git clone https://gist.github.com/6322759.git autosshd
cd autosshd
sudo ./install
Jym Cheong jymcheong
jymcheong
/ windows_hardening.cmd
Created
November 5, 2018 04:04
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: | |
| ::####################################################################### | |
| :: | |
| :: Change file associations to protect against common ransomware attacks | |
| :: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell | |
| :: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :) | |
| :: --------------------- | |
| ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" |
jymcheong
/ SysmonEventGUIDParser.ps1
Created
December 22, 2018 07:47
— forked from mattifestation/SysmonEventGUIDParser.ps1
Extracts fields from sysmon process and logon GUIDs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| $Epoch = Get-Date '01/01/1970' | |
| # Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/ | |
| $StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName | |
| $TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone) | |
| # Parse out all the LogonGUID fields for sysmon ProcessCreate events | |
| Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } | ForEach-Object { |
jymcheong
/ autosshd
Created
December 30, 2018 13:48
— forked from maratsh/autosshd
autosshd is the autossh daemon.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # autosshd This script starts and stops the autossh daemon | |
| # | |
| # chkconfig: 2345 95 15 | |
| # processname: autosshd | |
| # description: autosshd is the autossh daemon. | |
| # Source function library. | |
| . /etc/rc.d/init.d/functions |
jymcheong
/ README.markdown
Created
December 30, 2018 13:50
— forked from haku/README.markdown
autosshd
jymcheong
/ GetPEFeature.ps1
Created
February 5, 2019 09:16
— forked from mattifestation/GetPEFeature.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Get-PEFeature { | |
| <# | |
| .SYNOPSIS | |
| Retrieves key features from PE files that can be used to build detections. | |
| .DESCRIPTION | |
| Get-PEFeature extracts key features of PE files that are relevant to building detections. |
jymcheong
/ Invoke-RestMethod with cookie and header.ps1
Created
March 31, 2019 09:22
— forked from JohnRoos/Invoke-RestMethod with cookie and header.ps1
Invoke-RestMethod with cookies and headers
jymcheong
/ LoadInMemoryModule.ps1
Created
May 31, 2019 11:08
— forked from mattifestation/LoadInMemoryModule.ps1
A stealthier method of loading a .NET PE in memory - via the Assembly.LoadModule method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Domain = [AppDomain]::CurrentDomain | |
| $DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly') | |
| $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run) | |
| $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule') | |
| # Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into. | |
| $ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll') | |
| $TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public) | |
| $TypeBuilder.CreateType() | |
| $HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA |
jymcheong
/ secure-websockets
Created
July 26, 2019 13:17
— forked from casecode/secure-websockets
Basic Config for SSL with Secure Websockets using Nginx 1.6.0 + Puma + Thin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ========================= | |
| # /etc/nginx/nginx.conf | |
| ========================= | |
| user www-data; | |
| worker_processes 4; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 768; |
jymcheong
/ jaro-winkler.js
Created
April 7, 2021 00:50
— forked from jordanthomas/jaro-winkler.js
The Jaro-Winkler distance metric in JavaScript. See also: https://github.com/jordanthomas/jaro-winkler
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var distance = function(s1, s2) { | |
| var m = 0; | |
| // Exit early if either are empty. | |
| if ( s1.length === 0 || s2.length === 0 ) { | |
| return 0; | |
| } | |
| // Exit early if they're an exact match. | |
| if ( s1 === s2 ) { |
jymcheong
/ ReadingPortableExecutable_PE_header.cs
Created
April 20, 2021 06:51
— forked from augustoproiete/ReadingPortableExecutable_PE_header.cs
Reading the Portable Executable (PE) header in C#
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Credits: John Stewien | |
| // From: http://code.cheesydesign.com/?p=572 | |
| /* | |
| Reading the Portable Executable (PE) header in C# | |
| My job consists of writing fully custom applications for groups of people. The time pressure of these projects is quite high, so generally people start using the application while I’m still writing it, which means I write it modularly and add features as I go along. I also fix bugs as they are discovered. My clients are 2 tiered where expert users get a new build first, they test if for a while, and if they think it’s acceptable they then pass it on to others. | |
| This method of distribution is quite ad-hoc so when a client rings me up and asks me to view their screen to look at something, it’s useful to know what build they are running. To facillitate this I print the link date in the main Window Title so I instantly have an idea about how old the version is that I am looking at. This date is calculated at run time. To do this requires reading in the Portable Executable (PE) header from th |