This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FILE *__cdecl popen(const char *Command, const char *Mode) | |
| { | |
| FILE *v3; // r12 | |
| char v5; // al | |
| char v6; // al | |
| int v7; // r8d | |
| unsigned int v8; // ebx | |
| int *p_FileHandle; // rdi | |
| HANDLE CurrentProcess; // rax | |
| __int64 v11; // r15 |
bopin2020
/ my_c2_thoughts.txt
Created
December 12, 2023 12:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I wanna talk about some thoughts on Client with GUI as well as used by an operator | |
| due to a lot of efforts in the past. [1/1] | |
| I have puzzled how to design an Command&Control and what the key point of design C2 successfully? Is that flexibility or something stuff? | |
| I was amazing of CobaltStrike which allow operator add new UI elements dynamically when I met in first time at that time I was not similar with Compiler related knownledge. In no time, I realized that CobaltStrike UI elements just support rare UI components such as: TextBox,Button,CheckBox,ChomoBox and so on. I clearly understand that Raphael Mudge expose UI interface through sleep language that backend with java Swing. Above these techniques were very awesome and excited for me. One thought bring up from my brain: | |
| 1. design a script language or carry forward other dynamic script language. The UI language I mean directly write. For WPF I could use C# language, so If I can design a script lang just named "bp", I just write a "bp" parser enginee in o |
bopin2020
/ TaskManagerSecret.c
Created
August 29, 2023 04:43
— forked from antonioCoco/TaskManagerSecret.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
bopin2020
/ InterfaceAddress.cs
Last active
June 8, 2023 19:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Reflection; | |
| using System.Runtime.CompilerServices; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| /* |
bopin2020
/ Export-MFT.ps1
Created
April 16, 2023 20:13
— forked from secabstraction/Export-MFT.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Export-MFT { | |
| <# | |
| .SYNOPSIS | |
| Extracts master file table from volume. | |
| Version: 0.1 | |
| Author : Jesse Davis (@secabstraction) | |
| License: BSD 3-Clause | |
| .DESCRIPTION |
bopin2020
/ Program.cs
Created
February 24, 2023 15:09
— forked from susMdT/Program.cs
C# Amsi bypass with hardware breakpint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Runtime.CompilerServices; | |
| using System.Net; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace Test | |
| { | |
| // CCOB IS THE GOAT |
bopin2020
/ COFF_With_Exception_handler.c
Created
February 20, 2023 14:47
— forked from freefirex/COFF_With_Exception_handler.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _WIN32_WINNT 0x0502 | |
| #define WINVER 0x0502 | |
| #include <windows.h> | |
| #include <errhandlingapi.h> | |
| #include <process.h> | |
| #include "beacon.h" | |
| WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler); | |
| DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr); | |
| DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval); |
bopin2020
/ Program.cs
Created
February 8, 2023 03:57
— forked from Washi1337/Program.cs
Injecting arbitrary code into PE Files using AsmResolver - https://washi.dev/blog/posts/import-patching/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using AsmResolver; | |
| using AsmResolver.PE; | |
| using AsmResolver.PE.Code; | |
| using AsmResolver.PE.File; | |
| using AsmResolver.PE.File.Headers; | |
| using AsmResolver.PE.Imports; | |
| using AsmResolver.PE.Imports.Builder; | |
| using AsmResolver.PE.Platforms; | |
| using AsmResolver.PE.Relocations; | |
| using AsmResolver.PE.Relocations.Builder; |
bopin2020
/ COFFParseLoad.cs
Created
January 1, 2023 13:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define HEADER | |
| #define OutputSection_Info | |
| #define RELOCATION | |
| #define SymbolTable | |
| #define StringTable | |
| using System; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using System.Linq; |
bopin2020
/ windowsUpdataScan.cpp
Created
October 9, 2022 10:23
— forked from 474172261/windowsUpdataScan.cpp
scan windows update patches and check if installed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <atlbase.h> | |
| #include <Wuapi.h> | |
| #include <wuerror.h> | |
| #include <list> | |
| #include <fstream> | |
| #include <MsXml.h> | |
| #include "atlbase.h" | |
| #include "atlstr.h" |
NewerOlder