Skip to content

Instantly share code, notes, and snippets.

View zaneGittins's full-sized avatar

Zane Gittins zaneGittins

View GitHub Profile
@zaneGittins
zaneGittins / POSHWEF.ps1
Created August 26, 2020 17:16
Export WEF Subscriptions
function Export-WEFSubscription {
[CmdletBinding()]
param (
[Parameter(Mandatory=$false)][array]$OutputDirectory = (Get-Location)
)
# Get all subscriptions.
$Subscriptions = wecutil es
# Export to xml.
foreach($Subscription in $Subscriptions) {
/*
+-------------- RasTLS DLL -------------+
|Author: Zane Gittins |
|Description: DLL Sideloading technique |
|used by OceanLotus. |
+---------------------------------------+
*/
#include "pch.h"
#include <windows.h>
/*
COMHijack - CSHARP Runner
Author: Zane Gittins
*/
#include <Windows.h>
#include <comutil.h>
#include <string>
#include <fstream>
#include <stdio.h>
#Requires -Version 5.0
<#
.SYNOPSIS
Reads in JSON file from https://haveibeenpwned.com/
Checks if the breach involved a users password, outputs
a CSV which contains ad information for each user.
.PARAMETER Path
Path to haveibeenpwned json file.
.PARAMETER Output
@zaneGittins
zaneGittins / TeamsLocks.ps1
Last active March 11, 2020 16:37
Teams Unlock/Lock
#Requires -Version 5.0
<#
.SYNOPSIS
Teams Unlock/Lock Events - Gets unlock and lock events from Microsoft Teams logs file.
Can be used to trace interactive logins.
.PARAMETER TargetUser
User to get logs for
.NOTES
Author: Zane Gittins
#!/usr/bin/env python3
import socket
import argparse
def spray_ftp(ip, user_list, password, port=21, buffer_size=1024):
for username in user_list:
ftp_user = "USER " + username + "\r\n"
function Get-ADUserBySID {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)][string]$SIDEnding
)
$SearchTerm = "*-" + $SIDEnding
Get-ADUser -Filter * | Select-Object -Property SID,Name | Where-Object -Property SID -like $SearchTerm
}
@zaneGittins
zaneGittins / Prefetch.ps1
Last active June 30, 2021 13:43
Prefetch
#Requires -Version 5.0
<#
.SYNOPSIS
Parses Windows Prefetch Files
.PARAMETER FileNames
Names of files to search for. If matches logged to critical.
.PARAMETER CSV
# colors
# Author: Zane Gittins
import sys
BLACK = '\033[30m'
RED = '\033[31m'
GREEN = '\033[32m'
ORANGE = '\033[33m'
BLUE = '\033[34m'
@zaneGittins
zaneGittins / BinImage.py
Last active May 10, 2019 17:09
BinImage
# BinImage
# Author: Zane Gittins
# Date: 5/8/2019
import os
import sys
import numpy
import argparse
import bitarray
from PIL import Image