This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
using System.Net; | |
using System.IO.Compression; | |
public class Payload | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
// setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
// | |
// Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
// and then resuming the process. | |
// | |
// (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
#define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
#define INJECT_PARAM_LEN 43 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package weblogic.iiop; | |
import java.net.InetAddress; | |
import java.net.UnknownHostException; | |
import java.util.Arrays; | |
import java.util.List; | |
import weblogic.corba.cos.transactions.TransactionPolicyComponent; | |
import weblogic.corba.idl.poa.PolicyImpl; | |
import weblogic.diagnostics.debug.DebugLogger; | |
import weblogic.iiop.csi.CompoundSecMechList; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Author:fnmsd | |
//Blog:https://blog.csdn.net/fnmsd | |
package aa; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.io.PrintWriter; | |
import java.lang.reflect.Field; | |
import java.lang.reflect.Modifier; | |
import java.util.HashSet; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Author:fnmsd | |
//Blog:https://blog.csdn.net/fnmsd | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.lang.reflect.Field; | |
import java.util.HashSet; | |
import java.util.Scanner; | |
public class a { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Arno0x0x, Twitter: @Arno0x0x | |
Completely based on @Flangvik netloader | |
This partial rewrite of @Flangvik Netloader includes the following changes: | |
- Allow loading of an XOR encrypted binary to bypass antiviruses | |
To encrypt the initial binary you can use my Python transformFile.py script. | |
Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Based on a hint by @tiraniddo in chat today on Matt's Twitch Stream - https://www.twitch.tv/mattifestation | |
# Context: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md | |
# What does the script do?: | |
# Get a list of blocked filenames from the hashes in Microsoft recommended block rules. | |
# Result | |
# Some strange filenames from hashes in VT output, for e.g.169339.ps1 | |
# Some hashes do not exist in VT. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" > | |
<Target Name="Hello" > | |
<!-- Call ANY .NET API --> | |
<!-- | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python3 | |
# | |
# Requires Python 3.7+ & aiohttp (speedups recommended) | |
# pip3 install aiohttp[speedups] | |
# | |
import sys | |
import asyncio | |
import aiohttp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import argparse | |
import string | |
import sys | |
from impacket import nmb | |
from impacket.smb3 import SMB2_COMPRESSION_TRANSFORM_HEADER, SMB3, SMB2_DIALECT_311, SMB2_NEGOTIATE_SIGNING_REQUIRED, \ | |
SMB2_NEGOTIATE_SIGNING_ENABLED, STATUS_SUCCESS, SMB2_DIALECT_30, \ | |
SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, SMB2_NEGOTIATE, \ | |
SMB2Negotiate, SMB311ContextData, SMB2NegotiateContext, SMB2_PREAUTH_INTEGRITY_CAPABILITIES, \ |