@dtmsecurity dtmsecurity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| namespace ISeeSharpProcess | |
| { | |
| class Program | |
| { | |
| // Port of https://gist.github.com/mubix/1536156f06633a54e7f1f819d7fa740a | |
| static void GetCSharpProcess() | |
| { |
dtmsecurity
/ SPNs.qds
Created
August 14, 2020 09:27
Find user accounts with servicePrincipalName attribute set in native QDS file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CommonQuery] | |
| Handler=5EE6238AC231D011891C00A024AB2DBBC1 | |
| Form=E33FEE83D957D011B93200A024AB2DBBE6 | |
| [DsQuery] | |
| ViewMode=0413000017 | |
| EnableFilter=0000000000 | |
| [Microsoft.PropertyWell] | |
| Items=0000000000 | |
| QueryStringLength=4500000045 | |
| QueryStringValue=2800260028006F0062006A0065006300740043006C006100730073003D007500730065007200290028006F0062006A00650063007400430061007400650067006F00720079003D0070006500720073006F006E0029002900280073006500720076006900630065005000720069006E0063006900700061006C004E0061006D0065003D002A0029000000D7 |
dtmsecurity
/ goldfermi.py
Created
July 27, 2020 07:41
Integrate URLs scraped from liked tweets and Notion using the unofficial API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib | |
| from bs4 import BeautifulSoup | |
| import tweepy | |
| from urlextract import URLExtract | |
| from notion.client import NotionClient | |
| from notion.block import TodoBlock, BookmarkBlock | |
| import os | |
| from unshortenit import UnshortenIt | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $dotnetpath = "/usr/local/share/dotnet/dotnet"; | |
| $sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll"; | |
| $temppath = "/tmp/"; | |
| beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n"); | |
| alias sharpgen{ | |
| $executionId = "sharpgen_" . int(rand() * 100000); | |
| $temporaryCsharp = $temppath . $executionId . ".cs"; | |
| $executableFilename = $temppath . $executionId . ".exe"; |
dtmsecurity
/ getStager.py
Created
November 8, 2018 07:40
Simple test script to get a stager from Cobalt Strike External C2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import struct | |
| def recv_frame(sock): | |
| try: | |
| chunk = sock.recv(4) | |
| except: | |
| return("") | |
| if len(chunk) < 4: | |
| return() |
dtmsecurity
/ doh_test.sh
Last active
October 12, 2024 17:03
DNS over HTTPS (DoH) Resolver GET Test Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| printf "===START dns.google.com===\n" | |
| curl -k -H "accept: application/dns-json" "https://dns.google.com/resolve?name=example.com&type=AAAA" | |
| printf "\n===END dns.google.com===\n" | |
| printf "===START cloudflare-dns.com===\n" | |
| curl -k -H "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=example.com&type=AAAA" | |
| printf "\n===END cloudflare-dns.com===\n" | |
| printf "===START 1.1.1.1===\n" | |
| curl -k -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=example.com&type=AAAA" | |
| printf "\n===END 1.1.1.1===\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Implemented the reverse of the compact answer on: | |
| # https://stackoverflow.com/questions/1965065/encode-netbios-name-python/1965140 | |
| def netbios_encode(input_string): | |
| return ''.join([chr((ord(c)>>4)+ord('A'))+chr((ord(c)&0xF)+ord('A')) for c in input_string]) | |
| def netbios_decode(netbios): | |
| i = iter(netbios.upper()) | |
| try: | |
| return ''.join([chr(((ord(c)-ord('A'))<<4)+((ord(next(i))-ord('A'))&0xF)) for c in i]) |
dtmsecurity
/ mscache.py
Created
October 24, 2017 10:16
Needed a dirty way to convert mimikatz output for mscache to hashcat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import re | |
| # .\hashcat64.exe -m 2100 .\inhash.txt .\rockyou.txt | |
| if len(sys.argv[1]) > 0: | |
| fh = open(str(sys.argv[1]),"r") | |
| lines = fh.readlines() | |
| fh.close() |