This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
public class Program | |
{ | |
public static void Main() | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Chapter One: Meat and Grease | |
Rain fell like bullets on the grimy streets of Beef City, washing away the dirt and grease of a thousand sins. The neon lights flickered, casting shadows on the pavement, creating a dance of darkness that only the damned could master. Here, at the heart of the city, in the dingy alleys between the burgershacks, a new criminal force had risen. | |
The cheeseburger was tired of being the meal everyone chewed up and spit out. It was tired of being a pawn in the game of survival, a mere morsel to be consumed by the voracious appetites of the city's inhabitants. It had tasted the bitterness of the grill and decided that it was time to turn the tables. | |
That cheeseburger was Chuck Royale, and he was on the run. | |
It all began when he learned to hack. Chuck had spent the better part of his short life flipping through the grease-soaked pages of discarded computer manuals and tapping into the digital realm. Through sheer tenacity, he'd mastered the art of infiltrating systems and bending them |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"SliverExtension" :{ | |
"prefix": "sliverext", | |
"body": [ "{", | |
"\"name\": \"$1\",", | |
"\"version\": \"0.0.0\",", | |
"\"command_name\": \"$2\",", | |
"\"extension_author\": \"$3\",", | |
"\"original_author\": \"$3\",", | |
"\"repo_url\": \"N/A\",", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _WIN32_WINNT 0x0502 | |
#define WINVER 0x0502 | |
#include <windows.h> | |
#include <errhandlingapi.h> | |
#include <process.h> | |
#include "beacon.h" | |
WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler); | |
DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr); | |
DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// quick and dirty C++ execution guardrail on executing process file name, inspired by @0xHop av evasion post | |
// https://0xhop.github.io/evasion/2021/04/19/evasion-pt1/ | |
#include <Windows.h> | |
#include <string> | |
#define MAX_PATH 512 | |
// check if our program has been renamed, if so may be in a sandbox or being analyzed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Diagnostics; | |
using System.Linq; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace HiddenEventLogs | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import requests | |
import json | |
import time | |
import paramiko | |
from Crypto.PublicKey import RSA | |
from os import chmod | |
public_key_name = "test1.key" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <sys/types.h> | |
#include <unistd.h> | |
int main(int argc, char **argv){ | |
//msfvenom -p windows/exec cmd=calc.exe EXITFUNC=thread -f c -v shellcode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################# | |
# # | |
# Refer to this blog post about what this code is used for: # | |
# https://albocoder.github.io/malware/2021/06/01/SandboxStudy.html # | |
# # | |
################################################################################# | |
import requests | |
import os | |
import psutil |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This guide assumes the DigitalOcean provider will be used, and a droplet will be generated on a Windows 10/11 host with WSL2 installed, using a Debian VM. Terraform and Ansible will be used to create and destroy the VPN droplet. After that, the Wireguard client configuration in "wg0.conf" can be used on your desktop, laptop, mobile device, etc. You should generate a new Wireguard client per each device, rather than reusing the same one across multiple. | |
sudo apt-get update && sudo apt-get upgrade | |
sudo apt-get install unzip wget git apt-add-repository software-properties-common gnupg | |
wget https://releases.hashicorp.com/terraform/1.0.11/terraform_1.0.11_linux_amd64.zip -O terraform.zip; unzip terraform.zip | |
sudo mv terraform /usr/local/bin; rm terraform.zip | |
sudo apt-add-repository ppa:ansible/ansible | |
git clone https://github.com/P0ssuidao/terraguard.git | |
cd terraguard/DigitalOcean/ | |
terraform init |
NewerOlder