With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Fabian Bader f-bader
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
OmerMicrosoft
/ Create-ClientsWithNoAssociatedSiteReport.ps1
Last active
July 3, 2023 18:37
Create Clients With No Associated Site Report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Get Domain Controllers for current domain | |
| $DCs = Get-ADGroupMember "Domain Controllers" | |
| #Initiate the clients array | |
| $Clients = @() | |
| Foreach ($DC in $DCs) { | |
| #Define the netlogon.log path | |
| $NetLogonFilePath = "\\" + $DC.Name + "\C$\Windows\debug\netlogon.log" | |
| #Reading the content of the netlogon.log file | |
| try {$NetLogonFile = Get-Content -Path $NetLogonFilePath -ErrorAction Stop} | |
| catch {"Error reading $NetLogonFilePath"} |
bandrel
/ check_hashes.py
Last active
November 5, 2024 06:12
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller | |
| #Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH::: | |
| # ./check_hashes.py <hash_dump> | |
| import argparse | |
| import re | |
| parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords") |
Sarafian
/ Disconnect-RemoteSessions.ps1
Last active
June 15, 2018 12:21
This scripts uses the quser to scan for session on a remote computer and then rwinsta to disconnect it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Disconnects your user from remote computers | |
| .DESCRIPTION | |
| This scripts uses the quser to scan for session on a remote computer and then rwinsta to disconnect it | |
| .NOTES | |
| .LINK |
plentz
/ nginx.conf
Last active
October 22, 2025 16:10
Best nginx configuration for improved security(and performance)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
aaronshaf
/ bookmarklet-expanded.js
Last active
May 13, 2024 14:35
Copy text from Amazon's Cloud Reader. Helpful for students that need block quotes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: (function () { | |
| new_window = window.open(); | |
| new_window.document.body.innerHTML = $("iframe") | |
| .contents() | |
| .find("iframe") | |
| .contents() | |
| .find("body") | |
| .get(1).innerHTML; | |
| new_window.document.body.querySelector("#content-overlays").remove(); | |
| })(); |
NewerOlder