| # Script Name: DataTransformationLoader.py | |
| # Author: Ryan Watson | |
| # Gist Github: https://gist.github.com/Watson0x90 | |
| # Created on: 2025-04-03 | |
| # Last Modified: 2025-04-03 | |
| # Description: Data transformation loader for hacker-themed visualization | |
| # Purpose: This script is designed to create a hacker-themed data transformation visualization using the rich library. | |
| # Version: 1.0.0 | |
| # License: MIT License | |
| # Dependencies: rich |
| # This is a proof of concept for CVE-2020-5377, an arbitrary file read in Dell OpenManage Administrator | |
| # Proof of concept written by: David Yesland @daveysec with Rhino Security Labs | |
| # More information can be found here: | |
| # A patch for this issue can be found here: | |
| # https://www.dell.com/support/article/en-us/sln322304/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability | |
| from xml.sax.saxutils import escape | |
| import http.server | |
| import ssl | |
| import sys |
| import socket | |
| from concurrent.futures import ThreadPoolExecutor | |
| import ipaddress | |
| import argparse | |
| def parse_ports(file_path): | |
| """ | |
| Parses a file containing port numbers and ranges, expanding ranges into individual ports. | |
| """ | |
| ports = set() # Use a set to avoid duplicates |
You will use these queries within the Neo4j query dashboard and not from the Bloodhound interface. There are so many different ways to examine the data. The queries below are designed to help myself and others find unique things in the gathered Bloodhound data and make it useful.
MATCH (u:User)
WHERE u.description IS NOT NULL AND u.description <> "" AND u.description <> " "
return u.name, u.description
| metadata: | |
| language: v1-beta | |
| name: "Page source includes reference to polyfill[.]io" | |
| description: "Locate polyfill[.]io issues." | |
| author: "@watson0x90" | |
| tags: "cdn", "javascript", "polyfill", "exposure" | |
| given response then | |
| if {latest.response} matches "(https?:\/\/)?([a-z0-9-]+\.)*polyfill\.io(\/.*)?" then | |
| report issue: |
| # Script Name: BHSanitize.py | |
| # Author: Ryan Watson | |
| # Gist Github: https://gist.github.com/Watson0x90 | |
| # Created on: 2024-06-21 | |
| # Last Modified: 024-06-21 | |
| # Description: Designed to sanitize BloodHound JSON data by replacing Unicode escape sequences `\u` with `uni-` and base64 encoding invalid characters. | |
| # Version: 1.0.0 | |
| # License: MIT License | |
| # Usage: python BHSanitize.py |
| { | |
| "queries": [{ | |
| "name": "List all owned users", | |
| "queryList": [{ | |
| "final": true, | |
| "query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m" | |
| }] | |
| }, | |
| { | |
| "name": "List all owned computers", |
Internet connection and DNS routing are broken from WSL2 instances, when some VPNs are active. The workaround breaks down into two problems:
This problem is tracked in multiple microsoft/WSL issues including, but not limited to:
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Text; | |
| using System.CodeDom.Compiler; | |
| using Microsoft.CSharp; | |
| using System.IO; | |
| using System.Reflection; | |
| namespace InMemoryCompiler | |
| { | |
| class Program |