shelld0n

#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin) 
# account, not SYSTEM, plus, it doesn't generate noisy messages

TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

ihamburglar

#   This is an example of how to run MiniDumpWriteDump functionality
#   natively in IronPython without a C# wrapper. 

from System.Runtime.InteropServices import DllImportAttribute, PreserveSigAttribute
from System.Diagnostics import Process
from System.IO import FileStream, FileMode, FileAccess,FileShare
import clrtype, System

class NativeMethods(object):
    __metaclass__ = clrtype.ClrClass

infosecn1nja

# Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
# https://wikileaks.org/ciav7p1/cms/page_14587908.html

<#
.SYNOPSIS
This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds.  The event will trigger only once.  
#>

$EventFilterName = "Fileless WMI Persistence SystemUptime"

bohops

RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions.  Here is a gist of (semi) interesting findings
that is not very new...

===========
Inspiration
===========
As you may already know...

nepobef

How to go from (almost) zero to viewing a graph of events with LogonTracer

The Readme for the LogonTracer project is missing a couple of steps so I'm jotting down all the kinks. I'm glossing over installing Debian into a VM.

There is little thought for security in this setup, all actions are taken as root user, if using in production you'll probably need to 'sudo' a few places.

My Setup

I set this up in about 30 minutes using a VM in VMware workstation. I was able to connect to the Logontracer webpage from my host OS.

NickTyrer

<?xml version="1.0" encoding="utf-8"?>
<package>
  <component
    id="dummy">
    <registration
      description="dummy"
      progid="dummy"
      version="1.00"
      remotable="True">
      <script

jaredcatkinson

function Get-InjectedThread
{
    <# 
    
    .SYNOPSIS 
    
    Looks for threads that were created as a result of code injection.
    
    .DESCRIPTION
    

glombard

alias ll='ls -FGlAhp'

function goweb () {
	cd ~/src/MyProj
	git up
	ll
	git status --short
}

douglas

#!/bin/bash

# store the current dir
CUR_DIR=$(pwd)

# Let the person running the script know what's going on.
echo "\n\033[1mPulling in latest changes for all repositories...\033[0m\n"

# Find all git repositories and update it to the master latest revision
for i in $(find . -name ".git" | cut -c 3-); do