I hereby claim:
- I am jbarcia on github.
- I am josephbarcia (https://keybase.io/josephbarcia) on keybase.
- I have a public key whose fingerprint is 4700 BEC7 8292 C129 B57B 6CCF 3C65 8F3B BB27 3BE5
To claim this, I am signing this object:
jbarcia
jbarcia
/ keybase.md
Created
May 26, 2016 18:19
jbarcia
/ Get-DownloadedPEHashes.ps1
Created
August 11, 2016 14:26
— forked from et0x/Get-DownloadedPEHashes.ps1
Get the hashes of all exe / dll files downloaded from the internet. Checks for the Zone.Identifier ADS and ensures the value is 3.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-DownloadedPEHashes | |
| { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$true, Position=0)] | |
| [String]$Path, | |
| [Switch]$Recursive = $true | |
| ) | |
| if (!$Path.EndsWith('\')) |
jbarcia
/ netbios-brute-local.rb
Created
August 15, 2016 22:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # -*- coding: binary -*- | |
| # | |
| # Poison a system's NetBIOS resolver for the WPAD name (not BadTunnel) | |
| # | |
| # Usage: ruby netbios-brute-local.rb <evil-wpad-server> <target-ip> <target-port> <pps> | |
| # Contact: x[at]hdm.io | |
| # License: https://opensource.org/licenses/BSD-2-Clause | |
| # |
jbarcia
/ netbios-brute-nat.rb
Created
August 15, 2016 22:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # -*- coding: binary -*- | |
| # | |
| # Poison a system's NetBIOS resolver for the WPAD name from outside NAT (not BadTunnel) | |
| # | |
| # Usage: ruby netbios-brute-nat.rb <evil-wpad-server> <pps> | |
| # Contact: x[at]hdm.io | |
| # License: https://opensource.org/licenses/BSD-2-Clause | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| namespace Export | |
| { | |
| class Test | |
| { |
jbarcia
/ Kali 2016.1, Docker Install script
Created
October 24, 2016 19:23
— forked from apolloclark/Kali 2016.1, Docker Install script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # update apt-get | |
| export DEBIAN_FRONTEND="noninteractive" | |
| sudo apt-get update | |
| # remove previously installed Docker | |
| sudo apt-get purge lxc-docker* | |
| sudo apt-get purge docker.io* |
jbarcia
/ SQL Server UNC Path Injection Cheatsheet
Created
November 10, 2016 13:54
— forked from nullbind/SQL Server UNC Path Injection Cheatsheet
SQL Server UNC Path Injection Cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is a list of SQL Server commands that support UNC path [injections] by default. | |
| The injections can be used to capture or replay the NetNTLM password hash of the | |
| Windows account used to run the SQL Server service. The SQL Server service account | |
| has sysadmin privileges by default in all versions of SQL Server. | |
| Note: This list is most likely not complete. | |
| ----------------------------------------------------------------------- | |
| -- UNC Path Injections Executable by the Public Fixed Server Role | |
| ----------------------------------------------------------------------- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Invoke-Kerberoast.ps1 | |
| Author: Will Schroeder (@harmj0y), @machosec | |
| License: BSD 3-Clause | |
| Required Dependencies: None | |
| Credit to Tim Medin (@TimMedin) for the Kerberoasting concept and original toolset implementation (https://github.com/nidem/kerberoast). | |
| Note: the primary method of use will be Invoke-Kerberoast with various targeting options. |
jbarcia
/ pshell_template_embedded_script.xml
Created
December 21, 2016 13:00
— forked from xorrior/pshell_template_embedded_script.xml
MSBuild Powershell Script XML template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml --> | |
| <!-- Author: Casey Smith, Twitter: @subTee --> | |
| <!-- License: BSD 3-Clause --> | |
| <PropertyGroup> | |
| <FunctionName Condition="'$(FunctionName)' == ''">None</FunctionName> | |
| <Cmd Condition="'$(Cmd)' == ''">None</Cmd> | |
| </PropertyGroup> | |
| <Target Name="Hello"> |
jbarcia
/ CertificateSubjectToPEGrouping.ps1
Created
December 31, 2016 03:59
— forked from mattifestation/CertificateSubjectToPEGrouping.ps1
Can you trust everything that's signed on your host? This might help you begin to answer that question.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get-SystemDriver requires the ConfigCI module on Win10 Enterprise | |
| # This will collect all signer information for all PEs in C:\ | |
| # This will take a while!!! | |
| $Signers = Get-SystemDriver -ScanPath C:\ -UserPEs | |
| # Associate the subject name of each certificate to the file/signer info | |
| # so we can correlate the two. | |
| $CertSubjectMapping = $Signers | % { | |
| $Signer = $_ |
OlderNewer