Skip to content

Instantly share code, notes, and snippets.

View cutaway's full-sized avatar

Don C. Weber cutaway

View GitHub Profile
@cutaway
cutaway / Get-ServicesExePerms.ps1
Created July 23, 2024 15:20
Test the permissions for the service executables and directories.
########################
# Get-ServicesExePerms.ps1: Test the permissions for the service executables and directories.
# Author: Don C. Weber (cutaway)
# Date: 20240723
#
########################
$sf = (Get-CimInstance -ClassName Win32_Service).PathName | ForEach-Object { ( ( ( $_ -Split '.exe' )[0] -replace '^"') + '.exe' ).tolower() } | Sort-Object | Get-Unique | ForEach-Object { if ( Test-Path -Path "$_" -PathType Leaf ) { $_ } }
#$rights = @("FullControl","Modify","Write","Read","ReadAndExecute","Synchronize")
@cutaway
cutaway / Sim-PSEncFiles.ps1
Created July 21, 2024 23:38
This PS script will encrypt all of the files in a target folder to a selected location.
######################
# Sim-PSEncFiles.ps1: Simulate file encrption using PSRemoting
# Purpose: This PS script will encrypt all of the files in a target
# folder to a selected location. The purpose of this script
# is to perform actions similar to the actions performed by
# ransomware. These actions will touch a large number of files,
# create new files with different extension, and encrypt the
# file to a new location. The original file is not modified
#
# Author: Don C. Weber (cutaway)
@cutaway
cutaway / gist:8d44fa81fafab86fae8d0ed8f0a473bc
Created February 4, 2022 06:09
Mitmdump SSL Creds Dumper
from mitmproxy import http
import paramiko
# Original Example: https://stackoverflow.com/questions/27369144/use-mitmproxy-to-translate-a-form-key-value-to-a-body-post
DEBUG = False
#DEBUG = True
class GetRTUCreds:
localhost = '127.0.0.1'
@cutaway
cutaway / disable_windows_defender_powershell.txt
Created June 26, 2021 18:34
Disable Windows Defender Powershell
Disable Windows Defender
NOTE: These settings may be permeant.
• Get-MpComputerStatus
• Set-MpPreference -DisableRealtimeMonitoring $true
• Set-MpPreference -DisableBehaviorMonitoring $true
• Set-MpPreference -DisableIntrusionPreventionSystem $true
• Set-MpPreference -DisableIOAVProtection $true
• Set-MpPreference -DisableScriptScanning $true
• Get-MpComputerStatus
###########################
# Bash ~/.bashrc
###########################
function CONPS() {
n=$1
export PS1='\n$n \D{%F %T}\n> '
}
alias consult00='CONPS Consult00; cd ~/Documents/consult00'
@cutaway
cutaway / iptables_monitor.sh
Created December 16, 2020 20:32
Script to use IPTables to prevent outbound traffic when using network taps and monitoring network traffic.
#!/bin/bash
ipt4='/sbin/iptables'
ipt6='/sbin/ip6tables'
for i in $ipt4 $ipt6; do
# Flush Rules
echo 'Flushing IPTables: ' $i
$i -F
$i -X
@cutaway
cutaway / PowerView-3.0-tricks.ps1
Created October 29, 2020 23:07 — forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@cutaway
cutaway / aws_testing_steps.md
Last active October 15, 2020 14:44
AWS Testing Steps
# Vendor Documentation
* User manauals and administrative documents for all equiment
# Python Tools
* CPPPO - CIP module
* pyModbus - modbus module
* OPCUA - opc-ua module