Samirbous
/ disabled services
Created
June 19, 2023 13:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "Top 1000 values of registry.path",Count | |
| "HKLM\SYSTEM\ControlSet001\Services\WinDefend\Start","1,483" | |
| "HKLM\SYSTEM\ControlSet001\Services\UsoSvc\Start","1,477" | |
| "HKLM\SYSTEM\ControlSet001\Services\WaaSMedicSvc\Start","1,477" | |
| "HKLM\SYSTEM\ControlSet001\Services\wuauserv\Start","1,477" | |
| "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\Sense\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\WdBoot\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\WdFilter\Start",6 | |
| "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv\Start",6 |
Mayfly277
/ EncodeAssembly.ps1
Last active
March 18, 2025 11:10
This script is a modification of the one from @snovvcrash website : https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/dotnet-reflective-assembly and some code of PowerSharpPack. This is made to package some bniaries to powershell.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Invoke-EncodeAssembly | |
| { | |
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$true)] | |
| [String] | |
| $binaryPath, | |
| [Parameter(Mandatory=$true)] | |
| [String] |
tothi
/ minimal-defender-bypass.profile
Last active
August 15, 2025 09:08
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
AvasDream
/ oscp_prep.md
Last active
August 27, 2025 16:28
Resource for OSCP like HTB Boxes with Ippsec Videos and Writeups.
rc9000
/ pg-fail2ban.md
Last active
November 29, 2024 21:33
postgres fail2ban configuration with user locking
Needs fail2ban 0.10+. See https://github.com/fail2ban/fail2ban/wiki/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc. for more information.
Motivated by this discussion on pgsql-general: https://www.postgresql.org/message-id/61463e206b7c4c0ca17b03a59e890b78%40lmco.com
[postgres-lockuser]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
Geoyi
/ install virtualenv ubuntu 16.04.md
Created
September 16, 2017 12:19
— forked from frfahim/install virtualenv ubuntu 16.04.md
How to install virtual environment on ubuntu 16.04
halkyon
/ cleanup-win10.ps1
Last active
September 28, 2025 18:46
Cleanup Windows 10 Powershell script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| ## Windows 10 cleanup script. | |
| ## Remove dodgy tracking settings, unneeded services, all apps, and optional features that come with Windows 10. Make it more like Windows 7. | |
| ## NOTE: this was tested on Creators Update (1703) and Fall Creators Update (1709). Some of this may not work as expected on newer versions. | |
| ## | |
| ## Instructions | |
| ## 1. Run this script (under Powershell as Administrator): | |
| ## powershell -ExectionPolicy Bypass .\cleanup-win10.ps1 | |
| ## 2. Let it run through, you may see a few errors, this is normal | |
| ## 3. Reboot |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
NewerOlder