ChoI ChoiSG

## rsrcDecryptAssembly.nim
import nimcrypto
import winim/clr except `[]`  # https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/  <-- thank you so much, 2 hours googling I almost went crazy

#[
    All credit goes to @byt3bl33d3r (OffensiveNim) and @s3cur3th1ssh1t

    nimble install winim nimcrypto zippy
    nim c -d:danger -d:strip --opt:size rsrcDecryptAssembly.nim

    slurp = "staticRead" will read the file and store it in the variable (.rdata) on compile time.

## dinvokeSyscall.cs
using System;
using DInvoke;
using System.Diagnostics;
using System.Runtime.InteropServices;
using DynamicInvoke = DInvoke.DynamicInvoke;
using Data = DInvoke.Data;

namespace dinvokeSyscall
{
    class Program

## hooktester.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Text;

namespace hooktester
{
    class Program

## HTTPGruntAmsiBypass.cs
using System;
using System.Net;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.IO.Pipes;
using System.Reflection;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Runtime.InteropServices;   // For PInvoke

## stagezero.cs
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using DynamicInvoke = DInvoke.DynamicInvoke;

// Install DInvoke, Fody, and Costura Fody through Nuget

namespace stagezero
{
    class Program

## execute_assembly_bin.nim
#[
    Author: Marcello Salvati, Twitter: @byt3bl33d3r
    License: BSD 3-Clause
    I still can't believe this was added directly in the Winim library. Huge props to the author of Winim for this (khchen), really great stuff.
    Make sure you have Winim >=3.6.0 installed. If in doubt do a `nimble install winim`
    Also see https://github.com/khchen/winim/issues/63 for an amazing pro-tip from the author of Winim in order to determine the marshalling type of .NET objects.
    References:
      - https://github.com/khchen/winim/blob/master/examples/clr/usage_demo2.nim
]#

## converToUUID.py
"""
Created for : https://blog.sunggwanchoi.com/eng-uuid-shellcode-execution/
Repo: https://github.com/ChoiSG/UuidShellcodeExec
"""
import uuid

def convertToUUID(shellcode):
	# If shellcode is not in multiples of 16, then add some nullbytes at the end
	if len(shellcode) % 16 != 0:
		print("[-] Shellcode's length not multiplies of 16 bytes")

## gist:15405f45d3371a4df5a3c0dc579bdd28
#include <stdio.h>
#include <time.h>
#include <string.h>

int main(){

    printf("Opening blahblahblah\n");

    int n, a = 0;
    char psy[20];

## httpgrunt_amsibypass.cs
// This is a Covenant Template file. Go to Covenant ==> Template ==> GruntHTTP ==> Stager Code
// and copy/paste this.

using System;
using System.Net;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.IO.Pipes;
using System.Reflection;

## Parse-Mimikatz.ps1
# Author: Will Schroeder (https://github.com/PowerShellEmpire/PowerTools/blob/master/PewPewPew/Invoke-MassMimikatz.ps1)

# modification: choisg - Very little modification has been done to simplify the output
# helper to parse out Mimikatz output
function Parse-Mimikatz {

    [CmdletBinding()]
    param(
        [string]$raw
    )
	import nimcrypto
	import winim/clr except `[]` # https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/ <-- thank you so much, 2 hours googling I almost went crazy

	#[
	All credit goes to @byt3bl33d3r (OffensiveNim) and @s3cur3th1ssh1t

	nimble install winim nimcrypto zippy
	nim c -d:danger -d:strip --opt:size rsrcDecryptAssembly.nim

	slurp = "staticRead" will read the file and store it in the variable (.rdata) on compile time.
	using System;
	using DInvoke;
	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using DynamicInvoke = DInvoke.DynamicInvoke;
	using Data = DInvoke.Data;

	namespace dinvokeSyscall
	{
	class Program
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Runtime.InteropServices;
	using System.Diagnostics;
	using System.Text;

	namespace hooktester
	{
	class Program
	using System;
	using System.Net;
	using System.Linq;
	using System.Text;
	using System.Text.RegularExpressions;
	using System.IO.Pipes;
	using System.Reflection;
	using System.Collections.Generic;
	using System.Security.Cryptography;
	using System.Runtime.InteropServices; // For PInvoke
	#[
	Author: Marcello Salvati, Twitter: @byt3bl33d3r
	License: BSD 3-Clause
	I still can't believe this was added directly in the Winim library. Huge props to the author of Winim for this (khchen), really great stuff.
	Make sure you have Winim >=3.6.0 installed. If in doubt do a `nimble install winim`
	Also see https://github.com/khchen/winim/issues/63 for an amazing pro-tip from the author of Winim in order to determine the marshalling type of .NET objects.
	References:
	- https://github.com/khchen/winim/blob/master/examples/clr/usage_demo2.nim
	]#
	"""
	Created for : https://blog.sunggwanchoi.com/eng-uuid-shellcode-execution/
	Repo: https://github.com/ChoiSG/UuidShellcodeExec
	"""
	import uuid

	def convertToUUID(shellcode):
	# If shellcode is not in multiples of 16, then add some nullbytes at the end
	if len(shellcode) % 16 != 0:
	print("[-] Shellcode's length not multiplies of 16 bytes")
	#include <stdio.h>
	#include <time.h>
	#include <string.h>

	int main(){

	printf("Opening blahblahblah\n");

	int n, a = 0;
	char psy[20];
	// This is a Covenant Template file. Go to Covenant ==> Template ==> GruntHTTP ==> Stager Code
	// and copy/paste this.

	using System;
	using System.Net;
	using System.Linq;
	using System.Text;
	using System.Text.RegularExpressions;
	using System.IO.Pipes;
	using System.Reflection;
	# Author: Will Schroeder (https://github.com/PowerShellEmpire/PowerTools/blob/master/PewPewPew/Invoke-MassMimikatz.ps1)

	# modification: choisg - Very little modification has been done to simplify the output
	# helper to parse out Mimikatz output
	function Parse-Mimikatz {

	[CmdletBinding()]
	param(
	[string]$raw
	)