Skip to content

Instantly share code, notes, and snippets.

View joshfinley's full-sized avatar
💭
yeet

Josh Finley joshfinley

💭
yeet
29 followers · 16 following
  • United States
View GitHub Profile
@joshfinley
joshfinley / AnalysisSetup.ps1
Created December 18, 2021 04:55
#Hex Editors
choco install hxd -y
#Debuggers
choco install x64dbg.portable -y
choco install ida-free -y
#Disassemblers
choco install ghidra -y
@joshfinley
joshfinley / RPIwithQEMU.md
Created January 21, 2022 14:18 — forked from plembo/RPIwithQEMU.md
Emulating a Raspberry Pi with QEMU

Emulating a Raspberry Pi with QEMU

Goal: Emulate a Raspberry Pi with QEMU in order to run the Raspbian O/S (based on Debian Linux).

The current setup is not ideal. For one thing, the maximum RAM allowed using the "versatile-pb" firmware is 256 Mb. In addition, only the most basic peripherals, a keyboard and mouse, are supported.

A number of articles have been written on this topic. Most are outdated, and the few recent ones are missing key information.

@joshfinley
joshfinley / Generic WDM driver source
Created May 17, 2022 16:34
#include <ntddk.h>
CONST WCHAR g_wzDeviceName[] = L"\\Device\\DriverDeviceName";
CONST WCHAR g_wzDosDeviceName[] = L"\\DosDevices\\DriverDosDeviceName";
UNICODE_STRING g_usDeviceName = { 0 };
UNICODE_STRING g_usDeviceLink = { 0 };
PDEVICE_OBJECT g_pDevObj = NULL;
VOID DriverUnload(
IN PDRIVER_OBJECT DriverObject
@joshfinley
joshfinley / rbcd_demo.ps1
Created March 8, 2023 22:20 — forked from HarmJ0y/rbcd_demo.ps1
Resource-based constrained delegation computer DACL takeover demo
# import the necessary toolsets
Import-Module .\powermad.ps1
Import-Module .\powerview.ps1
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account
whoami
# the target computer object we're taking over
$TargetComputer = "primary.testlab.local"
@joshfinley
joshfinley / base64_converter.py
Last active June 5, 2023 17:14
import sys
import base64
def xor_encrypt_decrypt(data, key):
encrypted_data = []
for byte in data:
encrypted_byte = byte ^ key
encrypted_data.append(encrypted_byte)
return bytes(encrypted_data)
@joshfinley
joshfinley / gist:f6bdf881934861c6f85d39e18159bb1e
Last active June 22, 2023 21:57
get-rbcd-opportunities
# Import the Active Directory module
Import-Module ActiveDirectory
# Define the domain name
$domainName = "yourdomain.com"
# Get all computer objects in the domain
$computerObjects = Get-ADComputer -Filter * -SearchBase "DC=$($domainName.Replace('.',',DC='))" -Properties Name
# Iterate over each computer object
@joshfinley
joshfinley / Get-GroupComputersFromCsv.ps1
Created June 26, 2023 13:54
Import-Module ActiveDirectory
# Specify the path to the CSV file
$csvPath = "input.csv"
# Initialize an empty array to store the results
$results = @()
# Read the CSV file and iterate over each row
$csvData = Import-Csv -Path $csvPath
@joshfinley
joshfinley / gist:2938f3f62eaea3a95d9043fedb0eefa7
Created June 26, 2023 14:17
Get-GroupDelegatedGenericAllFromGroupCsv.ps1
Import-Module ActiveDirectory
# Specify the path to the CSV file
$csvPath = "Groups.csv"
# Initialize an empty array to store the results
$results = @()
# Read the CSV file and iterate over each row
$csvData = Import-Csv -Path $csvPath
@joshfinley
joshfinley / ssh_http.py
Created August 4, 2023 15:06
import http.client
import socket
import select
import sys
import base64
import argparse
def main(proxy_host, proxy_port, dest_host, dest_port, auth_file=None):
# Set up authentication
auth = ''
@joshfinley
joshfinley / Get-AzFirewalls.ps1
Created September 20, 2023 18:07
# Initialize an empty array to hold firewall information
$allFirewalls = @()
# Get all subscriptions in the tenant
$subscriptions = Get-AzSubscription
# Loop through each subscription to gather Azure Firewall information
foreach ($subscription in $subscriptions) {
# Select the subscription for the Azure context
Set-AzContext -Subscription $subscription.Id