scudette
/ extended_attributes.ps1
Created
May 9, 2022 00:42
— forked from mgreen27/00_ntfs.ps1
Auscert 2022 NTFS Exercise setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Extended Attribute | |
| # 1. Download https://github.com/jschicht/EaTools to C:\PerfLogs (this step was run previously if you ran our setup script) | |
| https://github.com/jschicht/EaTools/raw/master/EaInject64.exe | |
| https://github.com/jschicht/EaTools/raw/master/EaQuery64.exe | |
| # 2. Add EA to file | |
| copy C:\Windows\System32\calc.exe C:\PerfLogs\calc.exe | |
| C:\PerfLogs\EaInject64.exe /Payload:C:\PerfLogs\calc.exe /Container:C:\PerfLogs\just_a_file.txt /Mode:0 /Identifier:NOTHINGTOSEEHERE |
scudette
/ w10pfdecomp.py
Created
July 22, 2020 07:58
— forked from dfirfpi/w10pfdecomp.py
Windows 10 Prefetch (native) Decompress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| # | |
| # Copyright 2015, Francesco "dfirfpi" Picasso <[email protected]> | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 |
scudette
/ Get-InjectedThread.ps1
Created
June 20, 2020 14:58
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
scudette
/ fsevents_windows.go
Created
May 1, 2020 13:37
— forked from pkrnjevic/fsevents_windows.go
Windows USN Journal sample in Go based on Jeffrey Richter's superb MSDN Journal article. A work in progress, intended to provide similar API to go.fsevents.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // File: fsevents_windows.go | |
| // Date: October 29, 2013 | |
| // Author: Peter Krnjevic <[email protected]>, on the shoulders of many others | |
| // | |
| // This code sample is released into the Public Domain. | |
| // | |
| package fsevents | |
| import ( |
scudette
/ slicemap_test.go
Created
March 17, 2019 02:42
— forked from grahamking/slicemap_test.go
Benchmark comparing map access vs slice search
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "math/rand" | |
| "testing" | |
| "time" | |
| ) | |
| const ( | |
| numItems = 100 // change this to see how number of items affects speed |