This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
This is a Microsoft Sysmon configuration to be used on Windows workstations | |
v0.2.1 December 2016 | |
Florian Roth (with the help and ideas of others) | |
The focus of this configuration is | |
- malware detection (execution) | |
- malware detection (network connections) | |
- exploit detection | |
It is not focussed on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class WrappedStreamingBody: | |
""" | |
Wrap boto3's StreamingBody object to provide enough | |
fileobj functionality so that GzipFile is | |
satisfied. Sometimes duck typing is awesome. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Author: Matthew Graeber (@mattifestation) | |
License: BSD 3-Clause | |
#> | |
function Get-WmiNamespace { | |
[OutputType([String])] | |
Param ( | |
[String] | |
[ValidateNotNullOrEmpty()] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import os | |
import configparser | |
import csv | |
import sys | |
from os.path import exists | |
import requests | |
#Console Output coloring. Makes knowing if you have any errors/ warnings easier to identify | |
err_Col = '\033[91m' |