This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Linq; | |
using System.Management; | |
namespace ComAbandonment | |
{ | |
public class ComAbandonment | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
:: | |
::####################################################################### | |
:: | |
:: Change file associations to protect against common ransomware attacks | |
:: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell | |
:: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :) | |
:: --------------------- | |
ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//this requires being able to run at kernel mode and assumes you're using MSVC | |
//this also uses an unnamed structure for cr0_t, which is a nonstandard extension of the C language | |
//data structure for cr0 | |
typedef union _cr0_t | |
{ | |
struct | |
{ | |
uint64_t protection_enable : 1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
obj-m += tcp_svr_sample.o | |
all: | |
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules | |
clean: | |
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*! @brief https://github.com/rapid7/meterpreter/blob/master/source/common/arch/win/remote_thread.c */ | |
#include <windows.h> | |
#include <stdio.h> | |
typedef DWORD(WINAPI *prototype_RtlCreateUserThread)( | |
HANDLE ProcessHandle, | |
PSECURITY_DESCRIPTOR SecurityDescriptor, | |
BOOL CreateSuspended, | |
ULONG StackZeroBits, | |
PULONG StackReserved, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idc | |
import idautils | |
import idaapi | |
FUNCTIONS_REGISTERS = {"g_log": "rcx", "g_log_error": "rdx"} | |
def get_string_for_function(call_func_addr, register): | |
""" | |
:param start_addr: The function call address |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-LibraryMS { | |
<# | |
.SYNOPSIS | |
Author: Jayden Zheng (@fuseyjz) | |
Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID. | |
In particular, <url> element with shell command. | |
Blog: pending release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
;;; | |
;;; Copyright (C), zznop, zznop0x90@gmail.com | |
;;; | |
;;; This software may be modified and distributed under the terms | |
;;; of the MIT license. See the LICENSE file for details. | |
;;; | |
;;; DESCRIPTION | |
;;; | |
;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
PORT_NUMBER = 31337 | |
class myHandler(BaseHTTPRequestHandler): | |
#Handler for the GET requests | |
def do_GET(self): | |
self.send_response(200) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import subprocess | |
import ctypes | |
# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ | |
svcinfo = {} | |
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG'] | |
FNULL = open(os.devnull, 'w') |