mthcht
/ GetTracelogProviderSecurity.ps1
Created
February 23, 2025 16:36
— forked from olafhartong/GetTracelogProviderSecurity.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### USAGE: | |
| ### | |
| ### GetTracelogProviderSecurity.ps1 (to get all provider info) | |
| ### | |
| ### GetTracelogProviderSecurity.ps1 -ProviderName f2e68291-2367-5d51-3488-46f7a0e3f2cf | |
| ### (to get the info for 1 provider guid) | |
| ## | |
| # | |
| # Provider: f2e68291-2367-5d51-3488-46f7a0e3f2cf | |
| # Control Flags: 45076 |
mthcht
/ Github Stealer repos topics 20241215
Created
December 15, 2024 13:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "url": "https://github.com/Fadi002/unshackle", | |
| "topics": [ | |
| "linux", | |
| "password-crack", | |
| "windows", | |
| "bypass-password", | |
| "linux-password-bypass", | |
| "unshackle", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/UnamSanctam/SilentCryptoMiner | |
| https://github.com/maxDcb/C2Implant | |
| https://github.com/Peaky-XD/webshell | |
| https://github.com/soufianetahiri/Anxun-isoon | |
| https://github.com/mlcsec/FormThief | |
| https://github.com/I-S00N/I-S00N | |
| https://github.com/phra/PEzor | |
| https://github.com/Meltedd/HVNC | |
| https://github.com/henriksb/ExtensionSpoofer | |
| https://github.com/xvt-void/EnableAllTokenPrivs |
mthcht
/ malicious_backdoored_github_repos.txt
Last active
February 16, 2024 07:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kstetacy44/Ddos-Tool | |
| jebssicaTgVonzalez/doc-macro-exploit | |
| kstetacy44/lichess-cheat | |
| maqrtineLzjulyie/spotify-check-premium | |
| jesusCmkurpBhy/windows-activation-key-gen | |
| XgibbsjDakmes/YouTube-Report-bot | |
| cannUondSebor5ah/file-extension-spoofer | |
| johnsonrreTMbecca/league-of-legends-account-gen | |
| m3i8cshealmartin/ransomware-builder | |
| cesa2rmcxdonanld/twitch-mass-account-generator |
mthcht
/ malicious_github_users.txt
Last active
February 15, 2024 09:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jreynbolfdks | |
| pierbrcematthewK | |
| gelloisk7 | |
| 0phillipskaMpyla | |
| savanHnahw0ils8on | |
| owenMssh6errdy | |
| ng9arciaTa | |
| vjonathanY5u4 | |
| tmannukQ | |
| christophermitqchellVg |
mthcht
/ search_for_credentials_in_files.ps1
Created
January 8, 2023 22:44
Search for given keywords in every file in the given directory (equivalent of a grep -rnw "mystring" .)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| T1552.001 - Unsecured Credentials: Credentials In Files | |
| T1083 - File and Directory Discovery | |
| Script from https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/search_for_credentials_in_files.ps1 | |
| Simple script to search for strings inside files in a given directory (equivalent to a grep -rnw "mystring" .) | |
| Example usage: | |
| search for 'password=' in every files in the current directory and save the result in results.txt in the same directory | |
| - powershell.exe -ep Bypass -File .\search_for_credentials_in_files.ps1 -search 'password=' -path . -out ./results.txt | |
| Ask for user input and print results in the console | |
| - powershell.exe -ep Bypass -File .\search_for_credentials_in_files.ps1 |
mthcht
/ search_keywords_in_outlook_mailbox.ps1
Created
January 8, 2023 20:52
Extract sensitive content from outlook mailbox
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| T1114.001 - Email Collection: Local Email Collection | |
| T1555 - Credentials from Password Stores | |
| Script from https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/Outlook/search_keywords_in_outlook_mailbox.ps1 | |
| Search in outlook mailbox for specific keywords or default keywords like passwords, license, api key, tokens stored in email for example. | |
| #> | |
| param( | |
| [Parameter(Mandatory=$false)] | |
| [switch]$all, |
mthcht
/ wake_on_lan.ps1
Created
January 5, 2023 22:47
Wake On Lan powershell script - get mac address list from arp table and send magic packet to each of them
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| T1205 - Traffic Signaling | |
| T1016 - System Network Configuration Discovery | |
| Script from PurpleTeam repo https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/Network/wake_on_lan.ps1 | |
| Retrieving mac addresses in ARP table and sending WOL packet to each of them, this is often used by attackers to infect as many workstations as possible ont he network | |
| example: Ryuk has used Wake-on-Lan to power on turned off systems for lateral movement (https://attack.mitre.org/software/S0446/) | |
| #> | |
| #Create an array of MAC addresses | |
| $arpTableDict = @{} |
mthcht
/ get_cursor_position_and_capture_screenshot_on_mouse_click.ps1
Created
January 5, 2023 21:25
Simple powershell script that can track cursor position on screen and take a screenshot every time a mouse button is clicked
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| T1113 - Screen Capture | |
| T1056 - Input Capture | |
| Capture mouse cursor position and buttons actions | |
| Take a screenshot for each mouse click and save it in $Directory, works on multiple Screens | |
| From PurpleTeam repo https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/get_cursor_position_and_capture_screenshot_on_mouse_click.ps1 | |
| #> | |
| $Directory = "$env:USERPROFILE\Pictures\Saved Pictures" | |
| $CaptureQuality = 80 |
mthcht
/ get_clipboard_content_loop.ps1
Created
January 5, 2023 21:11
Simple powershell script loop saving all clipboard content
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| T1115 - Clipboard Data | |
| Script from Purpleteam repo https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/get_clipboard_content_loop.ps1 | |
| Save Clipboard Data | |
| #> | |
| # Get clipboard content | |
| $clipboard = Get-Clipboard | |
| $date = Get-Date |
NewerOlder