Skip to content

Instantly share code, notes, and snippets.

View PPID Spoof & BlockDLLs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
class Program
static void Main(string[] args)
Tom4t0 / Invoke-UpdateMimikatzScript.ps1
Created Apr 18, 2019 — forked from ihack4falafel/Invoke-UpdateMimikatzScript.ps1
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire
View Invoke-UpdateMimikatzScript.ps1
Invoke-UpdateMimikatzScript created by Hashim Jawad (@ihack4falafel)
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire, see the link
Path to powerkatz.dll generated via Visual Studio.
Path to Invoke-Mimikatz.ps1 script.
Tom4t0 / inject.c
Created Mar 25, 2019 — forked from hfiref0x/inject.c
Process Doppelgänging
View inject.c
// Ref = src
// Credits:
// Vyacheslav Rusakov @swwwolf
// Tom Bonner @thomas_bonner
#include <Windows.h>
Tom4t0 /
Created Feb 21, 2019 — forked from magnetikonline/
Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers.

Enable LDAP over SSL (LDAPS) for Microsoft Active Directory servers

By default Microsoft active directory servers will offer LDAP connections over unencrypted connections (boo!).

The steps below will create a new self signed certificate appropriate for use with and thus enabling LDAPS for an AD server. Of course the "self-signed" portion of this guide can be swapped out with a real vendor purchased certificate if required.

Steps have been tested successfully with Windows Server 2012R2, but should work with Windows Server 2008 without modification. Requires a working OpenSSL install (ideally Linux/OSX) and (obviously) a Windows Active Directory server.

import requests
def register(url):
reg_url = url + '/'
post_data = {'username':'admin','password':'admin123','repassword':'admin123','isadmin':'1'}
resp =,data=post_data)
def login(url):
req = requests.Session()
login_url = url + '/'
Tom4t0 /
Created Apr 25, 2017 — forked from phith0n/
Fastcgi PHP-FPM Client && Code Execution
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer:
PY2 = True if sys.version_info.major == 2 else False
View Invoke-MS16-135.ps1
function Invoke-MS16-135 {
PowerShell implementation of MS16-135. The exploit targets all vulnerable
operating systems that support PowerShell v2+.
* Win7-Win10 <== 64 bit!
.PARAMETER Application
Specifies an Application to run.
View MS17-012.ps1
Function Start-ProcessInSession {
Start a process in a different session on the same server when MS17-0100 is not installed
Based on the work of James Foreshaw
The SessionID where you want to pop a process. Use quser to find all SessionID's on a terminal server
Tom4t0 / openssh-autobackdoor.bash
Last active Mar 28, 2017 — forked from eyecatchup/openssh-autobackdoor.bash
This script provides OpenSSH backdoor functionality with a magic password and logs passwords as well. It leverages the same basic idea behind common OpenSSH patches but this script attempts to make the process version agnostic. Use at your own risk.
View openssh-autobackdoor.bash
# ============================================
# satyr's openssh autobackdooring doohicky v0.-1
# ============================================
# Run this script with no args and it'll prompt for the "Magic" password and location to log passwords to (incoming and outgoing).
# If you give the location that passwords will be logged to as an arg, this script will try to automate almost everything
# (Like common openssh compiling problems, such as missing pam, kerberos, zlib, openssl-devel, etc.
# [it'll install them via apt or yum, whichever is available]).
View DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links