTPBasicAuth | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Extract a line-separated list of IPs from a pdf | |
# Assumes the dots are enclosed in square brackets | |
# -- Cole Hocking | |
PDF_FILE="$1" | |
# Reference text file with same basename | |
FILENAME="$(basename -- "${PDF_FILE}")" | |
# file extension |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Create PFX File given private and public key | |
# usage: ./create_pfx.sh <private_key> <public_key> | |
# ARG Input | |
PRIV_KEY="$1" | |
#echo "${PRIV_KEY}" | |
PUB_KEY="$2" | |
#echo "${PUB_KEY}" | |
#------------------------ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Scan a domain, find the servers that are up, and port scan them; automated | |
# Requires: nmap, sublist3r | |
# domain to scan | |
DOMAIN=$1 | |
# subdomain file | |
SUBD="./results/found_dns.txt" | |
# nmap results from ping scan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
extract() { | |
if [[ -z "$1" ]]; then | |
echo "Usage: extract <file>.<zip|rar|bz2|gz|tar|tbz2|tgz|Z|7z|xz|ex|tar.bz2|tar.gz|tar.xz>" | |
exit 1 | |
else | |
if [[ -f "$1" ]]; then | |
case $1 in | |
*.7z) 7z x $1;; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def run_script(script, stdin=None): | |
"""Returns (stdout, stderr), raises error on non-zero return code""" | |
import subprocess | |
# Note: by using a list here (['bash', ...]) you avoid quoting issues, as the | |
# arguments are passed in exactly this order (spaces, quotes, and newlines won't | |
# cause problems): | |
proc = subprocess.Popen(['bash', '-c', script], | |
stdout=subprocess.PIPE, stderr=subprocess.PIPE, | |
stdin=subprocess.PIPE) | |
stdout, stderr = proc.communicate() |
NewerOlder