- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
Chris Farrell seajaysec
3xocyte
/ create_machine_account.py
Last active
February 21, 2023 03:50
simple script for experimenting with machine account creation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import sys | |
| import string | |
| import random | |
| # https://support.microsoft.com/en-au/help/243327/default-limit-to-number-of-workstations-a-user-can-join-to-the-domain | |
| # create machine account utility by @3xocyte | |
| # with thanks to Kevin Robertson for https://github.com/Kevin-Robertson/Powermad/blob/master/Powermad.ps1 |
This file has been truncated, but you can view the full file.
jeffmcjunkin
/ gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active
May 11, 2025 00:36
Useful Cypher queries for BloodHound
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer | |
| RETURN u.name | |
| That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership | |
| --------------- | |
| MATCH | |
| (U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer) | |
| WITH | |
| U.name as n, |
3xocyte
/ dementor.py
Last active
February 25, 2025 00:20
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
dirkjanm
/ getloggedon.py
Created
September 15, 2018 19:27
Simple script that uses impacket to enumerate logged on users as admin using NetrWkstaUserEnum and impacket
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Copyright (c) 2012-2018 CORE Security Technologies | |
| # | |
| # This software is provided under under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. | |
| # | |
| # Gets logged on users via NetrWkstaUserEnum (requires admin on targets). | |
| # Mostly adapted from netview.py and lookupsid.py | |
| # |
jhaddix
/ content_discovery_all.txt
Created
May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ | |
| --- |
edermi
/ snallygaster.txt
Created
April 26, 2018 18:47
snallygaster.txt - a wordlist to use with e.g. gobuster to query the same resources as @hannob's snallygaster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lfm.php | |
| .idea/WebServers.xml | |
| config/databases.yml | |
| .git/config | |
| .svn/entries | |
| CVS/Root | |
| server-status | |
| core | |
| sftp-config.json | |
| WS_FTP.ini |
ryan-wendel
/ smb_cme_credspray.sh
Last active
November 9, 2023 17:57
A wrapper around CrackMapExec to help prevent locking accounts when credential spraying SMB services.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| HOST="$1" | |
| USERS="$2" | |
| PASSWORDS="$3" | |
| SLEEP="$4" | |
| EMAIL="[email protected]" | |
| TEXT="[email protected]" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #set -x | |
| platform_version="x86x64" | |
| device_type="Linux-x86" | |
| device_uniqueid="jlester-nixos" | |
| # delete the csdXXXXXX temp files so they don't start piling up | |
| rm -f $1 | |
| exec curl \ | |
| --globoff \ | |
| --insecure \ |
