#input: [domain]\[hostname]
(?P<name_domain>^[^\\/:*?\"<>|]*\w{1,63})\\(?P<name_root>[^\\/:*?\"<>|]*\w{1,63}$)
#Splunk rex:
| rex field=name "(?P^[^\\/:*?\"<>|]*\w{1,63})\\\(?P[^\\/:*?\"<>|]*\w{1,63}$)"
mbrownnycnyc
mbrownnycnyc
/ list_of_valuable_sites.txt
Created
October 17, 2019 12:38
List of sites that are valuable for cross-password checks for pentests. They may or may not have 2FA.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Proofpoint secure share: | |
| https://secureshare.proofpoint.com/share/Main.htm |
mbrownnycnyc
/ readme.txt
Last active
August 29, 2024 12:38
Documenting my attempt to run pop!_os on a Surface Book gen 1 with Nvidia GPU base.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #references | |
| I noticed that https://github.com/kitakar5525 also has a Surface Book Gen 1, which is great, because he's a kernel dev, and I am not. | |
| # prep work | |
| Make sure you have your bitlocker recovery key. This is VERY important if you want to mess around with boot settings in Windows 10. Once you disable secure boot, Windows will prompt you for this key. You could also have disabled Bitlocker, but why? | |
| Download the pop!_os nvidia iso. I am working with 1804 LTS. | |
| Download etcher and avoid the headache and use a USB stick to flash not an SD card. | |
| Use diskmgmt.msc (etc) to shrink your Windows partition so you free some space. I have a 512GB disk with a 400GB partition used for Windows system, but I'm only using about 100GB. I split that in half and freed 200GB in unallocated space for the pop!_os instance. | |
| # Create a new EFI Partition and create new Windows EFI files for the running Windows instance |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form> | |
| <label>Activity Audit</label> | |
| <fieldset submitButton="false"> | |
| <input type="time" token="time" searchWhenChanged="true"> | |
| <label>Time Range</label> | |
| <default> | |
| <earliest>-60m@m</earliest> | |
| <latest>now</latest> | |
| </default> | |
| </input> |
mbrownnycnyc
/ reconcile-nexposestagingpc.ps1
Last active
June 19, 2019 18:41
A script to take members of an OU, look them up in Nexpose, and report on tagging status of these. The tags can then be used to adjust assets reported upon. This client had many machines that were powered off, but were once scanned (aka are managed assets) that they want to consider in some reports, but not all. This allows them to deal with ass…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <#1) copy over Rapid7Nexpose and Indented.Net.IP to a path in $env:psmodulePath, and install the OrionSDK https://github.com/solarwinds/OrionSDK/releases | |
| 2) store your password in a securestring | |
| # https://blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials/ | |
| $nscusername = "matt.brown" | |
| $(read-host -assecurestring | convertfrom-securestring) | out-file .\Desktop\nscsstr.txt | |
| #the securestring is encrypted against the personal key of the user for which is run using DPAPI | |
| # https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Security/ConvertFrom-SecureString?view=powershell-5.1#description | |
| # http://www.griffinscs.com/?p=12 |
mbrownnycnyc
/ reconcile-ipamsupernetswithnexposesites.ps1
Created
May 21, 2019 19:48
A script to get subnets from IPAM, set Sites included_targets from Nexpose, and reconcile the two.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script contains functions that will use a few APIs in order to query subnet data from Orion's Solarwinds IPAM and Rapid7's Nexpose/InsightVM. | |
| .DESCRIPTION | |
| To setup the environment, perform the following: | |
| 1) find a host that supports powershell and can run scheduled tasks (note that securestrings are only secure on Windows platforms according to docs: https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.8#how-secure-is-securestring) | |
| 2) copy over Rapid7Nexpose and Indented.Net.IP to a path in $env:psmodulePath, and install the OrionSDK https://github.com/solarwinds/OrionSDK/releases |
mbrownnycnyc
/ test-subnetiscontained.ps1
Last active
May 21, 2019 19:44
checks if a subnet is contained, using https://www.indented.co.uk/powershell-subnet-math/ Indented.Net.IP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function test-subnetiscontained { | |
| [CmdletBinding()] | |
| param ( | |
| [ipaddress] $needleip, | |
| [ipaddress] $needlemask, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $userfqdn = "matt-surface\scanner" | |
| $targetfolder = "C:\Users\Matt\Desktop\hassio" | |
| $acl = get-acl $targetfolder | |
| $acl.setaccessruleprotection($false, $false) | |
| # FileSystemRights enum: https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=netframework-4.7.2 | |
| # InheritanceFlags enum: https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.inheritanceflags?view=netframework-4.7.2 | |
| $ruleReadOnly = New-Object System.Security.AccessControl.FileSystemAccessRule($userfqdn,"ReadAndExecute", "ContainerInherit, ObjectInherit", "None", "Allow") |
mbrownnycnyc
/ lookup-wellknownsid.ps1
Last active
January 14, 2019 17:59
A quick script that provides lookups of well known SIDs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function lookup-wellknownsid { | |
| [cmdletbinding()] | |
| param ( | |
| $sid | |
| ) | |
| #https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems | |
| $wellknownsids = @" |
mbrownnycnyc
/ nexpose-restfulapi.ps1
Created
January 3, 2019 17:35
powershell script for object comparison for Nexpose/InsightVM discovered open ports custom report. Didn't drink enough coffee during this one, and sprinted to the end. Updates to come: support for 2FA, would like to make more DRY.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# https://help.rapid7.com/insightvm/en-us/api/index.html | |
| -- open ports custom report -- | |
| SELECT da.ip_address, da.host_name, dos.name AS OS, dos.version AS os_version, das.port, dp.name AS protocol, ds.name AS service, dsf.name AS service_name, dsf.version AS service_version | |
| FROM dim_asset_service das | |
| JOIN dim_service ds USING (service_id) | |
| JOIN dim_protocol dp USING (protocol_id) | |
| JOIN dim_asset da USING (asset_id) | |
| JOIN dim_operating_system dos USING (operating_system_id) | |
| JOIN dim_service_fingerprint dsf USING (service_fingerprint_id) |