Skip to content

Instantly share code, notes, and snippets.

View zaneGittins's full-sized avatar

Zane Gittins zaneGittins

27 followers · 45 following
View GitHub Profile
@zaneGittins
zaneGittins / StompTime.ps1
Last active August 5, 2019 21:20
StompTime
# Author: (@ZGittins, https://github.com/zaneGittins)
# Useful PowerShell cmdlet for penetration tests which involve maintaining persistence & lateral movement.
# This script uses a reference file - Why? It is easy to flag a file as an anomoly if all the nanoseconds are zero'd out.
function Set-StompedTime {
[CmdletBinding()]
param([Parameter(Mandatory=$true)][string]$TargetPath)
$TargetFile = Get-Item $TargetPath
$ParentDirectory = $Item.Parent
$SiblingFiles = Get-Childitem $ParentDirectory
$SiblingFiles = $SiblingFiles | Where-Object { $_ –ne $TargetFile }
@zaneGittins
zaneGittins / BinImage.py
Last active May 10, 2019 17:09
BinImage
# BinImage
# Author: Zane Gittins
# Date: 5/8/2019
import os
import sys
import numpy
import argparse
import bitarray
from PIL import Image
@zaneGittins
zaneGittins / Colors.py
Created May 10, 2019 17:37
# colors
# Author: Zane Gittins
import sys
BLACK = '\033[30m'
RED = '\033[31m'
GREEN = '\033[32m'
ORANGE = '\033[33m'
BLUE = '\033[34m'
@zaneGittins
zaneGittins / Prefetch.ps1
Last active June 30, 2021 13:43
Prefetch
#Requires -Version 5.0
<#
.SYNOPSIS
Parses Windows Prefetch Files
.PARAMETER FileNames
Names of files to search for. If matches logged to critical.
.PARAMETER CSV
@zaneGittins
zaneGittins / Get-ADUserBySID.ps1
Created September 17, 2019 21:24
function Get-ADUserBySID {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)][string]$SIDEnding
)
$SearchTerm = "*-" + $SIDEnding
Get-ADUser -Filter * | Select-Object -Property SID,Name | Where-Object -Property SID -like $SearchTerm
}
@zaneGittins
zaneGittins / ftp_spray.py
Created January 27, 2020 17:56
#!/usr/bin/env python3
import socket
import argparse
def spray_ftp(ip, user_list, password, port=21, buffer_size=1024):
for username in user_list:
ftp_user = "USER " + username + "\r\n"
@zaneGittins
zaneGittins / TeamsLocks.ps1
Last active March 11, 2020 16:37
Teams Unlock/Lock
#Requires -Version 5.0
<#
.SYNOPSIS
Teams Unlock/Lock Events - Gets unlock and lock events from Microsoft Teams logs file.
Can be used to trace interactive logins.
.PARAMETER TargetUser
User to get logs for
.NOTES
Author: Zane Gittins
@zaneGittins
zaneGittins / PwnReader.ps1
Last active August 18, 2020 16:42
#Requires -Version 5.0
<#
.SYNOPSIS
Reads in JSON file from https://haveibeenpwned.com/
Checks if the breach involved a users password, outputs
a CSV which contains ad information for each user.
.PARAMETER Path
Path to haveibeenpwned json file.
.PARAMETER Output
@zaneGittins
zaneGittins / gist:5ce616d1792cab269954f93cf99be175
Created April 24, 2020 02:54
COMHijack
/*
COMHijack - CSHARP Runner
Author: Zane Gittins
*/
#include <Windows.h>
#include <comutil.h>
#include <string>
#include <fstream>
#include <stdio.h>
@zaneGittins
zaneGittins / gist:8df12376cc36fee9dbcbb0c7fdd97b1e
Created April 24, 2020 02:55
DLLSideloadRastls
/*
+-------------- RasTLS DLL -------------+
|Author: Zane Gittins |
|Description: DLL Sideloading technique |
|used by OceanLotus. |
+---------------------------------------+
*/
#include "pch.h"
#include <windows.h>