Skip to content

Instantly share code, notes, and snippets.

View darkquasar's full-sized avatar

darkquasar darkquasar

View GitHub Profile
@Neo23x0
Neo23x0 / annotations.xml
Last active November 12, 2024 01:34
Sources for APT Groups and Operations Search Engine
<?xml version="1.0" encoding="UTF-8"?>
<Annotations start="0" num="171" total="171">
<Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag">
<Label name="_cse_turlh5vi4xc"/>
<AdditionalData attribute="original_url" value="https://www.bussink.net/"/>
</Annotation>
<Annotation about="*.thedfirreport.com/*" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI">
<Label name="_cse_turlh5vi4xc"/>
<AdditionalData attribute="original_url" value="https://thedfirreport.com/"/>
</Annotation>
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active October 1, 2024 18:37
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active November 17, 2024 06:10
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@jaredcatkinson
jaredcatkinson / Get-Hash.ps1
Last active March 15, 2024 17:05
PowerShell v2 port of the Get-FileHash function. This version of Get-Hash supports hashing files and strings.
function Get-Hash
{
<#
.SYNOPSIS
Get-Hash is a PowerShell Version 2 port of Get-FileHash that supports hashing files, as well as, strings.
.PARAMETER InputObject
This is the actual item used to calculate the hash. This value will support [Byte[]] or [System.IO.Stream] objects.
@jaredcatkinson
jaredcatkinson / Add-ACECertificate.ps1
Last active February 24, 2024 15:17
PowerShell script to query the ACE Certificate Authority (CA) for the CA's public key and add the public key to the system's local cert store
function Add-ACERootCertificate
{
param
(
[Parameter(Mandatory = $true)]
[string]
$ServerIp,
[Parameter()]
[Int32]
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active February 9, 2024 14:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@webframp
webframp / CVE-2019-19781-firstresponse.md
Last active January 18, 2020 01:00
CVE-2019-19781 - Live Response First Steps from @darkQuassar

CVE-2019-19781 Response steps - Have I been compromised?

Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution

Credit: Suggested steps taken from twitter post by @darkQuassar

Just converted to copy/pastable gist for easy access

Check the root user command history