jaredcatkinson
/ Get-InjectedThread.ps1
Last active
October 1, 2024 18:37
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
jaredcatkinson
/ Get-KerberosTicketGrantingTicket.ps1
Last active
October 23, 2024 09:48
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosTicketGrantingTicket | |
| { | |
| <# | |
| .SYNOPSIS | |
| Gets the Kerberos Tickets Granting Tickets from all Logon Sessions | |
| .DESCRIPTION | |
| Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets. |
jaredcatkinson
/ Test-Ticket.ps1
Created
September 20, 2017 21:51
Script to test if a Ticket Granting Ticket (TGT) is forged (a Golden Ticket).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Test-Condition | |
| { | |
| param | |
| ( | |
| [Parameter(Mandatory = $true)] | |
| [bool] | |
| $Result, | |
| [Parameter(Mandatory = $true)] | |
| [string] |
nbulischeck
/ install-glibc-debug.sh
Last active
October 22, 2024 14:44
Install glibc debug symbols on Arch Linux for pwndbg heap analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Install Dependencies | |
| sudo pacman -S git svn gd lib32-gcc-libs patch make bison fakeroot | |
| # Checkout glibc source | |
| svn checkout --depth=empty svn://svn.archlinux.org/packages | |
| cd packages | |
| svn update glibc | |
| cd glibc/repos/core-x86_64 |
matterpreter
/ RpcParser.java
Last active
March 9, 2022 00:21
Ghidra RPC procedure identification script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Locate RPC procecures inside of server code | |
| //@author Matt Hand (@matterpreter) based on original work by Sektor7 Labs (@reenz0h) | |
| //@category Functions | |
| //@keybinding | |
| //@menupath | |
| //@toolbar | |
| import ghidra.app.script.GhidraScript; | |
| import ghidra.program.model.block.*; | |
| import ghidra.program.model.symbol.*; |