monthly

GitHub XSLT Trending

The latest build: 2024-06-16Source of data: GitHubTrendingRSS

Microsoft Word XSD for generating APA 7th edition references


APA 7th Edition for Microsoft Word

Until (unless) Microsoft gets around to adding a template for the latest version, this is the APA 7th Edition XSLT modified by Mike Slagle, plus the two additional fixes posted in the comments found here. This way, if other changes are needed, this file can be updated.

IMPORTANT: These files are provided as a courtesy to those needing a better option for APA 7 than what Microsoft currently provides. I did not create the template. If there are issues, take the time to make the changes necessary (if possible; there are limitations to what can be done) and submit a pull request.

How to Use

Windows

Manual Method

  1. Exit Word
  2. Using Windows Explorer, copy the file APASeventhEdition.xsl to C:\Users<your_user_name>\AppData\Roaming\Microsoft\Bibliography\Style
  3. Restart Word and from the References tab in Word, you should be able to choose APA7.

Bat file method / Cmd method

  1. Exit word
  2. Copy the APASeventhEdition.bat file and allow it to run.
  3. Restart Word and from the References tab in Word, you should be able to choose APA7.

Note: The bat file simply runs the following line:

curl https://raw.githubusercontent.com/briankavanaugh/APA-7th-Edition/main/APASeventhEdition.xsl -o "%appdata%\Microsoft\Bibliography\Style\APASeventhEdition.xsl"

MacOS

Manual method

  1. Exit Word
  2. Using Finder, copy the file APASeventhEdition.xsl to two locations:
    1. HD/Applications/Microsoft Word.app/Contents/Resources/Style/ (note that you will have to right-click and "View Contents" on the app icon at HD/Applications/Microsoft Word.app/)
    2. HD/Users/<your_user_name>/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/Style/
  3. Restart Word and from the References tab in Word, you should be able to choose APA7.

Shell script method / terminal method

  • The file asks for elevated priveliges using sudo. Only run files you trust and understand the contents of.
  1. Exit word and ensure it is closed before proceeding
  2. Copy the APASeventhEdition.sh file to a local folder
  3. Open the terminal (Search "Terminal through spotlight)
  4. Navigate to the folder containing the shell script
    1. cd /path/to/your/file
  5. Run the script
    1. bash APASeventhEdition.sh
    2. Enter password when prompted. The terminal stay blank while password is entered. Once entered, press enter
    3. The files should be placed in their corresponding folders

Notes:

  • The bash file will use the curl command to retrieve the file from github at the specified link and place it in the first of the specified folders above.
  • It will then check if the file was placed in the folder successfully, and then copy the file from the first folder to the next.
  • I do not have a Mac to test this on. The script was run successfully on a Mac with Office installed.

Disclaimer

(same as Mike's) I am only providing this file and the necessary location for it for education purposes. If any installations of MS Office are corrupted as a result of using this file, I am not responsible to address or repair any issues.

NIST Certified SCAP 1.2 toolkit


OpenSCAP

GatingJoin the chat at https://gitter.im/OpenSCAP/openscap

Open Source Security Compliance Solution

About

The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

Contributing

We welcome all contributions to the OpenSCAP project. If you would like to contribute, either by fixing existing issues or adding new features, please check out our contribution guide to get started. If you would like to discuss anything, ask questions, or if you need additional help getting started, you can either send a message to our libera.chat IRC channel, #openscap, or to our mailing list.

Microsoft Windows Support

The Microsoft Windows support is officially void as of Febuary 1, 2022.

Use cases

SCAP Content Validation

  • The following example shows how to validate a given source data stream; all components within the data stream are validated (XCCDF, OVAL, OCIL, CPE, and possibly other components):
oscap ds sds-validate scap-ds.xml

Scanning

  • To evaluate all definitions within the given OVAL Definition file, run the following command:
oscap oval eval --results oval-results.xml scap-oval.xml

where scap-oval.xml is the OVAL Definition file and oval-results.xml is the OVAL Result file.

  • To evaluate all definitions from the OVAL component that are part of a particular data stream within a SCAP data stream collection, run the following command:
oscap oval eval --datastream-id ds.xml --oval-id xccdf.xml --results oval-results.xml scap-ds.xml

where ds.xml is the given data stream, xccdf.xml is an XCCDF file specifying the OVAL component, oval-results.xml is the OVAL Result file, and scap-ds.xml is a file representing the SCAP data stream collection.

