Philippe Lagadec decalage2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #def _tokenize(code, comments, comment_strings, containers): | |
| # """ | |
| # tokenizes sources code to find hardcoded strings | |
| # returns list of hardcoded strings | |
| # """ | |
| # string = container = comment_end = '' | |
| # state = 'look' | |
| # skip = 0 | |
| # comment = False | |
| # all_strings = [] |
mgraeber-rc
/ GetAppPackageTriageInfo.ps1
Created
December 28, 2023 18:46
A tool to perform rapid triage of decompressed application packages (.msix and .appx files).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Get-AppPackageTriageInfo { | |
| <# | |
| .SYNOPSIS | |
| A tool to perform rapid triage of decompressed application packages (.msix and .appx files). | |
| .DESCRIPTION | |
| Get-AppPackageTriageInfo parses key information from an uncompressed application package (.msix and .appx) without needing to first install it. |
X-C3LL
/ FreshyCalls-VBA.vba
Created
September 4, 2022 23:51
Retrieving SSN for syscalling in VBA following FreshyCalls technique
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Proof of Concept: retrieving SSN for syscalling in VBA | |
| ' Author: Juan Manuel Fernandez (@TheXC3LL) | |
| 'Based on: | |
| 'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ | |
| 'https://www.crummie5.club/freshycalls/ | |
| Private Type LARGE_INTEGER |
wdormann
/ dangerous.reg
Created
August 11, 2022 12:50
Have Windows treat dangerous files as, well, dangerous. List courtesy @Laughing_Mantis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations] | |
| "HighRiskFileTypes"=".appinstaller;.application;.appx;.appxbundle;.diagcab;.diagpkg;.diagcfg;.fluid;.fxb;.glb;.gltf;.library-ms;.loop;.msix;.partial;.perfmoncfg;.pko;.ply;.ppkg;.qds;.rat;.resmoncfg;.search-ms;.searchConnector-ms;.settingcontent-ms;.stl;.symlink;.theme;.themepack;.UDL;.url;.wab;.wbcat;.wcx;.website;.whiteboard;.xbap;.ZFSendToTarget;" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| from __future__ import print_function | |
| import os | |
| import sys | |
| try: | |
| import olefile |
kirk-sayre-work
/ gist:cee5cfb9d4bb1becc14fd1dd1df22601
Created
April 10, 2020 19:18
Unhide Very Hidden Excel 97 Sheets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Unhide all the very hidden sheets in an Office 97 Excel file. | |
| from __future__ import print_function | |
| import re | |
| import sys | |
| # Read in the Excel file for which to unhide sheets. | |
| fname = sys.argv[1] | |
| f = open(fname, 'rb') | |
| data = f.read() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from scapy.all import * | |
| from py2neo import Graph, Node, Relationship | |
| packets = rdpcap("<your_pcap_file>") | |
| g = Graph(password="<your_neo4j_password>") | |
| for packet in packets.sessions(): | |
| pkt = packet.split() |
Arno0x
/ shellcode.xlsm
Last active
May 13, 2023 23:22
XLM (Excel 4.0 macro) to execute a shellcode into Excel (32 bits) - French Macro code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL | |
| 1. Open Excel | |
| 2. Click on the active tab | |
| 3. Select "Insérer" | |
| 4. Click on "Macro MS Excel 4.0". | |
| 5. This will create a new worksheet called "Macro1" | |
| ================================================================================ | |
| In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://ghostbin.com/paste/4x325 | |
| <o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o><o> | |
| * * * * * * * * * * * * * * * * * * * * * | |
| * * | |
| * * | |
| * The Unofficial * | |
| * * |
infosecn1nja
/ ASR Rules Bypass.vba
Last active
March 3, 2024 22:28
ASR rules bypass creating child processes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
NewerOlder