Zane Gittins zaneGittins
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "encoding/json" | |
| "fmt" | |
| "log" | |
| "os" | |
| "os/exec" | |
| "path/filepath" |
zaneGittins
/ direct-syscall-createfile.cpp
Created
November 28, 2022 23:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include "winternl.h" | |
| #pragma comment(lib, "ntdll") | |
| /* based on: https://github.com/nothydud/direct-syscall/blob/master/main.c | |
| https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet/blob/main/evasion/direct_syscall.cpp | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # chainsaw2timesketch.sh | |
| # author: zane gittins | |
| # updated: 11/1/2022 | |
| # tested on chainsaw version: v2.2.0 | |
| # Get all evtx files in the current directory. | |
| for file in *.evtx; do | |
| # Ensure that file exists. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # Author: Zane Gittins | |
| # Small tool to assist in parsing hexdumps and optionally writing to binary file. | |
| import re | |
| import sys | |
| import binascii | |
| import argparse | |
| def extract_hex(file_path): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| File created: | |
| RuleName: DLL | |
| UtcTime: 2021-06-30 17:17:08.957 | |
| ProcessGuid: {9ca9a477-a70f-60dc-856d-f00000000000} | |
| ProcessId: 332 | |
| Image: C:\Windows\System32\spoolsv.exe | |
| TargetFilename: C:\Windows\System32\spool\drivers\x64\3\New\Test.dll | |
| CreationUtcTime: 2021-06-30 17:14:41.231 | |
| Network connection detected: |
zaneGittins
/ ResponderSecurityCheck.ps1
Created
April 29, 2021 20:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check SMB Signing | |
| function Get-SMBSigningStatus { | |
| [CmdletBinding()] | |
| $SMBSigning = (Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\LanManWorkstation\Parameters" -Name RequireSecuritySignature).RequireSecuritySignature | |
| $Results = @() | |
| if($SMBSigning -eq 1) { | |
| return $true | |
| } else { | |
| return $false |
zaneGittins
/ Exchange0days.md
Created
March 10, 2021 19:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GetEventLogReport | |
| # This is a modified version of the script provided by IBM-Security, this version also estimates EPS of Sysmon. | |
| # Credits - IBM Security (Jamie Wheaton // William Delong) | |
| function Get-EventLogInfo { param($Agent, $LogName, $RemoteComputer, $OS) | |
| $LogInfo = @{} | |
| try { | |
| # Just localhost |
zaneGittins
/ NTMonitor2.py
Created
December 11, 2020 17:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NTMonitor | |
| # Author: Zane Gittins | |
| # Modified version of code by Matt Hand, all credit goes to Matt Hand for original script. | |
| # Blog post by Matt Hand here: https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa | |
| # Takes executable as arg. | |
| # Monitors NtAllocateVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory. | |
| import frida | |
| import sys | |
| import argparse |
zaneGittins
/ gist:e6caaca895452bb39a39fb1d6fac06a1
Created
September 25, 2020 15:05
input-osquery-output-kafka.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| file { | |
| path => [ | |
| "/var/log/osquery/result.log" | |
| ] | |
| } | |
| } | |
| filter { | |
| json { | |
| source => "message" |
NewerOlder