wdormann wdormann
wdormann
/ rewrite.py
Created
March 9, 2023 17:43
mitmproxy rewrite rule to allow user to use personal login for Microsoft as opposed to org-controlled oauth
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##################################################### | |
| ## Content rewriting script for mitmproxy 4 | |
| ## Other versions of mitmproxy may not be compatible | |
| ##################################################### | |
| # | |
| # BEGIN LICENSE # | |
| # | |
| # CERT Tapioca | |
| # | |
| # Copyright 2018 Carnegie Mellon University. All Rights Reserved. |
wdormann
/ blockeddrivers-vt-annotated.xml
Last active
May 27, 2023 06:56
Microsoft recommended driver block rules, but annotated with samples that are present in VirusTotal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <ns0:SiPolicy xmlns:ns0="urn:schemas-microsoft-com:sipolicy"> | |
| <ns0:VersionEx>10.0.25310.0</ns0:VersionEx> | |
| <ns0:PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</ns0:PlatformID> | |
| <ns0:Rules> | |
| <ns0:Rule> | |
| <ns0:Option>Enabled:Unsigned System Integrity Policy</ns0:Option> | |
| </ns0:Rule> | |
| <ns0:Rule> | |
| <ns0:Option>Enabled:Advanced Boot Options Menu</ns0:Option> | |
| </ns0:Rule> |
wdormann
/ suspendvms.ps1
Created
November 28, 2022 14:15
Suspend running VMs, for use in Windows shutdown script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @(& "C:\Program Files (x86)\VMware\VMware Workstation\vmrun.exe" list | Select-String -Pattern ".vmx") | %{&"C:\Program Files (x86)\VMware\VMware Workstation\vmrun" suspend $_} |
wdormann
/ gist:f9552721166aaf2234b62e56f92a023f
Created
November 5, 2022 12:59
Turn off SmartScreen to avoid Windows 11 22H2 lack of prompting/scanning when opening files directly from ZIPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] | |
| "SmartScreenEnabled"="Off" |
wdormann
/ dangerous.reg
Created
August 11, 2022 12:50
Have Windows treat dangerous files as, well, dangerous. List courtesy @Laughing_Mantis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations] | |
| "HighRiskFileTypes"=".appinstaller;.application;.appx;.appxbundle;.diagcab;.diagpkg;.diagcfg;.fluid;.fxb;.glb;.gltf;.library-ms;.loop;.msix;.partial;.perfmoncfg;.pko;.ply;.ppkg;.qds;.rat;.resmoncfg;.search-ms;.searchConnector-ms;.settingcontent-ms;.stl;.symlink;.theme;.themepack;.UDL;.url;.wab;.wbcat;.wcx;.website;.whiteboard;.xbap;.ZFSendToTarget;" |
wdormann
/ diagcab_highrisk.reg
Created
June 7, 2022 17:34
Set .diagcab files as high risk in Windows to help mitigate DogWalk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations] | |
| "HighRiskFileTypes"=".diagcab" |
wdormann
/ unregister-msdt.reg
Created
May 30, 2022 12:54
Unregister ms-msdt to protect against recent Office 0day
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [-HKEY_CLASSES_ROOT\ms-msdt] |
wdormann
/ checkjndi.ps1
Last active
December 27, 2021 11:03
Check for JAR files that may be vulnerable to CVE-2021-44228
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script is deprecated. | |
| # See https://github.com/CERTCC/CVE-2021-44228_scanner for up-to-date scanners |
wdormann
/ checkjndi.py
Last active
December 22, 2021 16:28
Check for JAR files that may be vulnerable to CVE-2021-44228
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script is deprecated. | |
| # See https://github.com/CERTCC/CVE-2021-44228_scanner for up-to-date scanners |
wdormann
/ noappinstaller.reg
Last active
December 14, 2021 00:30
Prevent the ability to click on a ms-appinstaller: URI for the current user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Classes\ms-appinstaller] | |
| "URL Protocol"=- |