curi0usJack’s gists

curi0usJack / tmux aliases

Created March 21, 2020 15:37

	alias tmconf='vim ~/.tmux.conf'
	alias tmls='tmux ls'
	alias tmsess='tmux attach -t'
	alias tmcolors='for i in {0..255}; do printf "\x1b[38;5;${i}mcolor%-5i\x1b[0m" $i ; if ! (( ($i + 1 ) % 8 )); then echo ; fi ; done'
	alias tmnew='tmux new -s'
	alias tmload='tmux source-file ~/.tmux.conf'
	alias tmlayout='tmux list-windows \| sed -n "s/.layout $.$] @.*/\1/p"'
	alias mux='tmuxinator'

curi0usJack / convert.sh

Created April 29, 2019 22:22

	#!/bin/bash

	# Converts AD pwdlastset field to readable date
	# Kudos: https://www.adminsys.ch/2013/07/31/convert-active-directory-pwdlastset-attribute-readable-time/
	function convert {
	unixepoc=$((($1/10000000)-11644473600))
	adlastset=$(/bin/date -d "1970-01-01 ${unixepoc} sec GMT")
	echo -e ${adlastset}
	}

curi0usJack / sources.list

Created April 25, 2019 21:11 — forked from h0bbel/sources.list

/etc/apt/sources.list for Ubuntu 18.04.1 LTS Bionic Beaver

	# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
	# newer versions of the distribution.
	deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted
	# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic main restricted

	## Major bug fix updates produced after the final release of the
	## distribution.
	deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
	# deb-src http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted

curi0usJack / msbuild_ghostpack_seatbelt.txt

Created October 25, 2018 10:21

	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="NotSubTee">
	<BusinessTime />
	</Target>
	<UsingTask
	TaskName="BusinessTime"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<ParameterGroup/>
	<Task>

curi0usJack / aai_bash_aliases

Created August 17, 2018 22:45

Advanced Attack Infrastructure Training Aliases

	alias vim='sudo vim'
	alias nano='sudo nano'
	alias vi='sudo vi'
	alias aplog='sudo tail -f /var/log/apache2/CHANGEME.log'
	alias apedit='sudo nano /etc/apache2/sites-available/CHANGEME.conf'
	alias apstart='sudo service apache2 start'
	alias apstop='sudo service apache2 stop'
	alias apload='sudo service apache2 reload'

curi0usJack / cbapi-ps-lsass-loop.py

Last active August 23, 2018 13:16

	# Carbon Black Evil PowerShell LSASS Query
	#
	# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe
	#
	# Author: Jason Lang (@curi0usJack)
	#
	# Prereqs (Windows 10)
	# Install bash on Win10
	# sudo apt-get install python-pip
	# sudo pip install --upgrade requests

curi0usJack / calc2.sct

Created July 19, 2018 23:15

curi0usJack / calc.sct

Last active April 1, 2022 13:46

curi0usJack / graylog_custom_index_mapping.json

Created July 12, 2018 05:57

curi0usJack / graylog_sigma_queries

Last active October 3, 2019 17:28

	# This is not my work. All credit goes to https://github.com/Neo23x0/sigma. I just used the tool to convert to graylog format,
	# skipped over the errors, and added some carriage returns for ease of reading. If you see a blank rule, it means there was a conversion error.


	rules/application/appframework_django_exceptions.yml

	("SuspiciousOperation" OR "DisallowedHost" OR "DisallowedModelAdminLookup" OR "DisallowedModelAdminToField" OR "DisallowedRedirect" OR "InvalidSessionKey" OR "RequestDataTooBig" OR "SuspiciousFileOperation" OR "SuspiciousMultipartForm" OR "SuspiciousSession" OR "TooManyFieldsSent" OR "PermissionDenied")