dev2null dev-2null

## akagi_58a.c

typedef interface IEditionUpgradeManager IEditionUpgradeManager;

typedef struct IEditionUpgradeManagerVtbl {

    BEGIN_INTERFACE

    HRESULT(STDMETHODCALLTYPE *QueryInterface)(
        __RPC__in IEditionUpgradeManager * This,
        __RPC__in REFIID riid,

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              385 forks
            
          
                7 comments
              
            
              1151 stars
            
          
                TarlogicSecurity
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              May 14, 2019 13:33
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## msfvenom-reverse-tcp-WaitForSingleObject.md

      
              1 file
            
          
              25 forks
            
          
                12 comments
              
            
              53 stars
            
          
                mgeeky
                / msfvenom-reverse-tcp-WaitForSingleObject.md
            
            
              Last active
              January 16, 2025 19:33
            
              
                (OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.
              
          
    Looking for WaitForSingleObject call within modern msfvenom generated payload.


Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:

  
## Invoke-DCSync.ps1
function Invoke-DCSync
{
<#
.SYNOPSIS

Uses dcsync from mimikatz to collect NTLM hashes from the domain.

Author: @monoxgas
Improved by: @harmj0y

	typedef interface IEditionUpgradeManager IEditionUpgradeManager;

	typedef struct IEditionUpgradeManagerVtbl {

	BEGIN_INTERFACE

	HRESULT(STDMETHODCALLTYPE *QueryInterface)(
	__RPC__in IEditionUpgradeManager * This,
	__RPC__in REFIID riid,
	function Invoke-DCSync
	{
	<#
	.SYNOPSIS

	Uses dcsync from mimikatz to collect NTLM hashes from the domain.

	Author: @monoxgas
	Improved by: @harmj0y