- Generate PDF of Zed docs for offline reading.
- UR: https://zed.brimdata.io/docs
- Zed PDF docs doesn't exist / couldn't find after 10mins of searching.
- Run the following in cmd.exe
Sunny Chakraborty sunnyc7
sunnyc7
/ ChatGPT-Dan-Jailbreak.md
Created
July 15, 2024 01:53
— forked from coolaj86/ChatGPT-Dan-Jailbreak.md
sunnyc7
/ AuditPolicy.ps1
Created
May 13, 2024 18:03
Basic AuditPolicy config for WFP event generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Machine Name Policy Target Subcategory Subcategory GUID Inclusion Setting | |
| DESKTOP02 System IPsec Driver {0CCE9213-69AE-11D9-BED3-505054503030} No Auditing | |
| DESKTOP02 System Removable Storage {0CCE9245-69AE-11D9-BED3-505054503030} No Auditing | |
| DESKTOP02 System Other Object Access Events {0CCE9227-69AE-11D9-BED3-505054503030} No Auditing | |
| DESKTOP02 System Filtering Platform Connection {0CCE9226-69AE-11D9-BED3-505054503030} No Auditing | |
| DESKTOP02 System Filtering Platform Packet Drop {0CCE9225-69AE-11D9-BED3-505054503030} No Auditing | |
| DESKTOP02 System Certification Services {0CCE9221-69AE-11D9-BED3-505054503030} No Auditing | |
| DESKTOP02 System SAM {0CCE9220-69AE-11D9-BED3-505054503030} No Auditing |
sunnyc7
/ jqwerty.c
Created
February 21, 2024 19:01
— forked from odzhan/jqwerty.c
Jacky Qwerty/29A Compression Algorithm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Jacky Qwerty/29A compression algorithm, by Matt Mahoney | |
| // modified by odzhan | |
| // 2019-12-07 | |
| // | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #include <time.h> |
sunnyc7
/ WmiEventConsumerClassDerivation.ps1
Created
November 15, 2023 18:21
— forked from mattifestation/WmiEventConsumerClassDerivation.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-ActiveScriptEventConsumerClass { | |
| <# | |
| .SYNOPSIS | |
| Creates an ActiveScriptEventConsumer WMI class in the namespace of your choosing. | |
| .DESCRIPTION | |
| New-ActiveScriptEventConsumerClass creates a clone of the ActiveScriptEventConsumer WMI event consumer class using the class name and namespace name of your choosing. |
sunnyc7
/ SysmonEventGUIDParser.ps1
Created
November 15, 2023 18:19
— forked from mattifestation/SysmonEventGUIDParser.ps1
Extracts fields from sysmon process and logon GUIDs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| $Epoch = Get-Date '01/01/1970' | |
| # Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/ | |
| $StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName | |
| $TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone) | |
| # Parse out all the LogonGUID fields for sysmon ProcessCreate events | |
| Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } | ForEach-Object { |
sunnyc7
/ NTInsiderDownloader.ps1
Created
November 3, 2023 20:38
If you like NTInsider from OSR Systems, but don't like clicking things
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If you like reading NT Insider but don't like clicking. | |
| $savePDFTo = "$env:TEMP\NTInsider" | |
| $uri = "https://www.google.com/search?q=site:insider.osr.com+filetype:pdf+inurl:pdf&sca_esv=579237292&rlz=1C1CHBF_enUS1055US1055&sxsrf=AM9HkKlzAaBYLDpNc_IsOEqzno14_5ICyw:1699043261820&filter=0&biw=2327&bih=1210&dpr=1.1" | |
| $res = Invoke-WebRequest -UseBasicParsing -Uri $uri | |
| $pdf = $res.Links | where {$_ -match "PDF" -and $_ -match "insider.osr.com"} | |
| foreach ($f in $pdf) { | |
| $filtered = $f.href | where {$_ -match 'http://insider.osr.com/'} | |
| $pdfURL = (($filtered -split '&')[0] -split '=')[1] |
sunnyc7
/ DumpHex.c
Created
July 13, 2023 18:06
— forked from ccbrown/DumpHex.c
Compact C Hex Dump Function w/ASCII
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| void DumpHex(const void* data, size_t size) { | |
| char ascii[17]; | |
| size_t i, j; | |
| ascii[16] = '\0'; | |
| for (i = 0; i < size; ++i) { | |
| printf("%02X ", ((unsigned char*)data)[i]); | |
| if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') { | |
| ascii[i % 16] = ((unsigned char*)data)[i]; |
sunnyc7
/ env_var_spoofing_poc.cpp
Created
February 25, 2023 02:19
— forked from xpn/env_var_spoofing_poc.cpp
A very rough x64 POC for spoofing environment variables (similar to argument spoofing) with a focus on setting the COMPlus_ETWEnabled=0 var used to disable ETW in .NET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
| // setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
| // | |
| // Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
| // and then resuming the process. | |
| // | |
| // (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
| #define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
| #define INJECT_PARAM_LEN 43 |
sunnyc7
/ checkaslrfiles.py
Created
December 29, 2021 21:32
— forked from wdormann/checkaslrfiles.py
Python script to check for PE files linked with /DYNAMICBASE, but are not actually ASLR compatible due to missing relocation table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '''checkaslrfiles.py: Check for files that opt into ASLR with /DYNAMICBASE, | |
| but do not have a relocation table to allow ASLR to function. | |
| usage: checkaslrfiles.py <dir> | |
| ex: checkaslr.py "C:\Program Files\" | |
| requires: pefile <https://github.com/erocarrera/pefile>, which should be | |
| installable via: pip install pefile | |
| ''' |
NewerOlder