Skip to content

Instantly share code, notes, and snippets.

View HarmJ0y's full-sized avatar
💭
Coding towards chaotic good while living on the decision boundary

Will Schroeder HarmJ0y

💭
Coding towards chaotic good while living on the decision boundary
View GitHub Profile
@HarmJ0y
HarmJ0y / CIPolicyParser.ps1
Created July 12, 2022 21:36 — forked from mattifestation/CIPolicyParser.ps1
Functions to recover information from binary Windows Defender Application Control (WDAC) Code Integrity policies.
# Ensure System.Security assembly is loaded.
Add-Type -AssemblyName System.Security
function ConvertTo-CIPolicy {
<#
.SYNOPSIS
Converts a binary file that contains a Code Integrity policy into XML format.
Author: Matthew Graeber (@mattifestation)
@HarmJ0y
HarmJ0y / patchless_amsi.h
Created May 13, 2022 19:14 — forked from CCob/patchless_amsi.h
In-Process Patchless AMSI Bypass
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H
#include <windows.h>
static const int AMSI_RESULT_CLEAN = 0;
PVOID g_amsiScanBufferPtr = nullptr;
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
@HarmJ0y
HarmJ0y / Invoke-DCSync.ps1
Last active February 2, 2021 10:46 — forked from monoxgas/Invoke-DCSync.ps1
What more could you want?
This file has been truncated, but you can view the full file.
function Invoke-DCSync
{
<#
.SYNOPSIS
Uses dcsync from mimikatz to collect NTLM hashes from the domain.
Author: @monoxgas
Invoke-ReflectivePEInjection