bopin2020
/ TaskManagerSecret.c
Created
August 29, 2023 04:43
— forked from antonioCoco/TaskManagerSecret.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TaskManagerSecret | |
| Author: @splinter_code | |
| This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
| The core of this hack is stealing and using a token containing the UIAccess flag set. | |
| A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
| From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
| This has been developed only for fun and shouldn't be used due to its high unreliability. |
bopin2020
/ Export-MFT.ps1
Created
April 16, 2023 20:13
— forked from secabstraction/Export-MFT.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Export-MFT { | |
| <# | |
| .SYNOPSIS | |
| Extracts master file table from volume. | |
| Version: 0.1 | |
| Author : Jesse Davis (@secabstraction) | |
| License: BSD 3-Clause | |
| .DESCRIPTION |
bopin2020
/ Program.cs
Created
February 24, 2023 15:09
— forked from susMdT/Program.cs
C# Amsi bypass with hardware breakpint
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Runtime.CompilerServices; | |
| using System.Net; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace Test | |
| { | |
| // CCOB IS THE GOAT |
bopin2020
/ COFF_With_Exception_handler.c
Created
February 20, 2023 14:47
— forked from freefirex/COFF_With_Exception_handler.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _WIN32_WINNT 0x0502 | |
| #define WINVER 0x0502 | |
| #include <windows.h> | |
| #include <errhandlingapi.h> | |
| #include <process.h> | |
| #include "beacon.h" | |
| WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler); | |
| DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr); | |
| DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval); |
bopin2020
/ Program.cs
Created
February 8, 2023 03:57
— forked from Washi1337/Program.cs
Injecting arbitrary code into PE Files using AsmResolver - https://washi.dev/blog/posts/import-patching/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using AsmResolver; | |
| using AsmResolver.PE; | |
| using AsmResolver.PE.Code; | |
| using AsmResolver.PE.File; | |
| using AsmResolver.PE.File.Headers; | |
| using AsmResolver.PE.Imports; | |
| using AsmResolver.PE.Imports.Builder; | |
| using AsmResolver.PE.Platforms; | |
| using AsmResolver.PE.Relocations; | |
| using AsmResolver.PE.Relocations.Builder; |
bopin2020
/ windowsUpdataScan.cpp
Created
October 9, 2022 10:23
— forked from 474172261/windowsUpdataScan.cpp
scan windows update patches and check if installed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <atlbase.h> | |
| #include <Wuapi.h> | |
| #include <wuerror.h> | |
| #include <list> | |
| #include <fstream> | |
| #include <MsXml.h> | |
| #include "atlbase.h" | |
| #include "atlstr.h" |
bopin2020
/ TcbElevation.cpp
Created
September 10, 2022 10:50
— forked from antonioCoco/TcbElevation.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TcbElevation - Authors: @splinter_code and @decoder_it | |
| #define SECURITY_WIN32 | |
| #include <windows.h> | |
| #include <sspi.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Secur32.lib") | |
| void EnableTcbPrivilege(BOOL enforceCheck); |
bopin2020
/ transport_https.c
Created
July 16, 2022 04:37
— forked from Cracked5pider/transport_https.c
perform HTTPs requests using WinHTTP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize ) | |
| { | |
| #ifdef TRANSPORT_HTTP | |
| HANDLE hConnect = NULL; | |
| HANDLE hSession = NULL; | |
| HANDLE hRequest = NULL; | |
| DWORD HttpFlags = 0; | |
| LPVOID RespBuffer = NULL; |
bopin2020
/ sccmdecryptpoc.cs
Created
July 4, 2022 02:56
— forked from xpn/sccmdecryptpoc.cs
SCCM Account Password Decryption POC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
| // Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| namespace SCCMDecryptPOC | |
| { | |
| internal class Program |
bopin2020
/ EventLogInject.cs
Created
May 9, 2022 00:45
POC to inject and extract shellcode from Windows Event Logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace HiddenEventLogs | |
| { |
NewerOlder