ropnop

#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket

matthiassb

import duo_client
import ldap

auth_api = duo_client.Auth(
    ikey='<ikey>',
    skey='<skey>',
    host='<host>',
)

LDAP_SERVER = 'ldap://10.1.0.143'

bryanburgers

#!/bin/bash

# Format the current date in a way that clearly shows local time and UTC time,
# for use in a tmux status bar.

# Examples:
# tmux-date  (with computer set to America/Chicago timezone)
#   2016-01-11 / 08:55 -06:00 / 14:55Z
# TZ="Australia/Victoria" tmux-date
#   2016-01-12 / 01:55 +11:00 / 2016-01-11T14:55Z

HarmJ0y

#!/usr/bin/python

# Code that quickly generates a deployable .war for a PowerShell one-liner

import zipfile
import StringIO
import sys

def generatePsWar(psCmd, appName):

byt3bl33d3r

import sys

ps_shellcode = '@('

with open(sys.argv[1], 'rb') as shellcode:
	byte = shellcode.read(1)
	while byte != '':
		ps_shellcode += '0x{}, '.format(byte.encode('hex'))
		byte = shellcode.read(1)

staaldraad

# Mana-toolkit from @sensepost
#
# VERSION 0.1

FROM ubuntu

MAINTAINER Etienne Stalmans, [email protected]

RUN apt-get update && apt-get install -y \
 unzip \

chanj

INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute. 

Short Link: http://tiny.cc/awssecurity

Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf 

mubix

#ifndef UNICODE
#define UNICODE
#endif

#include <Windows.h>
#include <string.h>
#include <stdio.h>
#include <Psapi.h>

gerry

#!/usr/bin/env python
# decrypt_dbvis.py ~ [email protected]
# DbVisualizer uses PBEWithMD5AndDES with a static key to store passwords.
# This is a quick hack to extract and decrypt credentials from DbVisualizer config files.
# Tested against DbVisualizer Free 9.0.9 and 9.1.6
"""
[2014-03-25 02:05:30][not-the-sea workspace]$ security/p/gerry/misc/decrypt_dbvis.py
[+] DbVisualizer Password Extractor and Decryptor (@gerryeisenhaur)
[+] Additional Usage Options:
[+]     security/p/gerry/misc/decrypt_dbvis.py <config filename>

rothgar

# Idempotent way to build a /etc/hosts file with Ansible using your Ansible hosts inventory for a source.
# Will include all hosts the playbook is run on.
# Inspired from http://xmeblog.blogspot.com/2013/06/ansible-dynamicaly-update-etchosts.html

- name: "Build hosts file"
  lineinfile: dest=/etc/hosts regexp='.*{{ item }}$' line="{{ hostvars[item].ansible_default_ipv4.address }} {{item}}" state=present
  when: hostvars[item].ansible_default_ipv4.address is defined
  with_items: groups['all']