This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #first draft of pfsync decoding traffic, needs testing | |
| from scapy.all import sniff, IP, IPv6, raw | |
| from scapy.packet import Packet, bind_layers | |
| from scapy.fields import ( | |
| ByteEnumField, ByteField, ShortField, IntField, LongField, | |
| IPField, IP6Field, ShortEnumField, XByteField, XShortField, XIntField, FieldLenField | |
| ) | |
| import socket |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### | |
| # DNS of captive portal login probes used in SEC660 (@jimshew) | |
| detectportal.firefox.com A 192.168.6.69 | |
| captive.apple.com A 192.168.6.69 | |
| connectivitycheck.gstatic.com A 192.168.6.69 | |
| clients3.google.com A 192.168.6.69 | |
| www.msftconnecttest.com A 192.168.6.69 | |
| www.msftncsi.com A 192.168.6.69 # ActiveWebProbeHost | |
| nmcheck.gnome.org A 192.168.6.69 |
jimshew
/ aes_crypt.cpp
Last active
July 27, 2025 11:40
— forked from Voraka/aes_crypt.cpp
AES 128 - encrypt/decrypt using Windows Crypto API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <wincrypt.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "crypt32.lib") | |
| #define BLOCK_LEN 128 | |
| //Original script: https://gist.github.com/hasherezade/2860d94910c5c5fb776edadf57f0bef6 | |
| //Modified for SANS SEC660 @jimshew |
jimshew
/ fridge.py
Created
June 5, 2024 18:51
— forked from joshuafried/fridge.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # import requests | |
| import json | |
| import time | |
| from datetime import datetime, timedelta | |
| from urllib.parse import quote | |
| import jwt | |
| import uuid | |
| import logging |
jimshew
/ DisableChromeUpdates.ps1
Created
March 13, 2024 18:29
— forked from absynce/DisableChromeUpdates.ps1
Disable Chrome updates in Windows via the registry.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ******************************************* | |
| # | |
| # Mod by: Jared M. Smith | |
| # Mod on: 2015.01.14 | |
| # Mod y?: Disable Google Chrome updates. | |
| # | |
| # ******************************************* | |
| # Log method | |
| function Log { Param([string]$message) Write-Host $message; } |
jimshew
/ Start-procmon.ps1
Created
September 6, 2023 17:52
— forked from balaprasathr/Start-procmon.ps1
PowerShell script to automate Sysinternals ProcMon filters. ProcMon very powerful and handy in monitoring processes. ProcMon has command line option to load save configuration, but there is no explicit parameter to set parameters. The original author script to pass filter options as parameter in commandline was buggy. Fixed and publishing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Start-ProcMon uses Powershell to call Process Monitor, a tool from the Sysinternals Suite. | |
| This script adds the functionality of dynamically specifying filters, which allows automation | |
| with a minimal performance impact. | |
| .DESCRIPTION | |
| Written by Nick Atkins @Nik_41tkins | |
| http://nomanualrequired.blogspot.com/ | |
| This program is free software: you can redistribute it and/or modify | |
| it under the terms of the GNU General Public License as published by |
jimshew
/ Get-InjectedThread.ps1
Created
June 8, 2021 03:08
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |