I hereby claim:
- I am 0xsv1 on github.
- I am eisveen (https://keybase.io/eisveen) on keybase.
- I have a public key ASAKyHkeQcyc7sK43WRWCStrJglOrERg5C8IJUWzdrA-xwo
To claim this, I am signing this object:
SV1 0xSV1
0xSV1
/ powershell-web-server.ps1
Created
October 7, 2020 14:57
— forked from 19WAS85/powershell-web-server.ps1
A simple web server built with powershell.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a super **SIMPLE** example of how to create a very basic powershell webserver | |
| # 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity. | |
| # Http Server | |
| $http = [System.Net.HttpListener]::new() | |
| # Hostname and port to listen on | |
| $http.Prefixes.Add("http://localhost:8080/") | |
| # Start the Http Server |
0xSV1
/ MuteSysmon.cs
Created
October 7, 2020 14:57
— forked from Flangvik/MuteSysmon.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Text; | |
| namespace MuteSysmon | |
| { | |
| class Program |
0xSV1
/ keybase.md
Created
September 9, 2020 13:16
0xSV1
/ README.md
Created
September 1, 2020 22:06
— forked from byt3bl33d3r/README.md
Remote AppDomainManager Injection
This is a variation of the technique originally discovered by subtee and described here
TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.
This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)
- Copy some binary you love to say,
C:\Test. Lets useaspnet_compiler.exeas an example - Compile
test.cstotest.dllwith a signed strong name, this is required to load an assembly outside of a .NET applications base directory. - Host
test.dllon a remote SMB or HTTP(S) server
0xSV1
/ go-sharp-loader.go
Created
August 19, 2020 22:27
— forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
0xSV1
/ AzureOAuthTools.ps1
Created
June 25, 2020 18:57
— forked from dafthack/AzureOAuthTools.ps1
A few PowerShell tools for working with Azure OAuth2 Authentication Codes and Access Tokens
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## A few tools for working with Azure OAuth2 Authentication Codes and access_tokens | |
| ## By Beau Bullock @dafthack | |
| Function Get-AzureAccessToken{ | |
| Param | |
| ( | |
| [Parameter(Position = 0, Mandatory = $false)] | |
| [string] |
0xSV1
/ .htaccess
Created
February 10, 2020 13:04
— forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
NewerOlder