jymcheong

=========================
# /etc/nginx/nginx.conf
=========================

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
  worker_connections 768;

jymcheong

[DllImport("user32.dll", CharSet = CharSet.Unicode)]
private static extern int GetWindowText(IntPtr hWnd, StringBuilder strText, int maxCount);

[DllImport("user32.dll", CharSet = CharSet.Unicode)]
private static extern int GetWindowTextLength(IntPtr hWnd);

[DllImport("user32.dll")]
private static extern bool EnumWindows(EnumWindowsProc enumProc, IntPtr lParam);

// Delegate to filter which windows to include 

jymcheong

public class WinAPIFunctions
{
    //Used to get Handle for Foreground Window
    [DllImport("user32.dll", CharSet = CharSet.Auto)]
    private static extern IntPtr GetForegroundWindow();

    //Used to get ID of any Window
    [DllImport("user32.dll", CharSet = CharSet.Auto)]
    private static extern int GetWindowThreadProcessId(IntPtr hWnd, out int lpdwProcessId);
    public delegate bool WindowEnumProc(IntPtr hwnd, IntPtr lparam);

jymcheong

<!DOCTYPE html>
<html>
    <head>
        <title>Simple Echo Example</title>
        <script>
            var ws = new WebSocket('ws://127.0.0.1:8808/');
            ws.onmessage = function(event) {
                document.getElementById('msgBox').innerHTML = event.data;
            }
            function send()

jymcheong

$Domain = [AppDomain]::CurrentDomain
$DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly')
$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule')
# Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into.
$ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll')
$TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public)
$TypeBuilder.CreateType()
$HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA

jymcheong

# Example of how to use Invoke-RestMethod with headers and cookies

$Credential = Get-Credential # Your credential goes here

[System.Uri]$Uri = "http://server01.example.com/api/pizza/1" # Add the Uri
$ContentType = "application/json" # Add the content type
$Method = 'PUT' # Add the method type
$Body = '{ "id" = 1, "Name" = "Peperoni" }' # Add the body for the request

$Cookie = New-Object System.Net.Cookie

jymcheong

using System;
using WebSocket4Net;

namespace websocket
{
    class Program
    {
        static void Main(string[] args)
        {
            using (var ws = new WebSocket("ws://1.2.3.4:8080/"))

jymcheong

    public static class DevicePathMapper
    {
        [DllImport("Kernel32.dll", CharSet = CharSet.Unicode)]
        private static extern uint QueryDosDevice([In] string lpDeviceName, [Out] StringBuilder lpTargetPath, [In] int ucchMax);

        public static string FromDevicePath(string devicePath)
        {
            var drive = Array.Find(DriveInfo.GetDrives(), d => devicePath.StartsWith(d.GetDevicePath(), StringComparison.InvariantCultureIgnoreCase));
            return drive != null ?
                devicePath.ReplaceFirst(drive.GetDevicePath(), drive.GetDriveLetter()) :

jymcheong

filter Get-PEFeature {
<#
.SYNOPSIS

Retrieves key features from PE files that can be used to build detections.

.DESCRIPTION

Get-PEFeature extracts key features of PE files that are relevant to building detections.

jymcheong

autosshd

Install

git clone https://gist.github.com/6322759.git autosshd
cd autosshd
sudo ./install