Skip to content

Instantly share code, notes, and snippets.

View ChoiSG's full-sized avatar

ChoI ChoiSG

140 followers · 59 following
View GitHub Profile
@ChoiSG
ChoiSG / bullyhunter.sh
Created April 17, 2019 17:21
Catch all the bullies!
#!/bin/bash
# author: choi
# Note: There is a shorter version coming. IRSEC forces members to only
# type their scripts, so I'll be making a shorter version of this.
# Description: Bullyhunter downloads LiME and volatility, which "maybe" helps
# to track down the already implemented rookit. Best of luck.
#
#
# if you are lost
@ChoiSG
ChoiSG / Parse-Mimikatz.ps1
Created March 11, 2020 21:15
Parsing mimikatz output - simplified
# Author: Will Schroeder (https://github.com/PowerShellEmpire/PowerTools/blob/master/PewPewPew/Invoke-MassMimikatz.ps1)
# modification: choisg - Very little modification has been done to simplify the output
# helper to parse out Mimikatz output
function Parse-Mimikatz {
[CmdletBinding()]
param(
[string]$raw
)
@ChoiSG
ChoiSG / httpgrunt_amsibypass.cs
Last active March 16, 2022 23:02
httpgrunt with amsi bypass
// This is a Covenant Template file. Go to Covenant ==> Template ==> GruntHTTP ==> Stager Code
// and copy/paste this.
using System;
using System.Net;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.IO.Pipes;
using System.Reflection;
@ChoiSG
ChoiSG / gist:15405f45d3371a4df5a3c0dc579bdd28
Last active October 15, 2020 18:11
testo.c
#include <stdio.h>
#include <time.h>
#include <string.h>
int main(){
printf("Opening blahblahblah\n");
int n, a = 0;
char psy[20];
@ChoiSG
ChoiSG / converToUUID.py
Last active September 28, 2023 10:28
Simple python script to convert shellcode to UUID String
"""
Created for : https://blog.sunggwanchoi.com/eng-uuid-shellcode-execution/
Repo: https://github.com/ChoiSG/UuidShellcodeExec
"""
import uuid
def convertToUUID(shellcode):
# If shellcode is not in multiples of 16, then add some nullbytes at the end
if len(shellcode) % 16 != 0:
print("[-] Shellcode's length not multiplies of 16 bytes")
@ChoiSG
ChoiSG / execute_assembly_bin.nim
Last active February 4, 2022 16:13
testnim for Invoke-ReflectivePEInjection
#[
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: BSD 3-Clause
I still can't believe this was added directly in the Winim library. Huge props to the author of Winim for this (khchen), really great stuff.
Make sure you have Winim >=3.6.0 installed. If in doubt do a `nimble install winim`
Also see https://github.com/khchen/winim/issues/63 for an amazing pro-tip from the author of Winim in order to determine the marshalling type of .NET objects.
References:
- https://github.com/khchen/winim/blob/master/examples/clr/usage_demo2.nim
]#
@ChoiSG
ChoiSG / stagezero.cs
Last active March 18, 2022 21:01
stage zero using dinvoke to inject donut'ed covenant grunt
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using DynamicInvoke = DInvoke.DynamicInvoke;
// Install DInvoke, Fody, and Costura Fody through Nuget
namespace stagezero
{
class Program
@ChoiSG
ChoiSG / HTTPGruntAmsiBypass.cs
Last active March 17, 2022 20:16
AMSI Bypass HTTP Grunt
using System;
using System.Net;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.IO.Pipes;
using System.Reflection;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Runtime.InteropServices; // For PInvoke
@ChoiSG
ChoiSG / hooktester.cs
Created May 7, 2021 01:16
basic process injector that will get caught by SylantStrike (https://github.com/CCob/SylantStrike)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Text;
namespace hooktester
{
class Program
@ChoiSG
ChoiSG / dinvokeSyscall.cs
Created May 7, 2021 18:37
dinvoke with syscall - created for blog post
using System;
using DInvoke;
using System.Diagnostics;
using System.Runtime.InteropServices;
using DynamicInvoke = DInvoke.DynamicInvoke;
using Data = DInvoke.Data;
namespace dinvokeSyscall
{
class Program