Multiple types of Windows logons add to our knowledge about successful or failed logons of a user. Logon types let us know whether a user was in front of a computer, connected remotely, unlocked a save screen, or perhaps a service rather than a person. Knowing the way a user connected gives us a tool to separate suspicious logons from benign ones.
Cole Hocking colehocking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Extract a line-separated list of DNS and IPv4 IOCs from a pdf | |
| # Assumes the IOCs are "fanged" and de-fangs them | |
| # requires pdftotext application | |
| # -- Cole Hocking | |
| PDF_FILE="$1" | |
| # Reference text file with same basename | |
| FILENAME="$(basename -- "${PDF_FILE}")" |
colehocking
/ basicAPIGet.py
Last active
May 15, 2025 16:30
Basic API GET in Python; token-based auth; read from config.ini file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # basic API GET request | |
| # Token based auth; get URLs/tokens from config.ini file | |
| # -- Cole Hocking | |
| import configparser, requests, json, os | |
| def read_configs(filename, header, value): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| def convertTime(unix_timestamp): | |
| """ | |
| :return datetime obj | |
| """ | |
| try: | |
| date_object = datetime.strptime(unix_timestamp, '%Y-%m-%dT%H:%M:%Sz') | |
| return date_object |
colehocking
/ vuln_report_ivm.py
Created
April 29, 2025 21:22
Create a vulnerability spreadsheet for a list of servers as input
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # Grab vulnerability reports for a list of hosts from Rapid7 InsightIVM | |
| # usage: ./vuln_reports.py -f <hostfile> | |
| # -- Cole Hocking | |
| import xlsxwriter, configparser, argparse, requests, json, os, urllib3, re | |
| from requests.auth import HTTPBasicAuth | |
colehocking
/ extract_ips.sh
Created
January 26, 2024 18:00
Extract a line-separated list of IPs from a pdf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Extract a line-separated list of IPs from a pdf | |
| # Assumes the dots are enclosed in square brackets | |
| # -- Cole Hocking | |
| PDF_FILE="$1" | |
| # Reference text file with same basename | |
| FILENAME="$(basename -- "${PDF_FILE}")" | |
| # file extension |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Create PFX File given private and public key | |
| # usage: ./create_pfx.sh <private_key> <public_key> | |
| # ARG Input | |
| PRIV_KEY="$1" | |
| #echo "${PRIV_KEY}" | |
| PUB_KEY="$2" | |
| #echo "${PUB_KEY}" | |
| #------------------------ |
colehocking
/ scan_auto.sh
Created
August 18, 2021 19:04
automate port scanning from a single domain with nmap and sublist3r
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Scan a domain, find the servers that are up, and port scan them; automated | |
| # Requires: nmap, sublist3r | |
| # domain to scan | |
| DOMAIN=$1 | |
| # subdomain file | |
| SUBD="./results/found_dns.txt" | |
| # nmap results from ping scan |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| extract() { | |
| if [[ -z "$1" ]]; then | |
| echo "Usage: extract <file>.<zip|rar|bz2|gz|tar|tbz2|tgz|Z|7z|xz|ex|tar.bz2|tar.gz|tar.xz>" | |
| exit 1 | |
| else | |
| if [[ -f "$1" ]]; then | |
| case $1 in | |
| *.7z) 7z x $1;; |
colehocking
/ subProc.py
Created
December 2, 2020 18:20
Run a bash subprocess in Python -- the ideal way
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def run_script(script, stdin=None): | |
| """Returns (stdout, stderr), raises error on non-zero return code""" | |
| import subprocess | |
| # Note: by using a list here (['bash', ...]) you avoid quoting issues, as the | |
| # arguments are passed in exactly this order (spaces, quotes, and newlines won't | |
| # cause problems): | |
| proc = subprocess.Popen(['bash', '-c', script], | |
| stdout=subprocess.PIPE, stderr=subprocess.PIPE, | |
| stdin=subprocess.PIPE) | |
| stdout, stderr = proc.communicate() |
NewerOlder