Skip to content

Instantly share code, notes, and snippets.

View Kudaes's full-sized avatar

Kurosh Dabbagh Escalante Kudaes

View GitHub Profile
@byt3bl33d3r
byt3bl33d3r / README.md
Last active May 3, 2024 15:52
Remote AppDomainManager Injection

This is a variation of the technique originally discovered by subtee and described here

TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.

This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)

  1. Copy some binary you love to say, C:\Test. Lets use aspnet_compiler.exe as an example
  2. Compile test.cs to test.dll with a signed strong name, this is required to load an assembly outside of a .NET applications base directory.
  3. Host test.dll on a remote SMB or HTTP(S) server
@Kevin-Robertson
Kevin-Robertson / Get-KerberosAESKey.ps1
Last active May 25, 2024 03:04
Generate Kerberos AES keys from a known password
function Get-KerberosAESKey
{
<#
.SYNOPSIS
Generate Kerberos AES 128/256 keys from a known username/hostname, password, and kerberos realm. The
results have been verified against the test values in RFC3962, MS-KILE, and my own test lab.
https://tools.ietf.org/html/rfc3962
https://msdn.microsoft.com/library/cc233855.aspx
@FrancesCoronel
FrancesCoronel / sampleREADME.md
Last active March 26, 2024 01:21
A sample README for all your GitHub projects.

Repository Title Goes Here

Frances Coronel

INSERT GRAPHIC HERE (include hyperlink in image)

Subtitle or Short Description Goes Here

ideally one sentence >