Skip to content

Instantly share code, notes, and snippets.

View SolomonSklash's full-sized avatar

Solomon Sklash SolomonSklash

411 followers · 55 following
View GitHub Profile
@Cracked5pider
Cracked5pider / transport_https.c
Created July 11, 2022 14:41
perform HTTPs requests using WinHTTP
BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize )
{
#ifdef TRANSPORT_HTTP
HANDLE hConnect = NULL;
HANDLE hSession = NULL;
HANDLE hRequest = NULL;
DWORD HttpFlags = 0;
LPVOID RespBuffer = NULL;
@rad9800
rad9800 / apihash.c
Last active October 4, 2023 00:47
Using macros and constexpr to make API hashing a bit more friendly
#include <Windows.h>
#include <winternl.h>
#pragma comment(linker, "/ENTRY:entry")
// Define hashing algorithm to use
#define HASHALGO HashStringDjb2
// Define how large you'd like cache to be
#define CACHE 50
@antonioCoco
antonioCoco / AltPidFinder.cpp
Created May 5, 2022 15:16
#include "Windows.h"
#include "stdio.h"
#include "strsafe.h"
#include "winternl.h"
#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
{
ULONG NumberOfProcessIdsInList;
@CCob
CCob / patchless_amsi.h
Created April 17, 2022 16:18
In-Process Patchless AMSI Bypass
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H
#include <windows.h>
static const int AMSI_RESULT_CLEAN = 0;
PVOID g_amsiScanBufferPtr = nullptr;
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
@EvanMcBroom
EvanMcBroom / encrypting-strings-at-compile-time.md
Last active March 1, 2024 07:14
Encrypting Strings at Compile Time

Encrypting Strings at Compile Time

Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on the SpecterOps Blog.

TLDR: You may use this header file for reliable compile time string encryption without needing any additional dependencies.

Programmers of DRM software, security products, or other sensitive code bases are commonly required to minimize the amount of human readable strings in binary output files. The goal of the minimization is to hinder others from reverse engineering their proprietary technology.

Common approaches that are taken to meet this requirement often add an additional maintenance burden to the developer and are prone to error. These approaches will be presented along with t

@olliencc
olliencc / AA.cpp
Last active October 11, 2023 10:26
Enumerates why each DLL loaded for each process via PEB
/*
This was the first version - the newer version also includes *When* it was loaded also.
https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1
*/
@Cracked5pider
Cracked5pider / ReflectedDll.c
Last active January 20, 2022 14:01
Get output from injected reflected dll
//===============================================================================================//
// This is a stub for the actuall functionality of the DLL.
//===============================================================================================//
#include "ReflectiveLoader.h"
#include <stdio.h>
// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are
// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own
// DllMain and use the LoadRemoteLibraryR() API to inject this DLL.
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@benpturner
benpturner / SysCall.cpp
Created October 18, 2021 07:30
#define _CRT_SECURE_NO_WARNINGS
#include <iostream>
#include <windows.h>
#include <psapi.h>
typedef struct _PS_ATTRIBUTE {
ULONG Attribute;
SIZE_T Size;
union {
@aaaddress1
aaaddress1 / memBruteforce.cpp
Last active February 20, 2024 11:16
Windows 32-bit Shellcode Design without TEB & fs:30h
// memBruteforce.cpp by aaaddress1@chroot.org
// brute search loaded moudules in memory
// rewrite from https://www.exploit-db.com/exploits/45293
#include <Windows.h>
#include <iostream>
#pragma warning(disable:4996)
bool isMemExist(size_t addr) {
int retv;
__asm {