Skip to content

Instantly share code, notes, and snippets.

There's nothing more permanent than a temporary hack.

Alex Flores audibleblink

There's nothing more permanent than a temporary hack.
View GitHub Profile
audibleblink / dllmain.go
Created Jul 31, 2021 — forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
View dllmain.go
package main
//#include "dllmain.h"
import "C"
audibleblink / proxy.go
Created Jul 31, 2021 — forked from legendtkl/proxy.go
simple golang tcp proxy (forward request)
View proxy.go
package main
import (
func main() {
//http.HandleFunc("/", handler)
audibleblink /
Created Jul 25, 2021 — forked from gladiatx0r/
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure


In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

audibleblink / DllMainThread.c
Created Jul 8, 2021 — forked from securitytube/DllMainThread.c
Launch Shellcode as a Thread via DllMain rather than a new process
View DllMainThread.c
// Dll Hijacking via Thread Creation
// Author - Vivek Ramachandran
// Learn Pentesting Online -- and
// Free Infosec Videos --
#include <windows.h>
#define SHELLCODELEN 2048
audibleblink / getsystem.go
Created Jul 15, 2019 — forked from lesnuages/getsystem.go
Inject shellcode in a system process, leveraging SeDebugPrivilege
View getsystem.go
package main
import (
View ShellcodeRDI.go
package main
* This is just a Go implementation of
* Useful if you're trying to generate shellcode for reflective DLL
* injection in Go, otherwise probably not much use :)
* The project, shellcode, most comments within this project
* are all from the original project by @SilentBreakSec's Nick Landers (@monoxgas)
audibleblink / openssl.MD
Created Dec 10, 2018 — forked from jchandra74/openssl.MD
HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window
View openssl.MD

HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window


My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.

Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:

Self-Signed SSL Issue in Chrome