  • To evaluate a specific profile in an XCCDF file run this command:
oscap xccdf eval --profile Desktop --results xccdf-results.xml --cpe cpe-dictionary.xml scap-xccdf.xml

where scap-xccdf.xml is the XCCDF document, Desktop is the selected profile from the XCCDF document, xccdf-results.xml is a file storing the scan results, and cpe-dictionary.xml is the CPE dictionary.

  • To evaluate a specific XCCDF benchmark that is part of a data stream within a SCAP data stream collection run the following command:
oscap xccdf eval --datastream-id ds.xml --xccdf-id xccdf.xml --results xccdf-results.xml scap-ds.xml

where scap-ds.xml is a file representing the SCAP data stream collection, ds.xml is the particular data stream, xccdf.xml is ID of the component-ref pointing to the desired XCCDF document, and xccdf-results.xml is a file containing the scan results.

Document generation

  • without XCCDF rules
oscap xccdf generate guide XCCDF-FILE > XCCDF-GUIDE-FILE
  • with XCCDF rules
oscap xccdf generate guide --profile PROFILE XCCDF-FILE > XCCDF-GUIDE-FILE
  • generate report from scanning
oscap xccdf generate report XCCDF-RESULT-FILE > XCCDF-REPORT-FILE

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)


Living Off The Land Binaries and Scripts (and now also Libraries)

All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io (thanks @ConsciousHacker for this bit of eyecandy and the team over at https://gtfobins.github.io/). This repo serves as a place where we maintain the YML files that are used by the fancy frontend.

Goal

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

Criteria

A LOLBin/Lib/Script must:

  • Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.
  • Have extra "unexpected" functionality. It is not interesting to document intended use cases.
    • Exceptions are application whitelisting bypasses
  • Have functionality that would be useful to an APT or red team

Interesting functionality can include:

  • Executing code
    • Arbitrary code execution
    • Pass-through execution of other programs (unsigned) or scripts (via a LOLBin)
  • Compiling code
  • File operations
    • Downloading
    • Upload
    • Copy
  • Persistence
    • Pass-through persistence utilizing existing LOLBin
    • Persistence (e.g. hide data in ADS, execute at logon)
  • UAC bypass
  • Credential theft
  • Dumping process memory
  • Surveillance (e.g. keylogger, network trace)
  • Log evasion/modification
  • DLL side-loading/hijacking without being relocated elsewhere in the filesystem.

We do not approve binaries that allows for netntlm coercing, since most Windows binaries allows for that. Only exception is binaries that allows that on other than default ports (such as rpcping) or can allow direct credential theft.

Contributing

If you have found a new LOLBin or LOLScript that you would like to contribute, please review the contributing guidelines located here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/CONTRIBUTING.md

A template for the required format has been provided here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/YML-Template.yml

The History of the LOLBin

The phrase "Living off the land" was coined by Christopher Campbell (@obscuresec) & Matt Graeber (@mattifestation) at DerbyCon 3.

The term LOLBins came from a Twitter discussion on what to call binaries that can be used by an attacker to perform actions beyond their original purpose. Philip Goh (@MathCasualty) proposed LOLBins. A highly scientific internet poll ensued, and after a general consensus (69%) was reached, the name was made official. Jimmy (@bohops) followed up with LOLScripts. No poll was taken.

Common hashtags for these files are:

  • #LOLBin
  • #LOLBins
  • #LOLScript
  • #LOLScripts
  • #LOLLib
  • #LOLLibs

Our primary maintainer (@oddvarmoe) of this project did a talk at DerbyCon 2018 called: #Lolbins Nothing to LOL about! - https://www.youtube.com/watch?v=NiYTdmZ8GR4 This talk goes over the history of this project.

Maintainers

The following folks help maintain the LOLBAS Project on their personal time:

Thanks

As with many open-source projects, this one is the product of a community and we would like to thank ours:

  • The domain http://lolbins.com has been registered by an unknown individual and redirected it to the old version of this project.
  • The domain http://lolbas-project.com has been registered by Jimmy (@bohops).
  • The logos for the project were created by Adam Nadrowski (@_sup_mane). We #@&!!@#! love them.

Notice

  • Please refer to NOTICE.md for license information