dc401 Goto Github PK

ad_force_userlogoff

Enumerates hosts in AD for a logged on user and attempts to boot them off their interactive console sessions on found hosts.

adquery_dns_host_search

This script uses the System.Net.Dns calls for IPv4 resolution from an expanded AD Computername Query into a CSV file.

auto-tab-switcher-.net

Alt Tabs between two application windows

aws-cdk-securepipeline

Create a secure CI/CD Pipeline using CDK and BridgeCrew and Bandit using Python 3

cti_helpers

Supporting Cyber Threat Intelligence Tools

cybercounterintel

Rogue cyber security professional detection mindmap

dataexfil-ultrasound

A simple script to demonstrate data exfiltration using the ggwave API creating ultrasound audio.

dicom-analysis

How to Simulate and Troubleshoot Medical Imaging Transfers

dynamic-instrumentation

Binary patching examples tutorial with dynamic instrumentation and traditional methods with a debugger.

dynamic-salting-example

This is a demo project to show the proof of concept behind dynamic salting as opposed to static salting. Many developers mistakenly use the same salt in addition to a user's password to create a new hash. Unfortunately, attackers can pre-compute static salts easily as well by doing the same thing. Using dynamic salting by creating complex functions that determine what the salt is based on user record information can help increase the barrier and reduce the risk of pre-computed attack success rate.

entropycheckps

Perform entropy checking for unknown data types on windows local drives or shares in Powershell. Useful for checking for potentially ransomware encrypted files.

facerecog

Proof of Concept Face Recognition in the Cloud

filemagic_robocopyps

Quick and dirty PowerShell script that utilizes the GNU Win32 File command and magic DB to search for file types based on header rather than by extension and will copy the files to a destination that is forensically sound using robocopy. Licensed under GPL v2

fileparseps

File Parser that can parse through data for delimiters and substitute them and additionally search/grep for a string for more focused output.

gocrack

Example multi-threaded and single-threaded GoLang ability to crack SHA2-256 based hashes using wordlists

goklog

Go based Windows Keylogger sending ASCII to Webhooks

gologexfil

Quick and dirty method do data exfil binary files in the form of hex strings to GCP's cloud logging easily bypassing most DLP

goslowc2

A demonstration of using GoLang and GCP Storage for a quick and easy evasion payload.

icmp-bindshell

Experimental python3.x based ICMP bind shell listener using scapy and windows 'compatible'

intro2ciphersignals

An introduction to crypto ciphers and signals intelligence for parents to teach their kids.

malfind

Batch Script that takes file objects and identifies file magic items and copies to current working directory. The script also uploads everything to VirusTotal.

mixed_scripts

Various scripts for anyone to use or mod that some may find useful. All licensed under GPL v2

nexposerubyscripts

Example or test Nexpose scripts made using the Ruby Gem

pentest-payloads

Basic payloads for testing or pexperiments

ps-get-wincompromisestatus

A simple PowerShell Module for finding IOC's across your Windows Network

pub-misc

public-staging

Data staging for simulations

py-obfuscation-payloadgen

A generator for a simple way using polymorphic capabilities of obfuscating Python3 based payload using a simple key, transposition with ROT-13, and substitution of whitespaces with random number of hashtags

py-vthashcheck

A proof of concept AWS Lambda Python 3.7 runtime that takes Amazon S3 objects, evaluates against file magic MIME types, and will check existing SHA256 hashes or upload the file to VirusTotal using an API key. The API key is retrieved using security best practices with AWS Secrets Manager cached to reduce API overhead.

remoteacquirecli

Remotely deploy this script back to Windows or Linux hosts and do remote acquisition for memory, logical, and physical images.