Watson watson0x90

watson0x90 / customqueries.json

Created January 24, 2024 23:30 — forked from seajaysec/customqueries.json

bloodhound custom queries

	{
	"queries": [{
	"name": "List all owned users",
	"queryList": [{
	"final": true,
	"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
	}]
	},
	{
	"name": "List all owned computers",

watson0x90 / WSL2_VPN_Workaround_Instructions.md

Created March 16, 2021 16:48 — forked from machuu/WSL2_VPN_Workaround_Instructions.md

Workaround for WSL2 network broken on VPN

Overview

Internet connection and DNS routing are broken from WSL2 instances, when some VPNs are active. The workaround breaks down into two problems:

This problem is tracked in multiple microsoft/WSL issues including, but not limited to:

watson0x90 / Get-InjectedThread.ps1

Last active April 29, 2020 23:07 — forked from jaredcatkinson/Get-InjectedThread.ps1

Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone

	function Get-InjectedThread
	{
	<#

	.SYNOPSIS

	Looks for threads that were created as a result of code injection.

	.DESCRIPTION

watson0x90 / CompileInMemory.cs

Created July 23, 2019 20:55

Compile and run C# code in memory to avoid anti-virus. Taken from a C# ransomware sample: https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/ However, this will still execute csc.exe and drop a dll to %temp% https://twitter.com/Laughing_Mantis/status/991018563296157696

	using System;
	using System.Collections.Generic;
	using System.Text;
	using System.CodeDom.Compiler;
	using Microsoft.CSharp;
	using System.IO;
	using System.Reflection;
	namespace InMemoryCompiler
	{
	class Program

watson0x90 / Inject.cs

Created July 6, 2018 14:05

DotNetToJScript Build Walkthrough

	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using System.Text;

	public class TestClass
	{

	public TestClass()
	{}