Skip to content

Instantly share code, notes, and snippets.

View ssnkhan's full-sized avatar
:atom:

Sajid Nawaz Khan ssnkhan

:atom:
44 followers · 12 following
View GitHub Profile
@MHaggis
MHaggis / conti.cna
Created August 9, 2021 14:15
#AntiVirus Query
#Author: @r3dQu1nn
#Queries the Registry for AV installed
#Thanks to @i_am_excite and @merrillmatt011 for the help
#Props to @zerosum0x0 for the wmic find!
#Long ass one-liner :)
$powershellcmd = "\$av_list = @(\"BitDefender\", \"Kaspersky\", \"McAfee\", \"Norton\", \"Avast\", \"WebRoot\", \"AVG\", \"ESET\", \"Malware\", \"Windows Defender\");\$av_install = Get-ItemProperty HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$av_install1 = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$regkey = 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\';\$av_loop2 = foreach (\$av1 in \$av_list){foreach (\$key in \$av_install){if (\$key.DisplayName -match \$av1 -eq \$TRUE){% {\"{0}|{1}|{2}\" -f \$key.DisplayName.ToString(), \$key.DisplayVersion.ToString(), \$key.InstallDate.ToString()}}}};\$proc_temp = Get-Process;\$av_loop = foreach (\$av in \$av_list){foreach (\$zz in \$proc_temp){if (\$zz.path -match \$av -eq \$TRUE)
@adulau
adulau / hashlookup-circl-lu.md
Last active September 3, 2024 17:03
hashlookup.circl.lu - examples

hashlookup.circl.lu

CIRCL hash lookup is a public API to lookup hash values against known database of files. NSRL RDS database is included. More database will be included in the future. The API is accessible via HTTP ReST API and the API is also described as an OpenAPI.

Get information about the hash lookup database (via ReST)

curl -X 'GET' \
  'https://hashlookup.circl.lu/info' \
 -H 'accept: application/json'
@olafhartong
olafhartong / Windows-CLSID.csv
Last active November 20, 2025 21:32
We can't make this file beautiful and searchable because it's too large.
CLSID,ClassName
{0000031A-0000-0000-C000-000000000046},CLSID
{0000002F-0000-0000-C000-000000000046},CLSID CLSID_RecordInfo
{00000100-0000-0010-8000-00AA006D2EA4},CLSID DAO.DBEngine.36
{00000101-0000-0010-8000-00AA006D2EA4},CLSID DAO.PrivateDBEngine.36
{00000103-0000-0010-8000-00AA006D2EA4},CLSID DAO.TableDef.36
{00000104-0000-0010-8000-00AA006D2EA4},CLSID DAO.Field.36
{00000105-0000-0010-8000-00AA006D2EA4},CLSID DAO.Index.36
{00000106-0000-0010-8000-00AA006D2EA4},CLSID DAO.Group.36
{00000107-0000-0010-8000-00AA006D2EA4},CLSID DAO.User.36
@sixdub
sixdub / beacon.ksy
Created April 6, 2021 21:17
meta:
id: beaconconfig
title: Cobalt Strike Beacon Config
endian: be
doc: |
Cobalt Strike Beacon is a popular offensive security tool. Beacon itself
is a DLL that gets injected into memory and can be staged from C2 servers.
The Beacon DLL (in unencoded form) contains a configuration section that gets
patched by the C2 server. This section is a fixed predictable structure
@dmchell
dmchell / getnamedpipes.cs
Created January 31, 2021 18:43
using System.IO;
using System;
namespace GetNamedPipes
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("[*] Found the following pipes:");
@MHaggis
MHaggis / Beacon.csv
Created December 23, 2020 14:12
Extraction of Spawnto's in public CobaltStrike servers, related to https://twitter.com/M_haggis/status/1341746928665542659?s=20, https://twitter.com/MichalKoczwara/status/1341659356866240517
spawnto count
WUAUCLT.exe 1
WerFault.exe 3
batchexe 2
cmstp.exe 1
compact.exe 1
dllhost.exe 3
eventvwr.exe 1
gpresult.exe 2
gpupdate.exe 16
@peterhurford
peterhurford / install_xelatex_on_mac.txt
Last active February 17, 2026 19:03
How to install latex and xelatex on Mac so that Jupyter "Download as PDF" will work
brew install pandoc
brew tap homebrew/cask
brew install --cask basictex
eval "$(/usr/libexec/path_helper)"
# Update $PATH to include `/usr/local/texlive/2022basic/bin/universal-darwin`
sudo tlmgr update --self
sudo tlmgr install texliveonfly
sudo tlmgr install xelatex
sudo tlmgr install adjustbox
sudo tlmgr install tcolorbox
@0xtornado
0xtornado / 0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
Created April 30, 2020 14:11
CyberChef recipe to extract and decode Shellcode from a Cobalt Strike beacon
[{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}]
@krypted
krypted / gist:605e0fb776d8761750c068234811a842
Created February 1, 2019 14:53
#
#
# Exports the contents of a flat sql dump to csv files with the name of the table.csv and a xls representation of the database
# Requires Python 3.7 (from a Mac, first - brew install python3)
# Prior to running python3 -m pip install pandas
# Prior to running python3 -m pip install openpyxl
# Usage python3 sqlcsvxlsexport.py <sql dump file> <target directory>
# Send accolades for the script to krypted@me.com or hatemail to <devnull>
#
#
@niw
niw / fetch_nike_puls_all_activities.bash
Last active February 18, 2026 19:00
A simple NikePlus API description to fetch past run metrics
#!/usr/bin/env bash
# fetch_nike_puls_all_activities.bash
# A simple bash script to fetch all activities and metrics from NikePlus.
# See `nike_plus_api.md` for the API details.
readonly bearer_token="$1"
if [[ -z "$bearer_token" ]]; then
echo "Usage: $0 bearer_token"
exit