Skip to content

Instantly share code, notes, and snippets.

View PeterGabaldon's full-sized avatar

Peter Gabaldon PeterGabaldon

31 followers · 7 following
View GitHub Profile
@PeterGabaldon
PeterGabaldon / REQUEST.GRAPH.DEFAULT.SCOPE.TO.SHAREPOINT.ONLINE.WEB.CLIENT.EXTENSIBILITY
Created October 10, 2024 15:46
POST /[REDACTED]/oauth2/v2.0/token HTTP/2
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 1544
Referer: [REDACTED]
Origin: [REDACTED]
@PeterGabaldon
PeterGabaldon / CQL.BAD.CHANNEL.FILE.19.07.2024.v8.6
Created July 22, 2024 10:41
// Version 8.6 - 4:06PM EST 7/21/24
// Get ConfigStateUpdate and SensorHeartbeat events
#event_simpleName=/^(ConfigStateUpdate|SensorHeartbeat)$/ event_platform=Win
| cid=?cid
// Splitting aid list for large customers
| regex(field=aid, regex=?aidsubset)
// Parse ConfigStateUpdate and extract Channel File 291 version number; accept all SensorHeartbeat events and rename timestamp field
@PeterGabaldon
PeterGabaldon / CQL.BAD.CHANNEL.FILE.19.07.2024
Created July 19, 2024 12:58
// Get ConfigStateUpdate and SensorHeartbeat events
#event_simpleName=/^(ConfigStateUpdate|SensorHeartbeat)$/ event_platform=Win
// Narrow search to Channel File 291 and extract version number; accept all SensorHeartbeat events within impact window
| case{
#event_simpleName=ConfigStateUpdate | regex("\|1,123,(?<CFVersion>.*?)\|", field=ConfigStateData, strict=false) | parseInt(CFVersion, radix=16);
#event_simpleName=SensorHeartbeat | rename([[@timestamp, LastSeen]]);
}
| case{
@PeterGabaldon
PeterGabaldon / gist:1740b412f7ea9f2520506c9b712194ec
Created March 1, 2024 11:38
Spanish Names.Surnames Wordlist
Aaron.Aguilar
Aaron.Alonso
Aaron.alvarez
Aaron.Arias
Aaron.Benitez
Aaron.Blanco
Aaron.Blesa
Aaron.Bravo
Aaron.Caballero
Aaron.Cabrera
@PeterGabaldon
PeterGabaldon / krbrelay_privesc_howto.md
Created September 22, 2022 10:10 — forked from tothi/krbrelay_privesc_howto.md
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@PeterGabaldon
PeterGabaldon / create_backup.sh
Last active May 27, 2021 16:39
Backup to a partition identifying it by its UUID. Generate an exclude from backup file interactively.
#! /bin/bash
# Pedro Gabaldon Julia 2021
# https://petergabaldon.github.io/
### COLORS
NOCOLOR='\033[0m'
RED='\033[0;31m'
GREEN='\033[0;32m'
ORANGE='\033[0;33m'
@PeterGabaldon
PeterGabaldon / DigiKeyboard.h
Last active February 27, 2018 17:32
Write function modified for ascii chars that need Alt Gr key pressed down
/*
* Based on Obdev's AVRUSB code and under the same license.
*
* TODO: Make a proper file header. :-)
* Modified for Digispark by Digistump
*/
//Modified for spanish keyboard layout
#ifndef __DigiKeyboard_h__
@PeterGabaldon
PeterGabaldon / scancode-ascii-table.h
Created February 12, 2018 17:45
Ascii to scan code table modified for spanish keyboard layout
#include <avr/pgmspace.h>
// Lookup table to convert ascii characters in to keyboard scan codes
// Format: most signifficant bit indicates if scan code should be sent with shift modifier
// remaining 7 bits are to be used as scan code number.
//Modified for spanish keyboard layout
const unsigned char ascii_to_scan_code_table[] PROGMEM = {
// /* ASCII: 0 */ 0,
// /* ASCII: 1 */ 0,