Samirbous
/ disabled services
Created
June 19, 2023 13:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Top 1000 values of registry.path",Count | |
| "HKLM\SYSTEM\ControlSet001\Services\WinDefend\Start","1,483" | |
| "HKLM\SYSTEM\ControlSet001\Services\UsoSvc\Start","1,477" | |
| "HKLM\SYSTEM\ControlSet001\Services\WaaSMedicSvc\Start","1,477" | |
| "HKLM\SYSTEM\ControlSet001\Services\wuauserv\Start","1,477" | |
| "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\Sense\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\WdBoot\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\WdFilter\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv\Start",6 |
Mayfly277
/ EncodeAssembly.ps1
Last active
March 18, 2025 11:10
This script is a modification of the one from @snovvcrash website : https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/dotnet-reflective-assembly and some code of PowerSharpPack. This is made to package some bniaries to powershell.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-EncodeAssembly | |
| { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$true)] | |
| [String] | |
| $binaryPath, | |
| [Parameter(Mandatory=$true)] | |
| [String] |
tothi
/ minimal-defender-bypass.profile
Last active
April 1, 2025 22:38
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
AvasDream
/ oscp_prep.md
Last active
February 5, 2025 04:40
Resource for OSCP like HTB Boxes with Ippsec Videos and Writeups.
rc9000
/ pg-fail2ban.md
Last active
November 29, 2024 21:33
postgres fail2ban configuration with user locking
Needs fail2ban 0.10+. See https://github.com/fail2ban/fail2ban/wiki/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc. for more information.
Motivated by this discussion on pgsql-general: https://www.postgresql.org/message-id/61463e206b7c4c0ca17b03a59e890b78%40lmco.com
[postgres-lockuser]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
Geoyi
/ install virtualenv ubuntu 16.04.md
Created
September 16, 2017 12:19
— forked from frfahim/install virtualenv ubuntu 16.04.md
How to install virtual environment on ubuntu 16.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import requests | |
| import hashlib | |
| import re | |
| username = '' ###账号### | |
| password = ''###密码### | |
| UA = "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) \ | |
| Chrome/27.0.1453.116 Safari/537.36" | |
| headers = { |
NewerOlder