- Sentence 1: A hook using alliteration or imagery to draw the reader in.
- Sentence 2: Introduce the memory — when/where it happened (no details yet).
shadowbq
/ Outline.md
Created
July 20, 2025 20:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Inindo: Way Of The Ninja Maps | |
| © 1993 KOEI Corporation | |
| Maps Of The Month: March 2019 (zagato blackfist) | |
| World World 9216 x 9245 1.19 MB PNG ripped zagato blackfist | |
| Mutsu Castle Mutsu Castle 1236 x 802 29.5 kB PNG ripped zagato blackfist | |
| Dewa Castle Dewa Castle 1268 x 898 32.3 kB PNG ripped zagato blackfist | |
| R Castle Rikuchu Castle 1716 x 834 36.4 kB PNG ripped zagato blackfist | |
| Rikuzen Castle Rikuzen Castle 1204 x 770 29.7 kB PNG ripped zagato blackfist |
shadowbq
/ .README.md
Last active
May 22, 2023 16:37
— forked from mattifestation/MDE_DataCollection_Scripts.md
Microsoft MDE EDR LiveResponse and SenseIR collection powershell scripts
Microsoft Defender for Endpoint ensures the integrity of the scripts it pushes and executes.
First, they ensure that the script to execute matches the expected file hash. Example:
powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd871ab44a81b93cdf3c7e235c246ea8b4bf65
shadowbq
/ README - LVM Encryption Resize.md
Last active
March 15, 2023 18:17
Enlarge LVM on LUKS encrypted VG
Enlarging a LVM-on-LUKS logical partition, for instance after migrating to a larger hard disk, is done in the opposite way - from the outermost to the innermost partition:
primary partition(LUKS device{volume group[(logical partition1)(logical partition2-->)]}) Preparation Create a new partition on the new hard disk of wanted size, f.i. by using GNU Parted, and clone the old partition sdX1, containing your LUKS container, into the new partition sdY1:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -a | |
| command -v python3 >/dev/null 2>&1 || { | |
| echo >&2 "Python3 required. Aborting." | |
| exit 1 | |
| } | |
| MYSTRING="Do something in bash" | |
| export $MYSTRING |
shadowbq
/ minimal-defender-bypass.profile
Created
January 4, 2022 17:56
— forked from tothi/minimal-defender-bypass.profile
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
At its core an X.509 certificate is a digital document that has been encoded and/or digitally signed according to RFC 5280.
In fact, the term X.509 certificate usually refers to the IETF’s PKIX Certificate and CRL Profile of the X.509 v3 certificate standard, as specified in RFC 5280, commonly referred to as PKIX for Public Key Infrastructure (X.509).
shadowbq
/ make_garbage_files.sh
Created
May 6, 2019 19:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| for d in {1..100}; do | |
| mkdir -p ./dir-$(printf %03d "$d") && cd ./dir-$(printf %03d "$d") | |
| for n in {1..100}; do | |
| ( dd if=/dev/urandom of=file-$( printf %03d "$n" ).bin bs=1 count=$(( RANDOM + 1024 )) ) > /dev/null 2>&1 | |
| done | |
| cd .. | |
| done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| :: Reference: https://www.pahoehoe.net/configure-w32time-ntp-on-a-standalone-windows-box/ | |
| :: Reference: https://community.spiceworks.com/topic/1951714-ntp-setting-server-2012-r2-settings-not-working | |
| :: Reference: https://www.mcbsys.com/blog/2014/08/basic-windows-time-service-setup/ | |
| :: ## Look @config | |
| w32tm /query /configuration | |
| w32tm /query /status | |
| :: # Changing the Polling Flag (its listed in decimal seconds) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Notes: | |
| ' https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-counter?view=powershell-5.1 | |
| ' https://docs.bmc.com/docs/display/public/bcmco95/Windows+IPv4+and+IPv6+Statistics | |
| ' https://kb.paessler.com/en/topic/50673-how-can-i-find-out-the-names-of-available-performance-counters | |
| ' https://docs.microsoft.com/en-us/windows-server/networking/technologies/network-subsystem/net-sub-performance-counters | |
| ' https://leanpub.com/windowspowershellnetworkingguide/read#leanpub-auto-performance-counters | |
| PS C:\Users\jdoe> powershell –ExecutionPolicy Bypass | |
| Windows PowerShell | |
| Copyright (C) Microsoft Corporation. All rights reserved. |
NewerOlder