This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "Id": "47440bb24f514de1efdefe841650f6f4b652a0298e5be544760822a003c464f4", | |
| "Created": "2022-04-11T21:10:25.205076542Z", | |
| "Path": "/entrypoint.sh", | |
| "Args": [ | |
| "mysqld" | |
| ], | |
| "State": { | |
| "Status": "running", |
andreyglauzer
/ Pull_logs_and_zip.ps1
Created
February 22, 2022 19:03
— forked from Purp1eW0lf/Pull_logs_and_zip.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Ensure errors don't ruin anything for us | |
| $ErrorActionPreference = "SilentlyContinue" | |
| # Set variables | |
| $DesktopPath = [Environment]::GetFolderPath("Desktop") | |
| $basic = "C:\windows\System32\winevt\Logs\Application.evtx", "C:\windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx", "C:\windows\System32\winevt\Logs\System.evtx", "C:\windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx", "C:\windows\System32\winevt\Logs\Security.evtx", "C:\windows\System32\winevt\Logs\Microsoft-Windows-Sysmon%4Operational.evtx" | |
| $remote_logs = "C:\windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx", "C:\windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx" |
andreyglauzer
/ iddqd.yar
Created
August 31, 2021 02:16
— forked from Neo23x0/iddqd.yar
IDDQD - Godmode YARA Rule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| _____ __ __ ___ __ | |
| / ___/__ ___/ / / |/ /__ ___/ /__ | |
| / (_ / _ \/ _ / / /|_/ / _ \/ _ / -_) | |
| \___/\___/\_,_/_/_/__/_/\___/\_,_/\__/ | |
| \ \/ / _ | / _ \/ _ | / _ \__ __/ /__ | |
| \ / __ |/ , _/ __ | / , _/ // / / -_) | |
| /_/_/ |_/_/|_/_/ |_| /_/|_|\_,_/_/\__/ | |
| Florian Roth - v0.5.0 October 2019 | |
andreyglauzer
/ Get-ProcessTree.ps1
Created
March 21, 2020 01:26
— forked from JPMinty/Get-ProcessTree.ps1
PowerShell 2.0 script to get processes tree
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Modified to include support for CommandLine, File Hashes, File Paths, Signing Certificates | |
| # Copyright (c) 2020 Jai Minton. All rights reserved. | |
| # Copyright (c) 2014 Atif Aziz. All rights reserved. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # |
andreyglauzer
/ check-smb-v3.11.sh
Created
March 11, 2020 11:49
— forked from nikallass/check-smb-v3.11.sh
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 0 ] | |
| then | |
| echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR' | |
| exit 1 | |
| fi | |
| echo "Checking if there's SMB v3.11 in" $1 "..." | |
| nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package 'epel-release' | |
| package 'java' | |
| package 'nano' | |
| package 'htop' | |
| package 'wget' | |
| execute 'elasticsearch-rpm-import' do | |
| command 'rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch' | |
| action :run | |
| end |
andreyglauzer
/ Invoke-Procdump.ps1
Created
November 27, 2019 15:51
— forked from dmaasland/Invoke-Procdump.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Source = @" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ProcDump { | |
| public static class DbgHelp { | |
| [DllImport("Dbghelp.dll")] | |
| public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam); | |
| } | |
| } |
andreyglauzer
/ TxR.bt
Created
November 22, 2019 22:54
— forked from williballenthin/TxR.bt
010 Editor template for parsing Windows Registry TxR (.regtrans-ms) files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------ | |
| //--- 010 Editor v8.0.1 Binary Template | |
| // | |
| // File: Transactional Registry Transaction Logs (.TxR) | |
| // Authors: Willi Ballenthin <[email protected]> | |
| // Version: 0.1 | |
| // Reference: https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html | |
| //------------------------------------------------ | |
| LittleEndian(); |
andreyglauzer
/ content_discovery_all.txt
Created
September 17, 2019 17:08
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
andreyglauzer
/ gist:c21ac59585495774a42da2971767d4af
Created
September 14, 2019 19:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am andreyglauzer on github. | |
| * I am andreyglauzer (https://keybase.io/andreyglauzer) on keybase. | |
| * I have a public key ASAVkPiiad83xC4HR7PcN0esuiujciw4L_AxZ-m-lkBD2Qo | |
| To claim this, I am signing this object: |
NewerOlder