##Custom SSL Certificate for Windows RDP Service
Requirements
- Windows 8+ or Server 2012+
- Certificate with private key (*.p12)
- Intermediate CA certificate (*.cer)
- Administrative rights to modify the certificate store
thinkst-cs
thinkst-cs
/ decrypt_cookies.py
Created
February 25, 2025 18:41
— forked from Tw1sm/decrypt_cookies.py
Decrypt Slack/Chrome Cookies
thinkst-cs
/ add-digital-signature-to-word-documents.py
Created
February 24, 2025 18:56
— forked from aspose-com-gists/add-digital-signature-to-word-documents.py
Sign Documents via Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| doc = aw.Document() | |
| builder = aw.DocumentBuilder(doc) | |
| signatureLine = builder.insert_signature_line(aw.SignatureLineOptions()).signature_line | |
| doc.save(docs_base.artifacts_dir + "SignDocuments.signature_line.docx") | |
| signOptions = aw.digitalsignatures.SignOptions() | |
| signOptions.signature_line_id = signatureLine.id |
thinkst-cs
/ winrm-https-self-signed-cert.ps1
Created
November 5, 2024 01:58
— forked from gregjhogan/winrm-https-self-signed-cert.ps1
Configure WinRM HTTPS w/ self-signed certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # configure | |
| $cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $env:COMPUTERNAME | |
| Enable-PSRemoting -SkipNetworkProfileCheck -Force | |
| New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $cert.Thumbprint –Force | |
| New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP | |
| # connect | |
| Enter-PSSession -ComputerName {X.X.X.X} -Credential (Get-Credential) -SessionOption (New-PsSessionOption -SkipCACheck -SkipCNCheck) -UseSSL |
thinkst-cs
/ Backdoor-Minimalist.sct
Created
August 19, 2024 02:29
— forked from gustavonovaes/Backdoor-Minimalist.sct
Execute Remote Scripts Via regsvr32.exe - Referred to As "squiblydoo" Please use this reference...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <!-- License: BSD3-Clause --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
thinkst-cs
/ custom-ssl-cert-rdp.md
Created
June 17, 2024 21:22
— forked from hdml/custom-ssl-cert-rdp.md
Custom SSL Certificate for Windows RDP Service
thinkst-cs
/ New-LabRootCA.ps1
Created
May 22, 2024 19:58
— forked from JaekelEDV/New-LabRootCA.ps1
Powershell Script to install and configure a standalone RootCA for Lab-Environments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Script to install and configure a standalone RootCA for Lab-Environments | |
| .DESCRIPTION | |
| This Script sets up a standalone RootCA. It's main purpose is to save time when building Labs in the classes I teach. | |
| ###It's not meant for production!### | |
| First, it creates a CAPolicy.inf file. Then it deletes all default CDP and AIA and configures new ones. | |
| It turns on auditing and copys (It's a Lab!!!, so obviously no real offline RootCA...) the crt and crl to an edge webserver. | |
| .NOTES | |
| Author: Oliver Jäkel | [email protected] | @JaekelEDV |
thinkst-cs
/ DFIR-RatPack.ps1
Created
April 29, 2024 23:29
RATPACK - DFIR Common exes - Single Script to setup and alert on any of them executing on an endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # List of apps to monitor execution. | |
| $monitoredApp = @("nltest.exe","systeminfo.exe","adfind.exe","wmic.exe", "klist.exe") | |
| # | |
| ## If we need Process Details use = $pn=$(Get-WmiObject win32_process -Filter ''ProcessID = %e'' | select ProcessName,PrcessID, CommandLine etc..) | |
| <# | |
| Sample Use: |
thinkst-cs
/ data.json
Created
February 7, 2024 00:00
— forked from jdarling/data.json
Using D3 to create a Bullseye or Layered Harvey Ball charts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "name":"Test App 1", | |
| "children":[ | |
| {"name":"Configurations","progress":1}, | |
| {"name":"UI","progress":1}, | |
| {"name":"Backend","progress":0.25} | |
| ] | |
| }, | |
| { |
thinkst-cs
/ Windows-CLSID.csv
Created
February 6, 2024 23:30
— forked from olafhartong/Windows-CLSID.csv
We can't make this file beautiful and searchable because it's too large.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CLSID,ClassName | |
| {0000031A-0000-0000-C000-000000000046},CLSID | |
| {0000002F-0000-0000-C000-000000000046},CLSID CLSID_RecordInfo | |
| {00000100-0000-0010-8000-00AA006D2EA4},CLSID DAO.DBEngine.36 | |
| {00000101-0000-0010-8000-00AA006D2EA4},CLSID DAO.PrivateDBEngine.36 | |
| {00000103-0000-0010-8000-00AA006D2EA4},CLSID DAO.TableDef.36 | |
| {00000104-0000-0010-8000-00AA006D2EA4},CLSID DAO.Field.36 | |
| {00000105-0000-0010-8000-00AA006D2EA4},CLSID DAO.Index.36 | |
| {00000106-0000-0010-8000-00AA006D2EA4},CLSID DAO.Group.36 | |
| {00000107-0000-0010-8000-00AA006D2EA4},CLSID DAO.User.36 |
thinkst-cs
/ setRefererHeader.js
Created
January 25, 2024 22:08
— forked from hoodoer/setRefererHeader.js
Code Snippet to Set 'Referer' Header using JavaScript (e.g. XSS Payload)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Save the current URL path to restore after making | |
| // malicious request with faked referer header value | |
| var savedPath = window.location.pathname; | |
| var savedSearch = window.location.search; | |
| // Change URL/History to control the referer header value | |
| // Swap out "/this-is-my-fake-referer-value" to be what you need | |
| window.history.replaceState(null, '', '/this-is-my-fake-referer-value'); | |
| // Send malicious request with faked referer header value |
NewerOlder