Skip to content

Instantly share code, notes, and snippets.

View t94j0's full-sized avatar
🤠
Breaking something or building something. It's all the same anyways

Max Harley t94j0

🤠
Breaking something or building something. It's all the same anyways
View GitHub Profile
@matterpreter
matterpreter / RpcParser.java
Last active March 9, 2022 00:21
Ghidra RPC procedure identification script
//Locate RPC procecures inside of server code
//@author Matt Hand (@matterpreter) based on original work by Sektor7 Labs (@reenz0h)
//@category Functions
//@keybinding
//@menupath
//@toolbar
import ghidra.app.script.GhidraScript;
import ghidra.program.model.block.*;
import ghidra.program.model.symbol.*;
@nbulischeck
nbulischeck / install-glibc-debug.sh
Last active October 22, 2024 14:44
Install glibc debug symbols on Arch Linux for pwndbg heap analysis
#!/bin/bash
# Install Dependencies
sudo pacman -S git svn gd lib32-gcc-libs patch make bison fakeroot
# Checkout glibc source
svn checkout --depth=empty svn://svn.archlinux.org/packages
cd packages
svn update glibc
cd glibc/repos/core-x86_64
@jaredcatkinson
jaredcatkinson / Test-Ticket.ps1
Created September 20, 2017 21:51
Script to test if a Ticket Granting Ticket (TGT) is forged (a Golden Ticket).
function Test-Condition
{
param
(
[Parameter(Mandatory = $true)]
[bool]
$Result,
[Parameter(Mandatory = $true)]
[string]
@jaredcatkinson
jaredcatkinson / Get-KerberosTicketGrantingTicket.ps1
Last active October 23, 2024 09:48
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
function Get-KerberosTicketGrantingTicket
{
<#
.SYNOPSIS
Gets the Kerberos Tickets Granting Tickets from all Logon Sessions
.DESCRIPTION
Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets.
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active October 1, 2024 18:37
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION