Skip to content

Instantly share code, notes, and snippets.

@rc-abodkins
rc-abodkins / binary_analysis_hunting.py
Last active July 5, 2021 18:06
This script searches binaries within VMware Carbon Black EDR
import argparse
import os
import configparser
import csv
import sys
from os.path import exists
import requests
#Console Output coloring. Makes knowing if you have any errors/ warnings easier to identify
err_Col = '\033[91m'
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active October 1, 2024 18:37
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@mattifestation
mattifestation / wmi_provider_association.ps1
Last active August 16, 2022 05:14
Enumerates WMI providers, the DLLs that back the provider, and the classes hosted by the provider.
<#
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
#>
function Get-WmiNamespace {
[OutputType([String])]
Param (
[String]
[ValidateNotNullOrEmpty()]
@debedb
debedb / WrappedStreamingBody
Last active November 26, 2020 09:05
Wrap boto3's StreamingBody object to provide enough Python fileobj functionality fileobj functionality so that GzipFile is satisfied.
class WrappedStreamingBody:
"""
Wrap boto3's StreamingBody object to provide enough
fileobj functionality so that GzipFile is
satisfied. Sometimes duck typing is awesome.
@Neo23x0
Neo23x0 / config-client.xml
Last active May 17, 2021 04:14
Sysmon Base Configuration - Workstations
<!--
This is a Microsoft Sysmon configuration to be used on Windows workstations
v0.2.1 December 2016
Florian Roth (with the help and ideas of others)
The focus of this configuration is
- malware detection (execution)
- malware detection (network connections)
- exploit detection
It is not focussed on