odzhan

//
// How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll
//
// @modexpblog
//

#define PHNT_VERSION PHNT_THRESHOLD
#include <phnt_windows.h>
#include <phnt.h>

aconite33

import requests
import json
import time
import argparse
import getpass
import os
import sys


def main():

HackingLZ

import csv
import requests
import argparse
from bs4 import BeautifulSoup
from colorama import Fore, Style, init

init(autoreset=True)

known_security_vendors = [
    'symantec', 'mcafee', 'trendmicro', 'kaspersky', 'bitdefender',

GeisericII

#!/usr/bin/python3
from __future__ import division
from __future__ import print_function
import re
import codecs
import logging
import time
import argparse
import sys
from impacket import version

leechristensen

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography import x509
from cryptography.x509.extensions import ExtensionType
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
import base64
import pyasn1

dmchell

using System;
using System.DirectoryServices;

namespace SharpApprover
{
    class Program
    {

        public static void SetAdInfo(string objectFilter,
                int objectValue, string LdapDomain)

gladiatx0r

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

• Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
• Relaying that machine authentication to LDAPS for configuring RBCD
• RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

gitjdm

popup attacks_other {
    item("Payload (Choose Exit Function)", { GenPayloadDialog(); });
}

sub GenPayloadDialog {
    $dialog = dialog("Payload", %(listener => "", arch => "", exitfunc => ""), &GenPayload);
    drow_listener_stage($dialog, "listener", "Listener: ");
    drow_combobox($dialog, "exitfunc", "Exit Function: ", @("thread", "process"));
    drow_combobox($dialog, "arch", "Arch: ", @("x64", "x86"));
    dbutton_action($dialog, "Generate");

daddycocoaman

##################################################
## PyDefenderCheck - Python implementation of DefenderCheck
##################################################
## Author: daddycocoaman
## Based on: https://github.com/matterpreter/DefenderCheck
##################################################


import argparse
import enum

ropnop

package main

/*
Example Go program with multiple .NET Binaries embedded

This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with:
	$ go get -u github.com/gobuffalo/packr/packr

Place all your EXEs are in a "binaries" folder