mavjs
/ Sysmon_Lab.ps1
Created
March 16, 2023 18:28
— forked from Purp1eW0lf/Sysmon_Lab.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Meta | |
| Date: 2022 March 28th | |
| Authors: Dray Agha (Twitter @purp1ew0lf) | |
| Company: Huntress Labs | |
| Purpose: Automate setting up Sysmon and pulling Ippsec's sysmon IoC streamliner. Great for malware lab. | |
| #> | |
| function admin_check{ | |
| if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` |
mavjs
/ PowerShell Script Block Merge in Kusto
Created
March 25, 2022 22:38
— forked from LeeHolmes/PowerShell Script Block Merge in Kusto
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Event | |
| | where EventID == "4104" | |
| | extend ParsedEvent = parse_xml(strcat("<root>", ParameterXml, "</root>")) | |
| | extend MessageNumber = tolong(ParsedEvent.root.Param[0]) | |
| | extend MessageTotal = tolong(ParsedEvent.root.Param[1]) | |
| | extend ScriptBlockElement = iff( | |
| strlen(tostring(ParsedEvent.root.Param[2]["#text"])) > 0, | |
| ParsedEvent.root.Param[2]["#text"], | |
| ParsedEvent.root.Param[2]) | |
| | extend ScriptBlockId = tostring(ParsedEvent.root.Param[3]) |
mavjs
/ AWS API calls that return credentials.md
Created
February 20, 2021 12:05
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
If your $GOROOT is in ~/goroot and your $GOPATH is in ~/go, you want to make sure that your new go version goes to the right folder.
By default the go tar file will unpack with go/ as a prefix directory, thus we want to remove that when unpacking, thus the --strip-components=1.
tar -C ~/goroot -xzvf go$VERSION.linux-amd64.tar.gz --strip-components=1
mavjs
/ gzip_str.py
Created
April 25, 2020 21:31
— forked from Garrett-R/gzip_str.py
Demo of how to gzip and gunzip a string in Python 3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gzip | |
| import io | |
| def gzip_str(string_): | |
| out = io.BytesIO() | |
| with gzip.GzipFile(fileobj=out, mode='w') as fo: | |
| fo.write(string_.encode()) | |
| bytes_obj = out.getvalue() |
mavjs
/ keybase.md
Created
October 10, 2017 16:35
I hereby claim:
- I am mavjs on github.
- I am mavjs (https://keybase.io/mavjs) on keybase.
- I have a public key ASDiTsnsLVeolOAND9VB-1xXIrQN2ZEIm4IPafZizc2Ftgo
To claim this, I am signing this object: