Critical Exposure in Citrix ADC (NetScaler) – Unauthenticated Remote Code Execution
Credit: Suggested steps taken from twitter post by @darkQuassar
Just converted to copy/pastable gist for easy access
darkquasar darkquasar
webframp
/ CVE-2019-19781-firstresponse.md
Last active
January 18, 2020 01:00
CVE-2019-19781 - Live Response First Steps from @darkQuassar
SwitHak
/ 20200114-TLP-WHITE_CVE-2020-0601.md
Last active
November 11, 2025 11:22
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
- Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
- The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
- The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.
- NSA description:
- NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
jaredcatkinson
/ Add-ACECertificate.ps1
Last active
February 24, 2024 15:17
PowerShell script to query the ACE Certificate Authority (CA) for the CA's public key and add the public key to the system's local cert store
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Add-ACERootCertificate | |
| { | |
| param | |
| ( | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $ServerIp, | |
| [Parameter()] | |
| [Int32] |
jaredcatkinson
/ Get-Hash.ps1
Last active
March 15, 2024 17:05
PowerShell v2 port of the Get-FileHash function. This version of Get-Hash supports hashing files and strings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-Hash | |
| { | |
| <# | |
| .SYNOPSIS | |
| Get-Hash is a PowerShell Version 2 port of Get-FileHash that supports hashing files, as well as, strings. | |
| .PARAMETER InputObject | |
| This is the actual item used to calculate the hash. This value will support [Byte[]] or [System.IO.Stream] objects. |
HarmJ0y
/ PowerView-3.0-tricks.ps1
Last active
December 11, 2025 18:41
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
October 14, 2025 02:45
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
Neo23x0
/ annotations.xml
Last active
September 23, 2025 12:16
Sources for APT Groups and Operations Search Engine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <Annotations start="0" num="171" total="171"> | |
| <Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag"> | |
| <Label name="_cse_turlh5vi4xc"/> | |
| <AdditionalData attribute="original_url" value="https://www.bussink.net/"/> | |
| </Annotation> | |
| <Annotation about="*.thedfirreport.com/*" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI"> | |
| <Label name="_cse_turlh5vi4xc"/> | |
| <AdditionalData attribute="original_url" value="https://thedfirreport.com/"/> | |
| </Annotation> |