Skip to content

Instantly share code, notes, and snippets.

View jaredhaight's full-sized avatar

Jared Haight jaredhaight

399 followers · 4 following
View GitHub Profile
@jaredhaight
jaredhaight / why-i-took-down-faction.md
Created August 22, 2021 20:49
Why I took down Faction

Most OST development is focused on novel tricks, or the latest attack vector, a constant escalation of capabilities. Developing a novel technique is done in a vacuum and if the developer does spend any time researching and documenting detection around a technique, expanding the detection to a network of more than a 100 endpoints is typically a non-trivial task.

Developing mature detection and response capabilties in an organization is a monumental effort, it's not a big surprise that most organizations struggle to catch "boring" attacker techniques (creating scheduled tasks, adding local users to computers, modifyig groups, etc) and while these organzations struggle to keep up, the barier to entry on being an "advanced" attacker gets lower and lower as new tools and techniques come out.

It's easy to take the approach that these organizations that are struggling with infosec get whats coming to them. "Well, maybe they should take infosec seriously if they don't want to get hacked" or "The attacker could ha

@jaredhaight
jaredhaight / [email protected]
Last active March 19, 2021 20:49

I had the pleasure of meeting Ayan through the Share the Mic in Cyber campaign. Talking to her was an absolute blast and super humbling (a rare combination!), she's accomplished so much and still manages to get some sleep. Below are the tweets that we shared through my Twitter account. I wanted to collect them here cause it'd be a horrible shame if they just got lost in the timeline.

1/ Follow this thread as we highlight @ayanmislam as part of the #ShareTheMicInCyber campaign. I am proud to give this talented #cybersecurity practitioner the spotlight. #BlackNatSec #BlackTechTwitter https://sharethemicincyber.splashthat.com/

2/ Meet @ayanmislam, an incredibly talented cyber/infosec practitioner you should all know! A Somali native, who grew up in Kuwait and immigrated to the U.S. in pursuit of stability and the American Dream.

3/ As an avid learner, she certainly leverages her education to benefit every community she participates in. She has a @KogodBiz business degree, @G

@jaredhaight
jaredhaight / RedTeamThoughts.md
Created January 22, 2021 19:45
A response to a DM on twitter asking about making the transition from pentesting to red teaming

I think there’s a couple fronts that make a good red teamer. The technical side of being operator is less about knowing how to use tools (that’s easy to teach) and more about knowing how the technologies you’re attacking works. Having an understanding of how things work at a company gives you the context of how to attack and abuse it.

For example the stronger your sysadmin skills, the better you’re going to be at moving through an enterprise. Stuff like knowing how group policies work, having a solid understanding of AD. It’s all about having that context so you know how to abuse it. Having a development background gives you the context of how to abuse CI/CD systems and such. Knowing how kubernetes, how cloud works, gives you context on how to maneuver around it. Honestly, I don’t think I’ve used a single exploit in red teaming (which probably means I’ve left stuff on the table and made life harder for myself lol), it’s all been about finding and abusing misconfigurations in environments.

I think in a tru

@jaredhaight
jaredhaight / all_agents.graphql
Last active August 29, 2020 19:13
Stuff for Rebuilding Faction Series
query allAgents {
agents {
id
hostname
visible
agent_type {
name
id
}
transport {
@jaredhaight
jaredhaight / PPID Spoof & BlockDLLs
Created January 15, 2020 22:42 — forked from rasta-mouse/PPID Spoof & BlockDLLs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
{
class Program
{
static void Main(string[] args)
{
@jaredhaight
jaredhaight / kerberos_attacks_cheatsheet.md
Created August 28, 2019 02:52 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@jaredhaight
jaredhaight / Split-String.ps1
Last active November 7, 2018 14:17
PowerShell script to split a string into arbitrary sizes, formatting the string for use in C# or PowerShell
function Split-String {
param (
[Parameter(Mandatory = $true)]
[string]$String,
[int]$MinLength = 50,
[int]$MaxLength = 120,
[string]$VariableName = "data",
[ValidateSet("PowerShell", "CSharp")]
$Format = "PowerShell"
)
@jaredhaight
jaredhaight / Get-VideoLength.ps1
Last active May 9, 2019 01:04
Get Total Length of Time from a Directory of Videos
# Stolen from here: https://social.technet.microsoft.com/Forums/en-US/bad2dbb1-5deb-48b8-8f8c-45e2b353dba0/how-do-i-get-video-file-duration-in-powershell-script?forum=winserverpowershell#de6ee12a-1c1e-474f-b5ba-ece4b17e0144
function Get-VideoLength {
param (
$Path
)
if (-not $Path) {
$Path = (Get-Location).Path
}
@jaredhaight
jaredhaight / katz.cs
Created August 1, 2018 00:35
Updated Katz.cs - Latest Mimikatz, I mean honestly it is 2018...
This file has been truncated, but you can view the full file.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
/*
@jaredhaight
jaredhaight / bash_prompt.sh
Created July 29, 2018 18:50 — forked from insin/bash_prompt.sh
Set color bash prompt according to active virtualenv, git branch and return status of last command.
#!/bin/bash
#
# DESCRIPTION:
#
# Set the bash prompt according to:
# * the active virtualenv
# * the branch/status of the current git repository
# * the return value of the previous command
# * the fact you just came from Windows and are used to having newlines in
# your prompts.