Skip to content

Instantly share code, notes, and snippets.

View natesubra's full-sized avatar

Nate Subra natesubra

63 followers · 208 following
View GitHub Profile
@natesubra
natesubra / docker-compose.yml
Last active August 20, 2022 18:14
unifi
# https://github.com/jacobalberty/unifi-docker
# I use volumes because I don't care about this data 😝
volumes:
init:
log:
services:
mongo:
image: mongo:4
@natesubra
natesubra / help.md
Created September 1, 2022 14:36 — forked from Neo23x0/help.md
Offensive Research Guide to Help Defense Improve Detection

Whenever you research a certain vulnerability ask yourself these questions and please answer them for us

Logging

Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)

Does a system service write a log?
(e.g. check with tail -f /var/log/messages)

@natesubra
natesubra / spoof_ppid.cpp
Created September 19, 2022 20:36
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <string>
#include <sstream>
using namespace std;
int main(int argc, char* argv[])
{
@natesubra
natesubra / Highlighted_Folders.css
Created November 21, 2022 20:29
Obsidian Highlighted Folders
.theme-dark {
/* ! Vault Title*/
--vtcolor1: rgb(130, 57, 226);
--vtcolor2: rgb(82, 236, 247);
/* ! Navigation Action Button*/
--nsvg: rgb(104, 112, 155);
/* ! Folder Container*/
--tfbwidth: 2px;
@natesubra
natesubra / build-rubeus.ps1
Created January 12, 2023 17:51
Build Rubeus and clean some indicators
$old_guid = '658C8B7F-3664-4A95-9572-A3E5871DFC06'
$new_guid = (New-Guid).ToString()
[string[]] $filetypes = "*.cs", "*.sln", "*.csproj"
ForEach ($filetype in $filetypes) {
$files = Get-ChildItem -Path $filetype -Recurse -File
ForEach ($file in $files) {
$content = Get-Content $file
$content = $content -Replace "$old_guid", "$new_guid"
@natesubra
natesubra / myhashing.ps1
Created January 24, 2023 06:17
function Get-StringHash {
param (
[Parameter(
Position=0,
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
[string] $ClearString,
[Parameter(Mandatory=$false)]
[ValidateSet('md5', 'sha1', 'sha256', 'sha384', 'sha512')]
@natesubra
natesubra / Invoke-gcloudssh.ps1
Created February 1, 2023 19:50
SSH from windows using the gcloud CLI without being forced to use putty
# [Adapted from source:](https://superuser.com/a/1558617/91960)
# SSH from windows using the gcloud CLI without being forced to use putty
# Assumes that gcloud project defaults are set and auth is configured
function Invoke-gcloudssh {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string] $instance_name
)
# get default command as string(--dry-run)
@natesubra
natesubra / inflate.ps1
Created June 6, 2023 03:55
Quick powershell port of inflate.py
#Requires -Version 5.0
# Credit: https://github.com/njcve/inflate.py
param(
[Parameter(Mandatory = $true)]
[string] $InputFile,
[Parameter(Mandatory = $true)]
[string] $OutputFile,
[Parameter(Mandatory = $true)]
@natesubra
natesubra / DogFoodExec.cs
Created July 17, 2023 22:12 — forked from xpn/DogFoodExec.cs
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
using System;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Linq;
namespace NautilusProject
{
internal class CombinedExec
{
public static IntPtr AllocMemory(int length)
@natesubra
natesubra / dotnet_unhook_etw.cs
Created July 17, 2023 22:12 — forked from xpn/dotnet_unhook_etw.cs
using System;
using System.Reflection;
using System.Runtime.InteropServices;
namespace test
{
class Win32
{
[DllImport("kernel32")]
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);