###how to install elasticsearch with kibana
#if you use the "docker WSL 2 enngine" then run the 3 command bellow, 1 at the time:
sysctl -w vm.max_map_count=262144
wsl -d docker-desktop
exit
https://192.168.191.31:8006/ | |
$i="$env:USERPROFILE\Desktop\EricZimmermanTools"; (New-Object Net.WebClient).DownloadFile('https://f001.backblazeb2.com/file/EricZimmermanTools/Get-ZimmermanTools.zip',"${i}.zip"); Expand-Archive "$i.zip" -DestinationPath $i; Remove-Item "$i.zip"; PowerShell "$i\Get-ZimmermanTools.ps1" -Dest "$i\Tools" | |
& "$i\Tools\net6\PECmd.exe" -d "C:\Windows\Prefetch" --json "$i\Outputs" --csv "$i\Outputs" | |
& "$i\Tools\net6\TimelineExplorer\TimelineExplorer.exe" | |
& "$i\Tools\net6\EvtxECmd\EvtxECmd.exe" -d "C:\Windows\System32\winevt\Logs" --json "$i\Outputs" --csv "$i\Outputs" |
async function executeCommands(ssh, commands) { | |
let commandOutput = ''; // Collect command output | |
let currentIndex = 0; // Track the current command index | |
let outputs = [] | |
// Function to write the next command if available | |
const writeNextCommand = () => { | |
if (currentIndex < commands.length) { | |
console.log('Executing command:', commands[currentIndex], 'of commands', commands); |
PS E:\red_team_attack_lab-main> vagrant up | |
Bringing machine 'dc01' up with 'virtualbox' provider... | |
Bringing machine 'win2022-1' up with 'virtualbox' provider... | |
Bringing machine 'win2019-adcs' up with 'virtualbox' provider... | |
Bringing machine 'win2019-1' up with 'virtualbox' provider... | |
Bringing machine 'win10-1' up with 'virtualbox' provider... | |
Bringing machine 'win10-2' up with 'virtualbox' provider... | |
Bringing machine 'win11-1' up with 'virtualbox' provider... | |
Bringing machine 'win10-dev' up with 'virtualbox' provider... | |
Bringing machine 'win7-1' up with 'virtualbox' provider... |
###how to install elasticsearch with kibana
#if you use the "docker WSL 2 enngine" then run the 3 command bellow, 1 at the time:
sysctl -w vm.max_map_count=262144
wsl -d docker-desktop
exit
// my project is built with a framework I built called Manifest.JS, almost every file looks just like this: | |
// creates a webpage element, the first two arguments are all you need to understand to complete this work: | |
const elem = new Element('div', settingsObj) | |
elem.appendTo(document.body) | |
// to decide what happens in the element, settingsObj looks like this and every property is optional (empty settings would create an empty element): | |
{ | |
name: 'hi', // helps debugging, just a name | |
traits: { |
function replace(ref) { | |
ref = {}; // this code does _not_ affect the object passed | |
} | |
function update(ref) { | |
ref.key = 'newvalue'; // this code _does_ affect the _contents_ of the object | |
} | |
var a = { key: 'value' }; | |
replace(a); // a still has its original value - it's unmodfied |
function isObjNotArray(obj) { | |
return obj && typeof obj == 'object' && !Array.isArray(obj) | |
} | |
function isIterable(obj) { | |
let type = false | |
if (isObjNotArray(obj)) type = 'obj' | |
else if (Array.isArray(obj)) type = 'arr' | |
return type | |
} |
Binary obfuscation employed thoroughly. It is prevalent to note the distinction between preventing reverse engineering and preventing fingerprinting. A tool that makes software incredibly difficult to reverse-engineer often involves binary obfuscation structures that would be trivial to fingerprint. | |
Employ memory and data scraping prevention. If a program saves a string in memory, ensure it is represented in a randomized, encoded manner to avoid behaving as a signature via memory scraper. If the original executable contains any image or alternate data, ensure this is obfuscated randomly and effectively before delivery to the target. | |
Evade AV emulation (pre-execution) detection products via black box attacks. See AVLeak, Blackthorne et al (video presentation if preferred, Blackhat 2016). |
Set-mppreference –DisableRealtimeMonitoring $TRUE | |
new-item "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" | |
Get-psdrive | |
Start-transcript | out-null | |
Set-ExecutionPolicy Unrestricted | |
Update-Help -Force | |
-ErrorAction SilentlyContinue | |
2>$null 2>\dev\null | |
set-alias edit notepad.exe | |
Get-process | get-member |
py Tensorflow\models\research\object_detection\export_inference_graph.py --input_type image_tensor --pipeline_config_path Tensorflow\workspace\models\my_ssd_mobnet\pipeline.config --trained_checkpoint_prefix Tensorflow\workspace\pre-trained-models\ssd_mobilenet_v2_fpnlite_640x640_coco17_tpu-8\checkpoint\ckt-5.data-00000-of-00001 --output_directory Tensorflow\workspace\models\my_ssd_mobnet\export | |
2021-07-16 12:06:25.701510: I tensorflow/stream_executor/platform/default/dso_loader.cc:53] Successfully opened dynamic library cudart64_110.dll | |
2021-07-16 12:06:28.075448: I tensorflow/stream_executor/platform/default/dso_loader.cc:53] Successfully opened dynamic library nvcuda.dll | |
2021-07-16 12:06:28.093311: I tensorflow/core/common_runtime/gpu/gpu_device.cc:1733] Found device 0 with properties: | |
pciBusID: 0000:01:00.0 name: NVIDIA GeForce RTX 2080 SUPER computeCapability: 7.5 | |
coreClock: 1.845GHz coreCount: 48 deviceMemorySize: 8.00GiB deviceMemoryBandwidth: 462.00GiB/s | |
2021-07-16 12:06:28.093541: I t |