Skip to content

Instantly share code, notes, and snippets.

View natesubra's full-sized avatar

Nate Subra natesubra

58 followers · 206 following
View GitHub Profile
@filmor
filmor / Initialize CLR via ctypes.ipynb
Last active December 30, 2022 18:34
Initialize CLR via ctypes
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@mattifestation
mattifestation / PSProcmon.psm1
Last active May 9, 2023 20:36
# These keyword values can be obtained with: logman query providers Microsoft-Windows-Kernel-Registry
[Flags()]
enum RegistryOptions {
CloseKey = 0x00000001
QuerySecurityKey = 0x00000002
SetSecurityKey = 0x00000004
EnumerateValueKey = 0x00000010
QueryMultipleValueKey = 0x00000020
SetInformationKey = 0x00000040
FlushKey = 0x00000080
@mattifestation
mattifestation / TLGMetadataParser.psm1
Last active April 17, 2025 14:01
Retrieves TraceLogging metadata from a file.
#requires -version 5
<#
The things you find on Google searching for specific GUIDs...
Known Keyword friendly names:
"UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328"
"UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664"
"UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832"
"UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648"
@matterpreter
matterpreter / abandonedInprocServer32.cs
Created October 30, 2018 14:01
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Management;
namespace ComAbandonment
{
public class ComAbandonment
{
@HarmJ0y
HarmJ0y / cobaltstrike_sa.txt
Created September 28, 2018 22:22
Cobalt Strike Situational Awareness Commands
Windows version:
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Users who have authed to the system:
ls C:\Users\
System env variables:
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Saved outbound RDP connections:
@Brainiarc7
Brainiarc7 / fix-intel_wifi_aer-avell_g1513_fire_v3
Created July 16, 2018 13:21 — forked from flisboac/ fix-intel_wifi_aer-avell_g1513_fire_v3
Temporary fix for AER's excessive `severity=Corrected` logging for Intel Wireless (Avell G1513 Fire V3) (Arch Linux)
silly gist hack, why do we need you? :(
@tavinus
tavinus / rem_proxmox_popup.sh
Last active December 22, 2024 00:21
Remove PROXMOX 5.x / 6.x / 7.3-4 subscription message popup
#!/bin/sh
#######################################################
#
# Edits the proxmox Subscription file to make it
# think that it has a Subscription.
#
# Will disable the annoying login message about
# missing subscription.
#
@kevinblumenfeld
kevinblumenfeld / Types.md
Last active December 6, 2024 23:45

Credit: Mark Kraus
Website: https://get-powershellblog.blogspot.com

Collection Type Guidence

When to use what

  • Use Arrays if you know the element types and have a fixed length and/or known-up-front collection size that will not change.
  • Use ArrayList if you have an unkown collection size with either unknown or mixed type elements.
  • Use a Generic List when know the type of the elements but not the size of the collection.
  • Use a HashTable if you are going to do key based lookups on a collection and don't know the object type of the elements.
  • Use a Dictionary<TKey, TValue> you are going to do key based lookups on a collection and you know the type of the elements.
  • Use a HashSet when you know the type of elements and just want unique values and quick lookups and assignmnets.
@mattifestation
mattifestation / PowerShellDSCLateralMovement.ps1
Created March 4, 2018 23:24
# This idea originated from this blog post on Invoke DSC Resources directly:
# https://blogs.msdn.microsoft.com/powershell/2015/02/27/invoking-powershell-dsc-resources-directly/
<#
$MOFContents = @'
instance of MSFT_ScriptResource as $MSFT_ScriptResource1ref
{
ResourceID = "[Script]ScriptExample";
GetScript = "\"$(Get-Date): I am being GET\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
TestScript = "\"$(Get-Date): I am being TESTED\" | Out-File C:\\Windows\\Temp\\ScriptRun.txt -Append; return $True";
@f3l3gy
f3l3gy / daemon.json
Last active January 4, 2024 11:00
Proxmox minimal docker host lxc container
{
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"],
"registry-mirrors": [],
"insecure-registries": [
"172.16.197.20:5000"
]
}