Skip to content

Instantly share code, notes, and snippets.


evandrix evandrix

View GitHub Profile
andrea-mucci /
Last active Oct 9, 2021
create a timeseries for a reservation calendar
import pandas as pd
from datetime import datetime
def get_availabilities(start, end, freq, weekmask=None, bhours=None, bstop=None, holidays=None):
:param start: datetime
:param end: datetime
:param freq: int
10maurycy10 /
Last active Sep 21, 2021
a simple rust snippet to compute an AES/Rijndael Sbox.
// Substitution BOX, a lookup table to optimyze the substitution step
pub type Sbox = [u8; 256];
// shift 8 bits left
fn rot_l8(x: u8,shift: isize) -> u8 {
// check that input is in bounds
assert!(shift < 8);
assert!(shift > -8);
// actualy do it
((x) << (shift)) | ((x) >> (8 - (shift)))
jfmaes /
Last active Sep 10, 2021
extract hostnames based on SSL certificates
import requests
from socket import *
from requests.packages.urllib3.contrib import pyopenssl as reqs
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import argparse
import ipaddress
#import asyncio
ramimac / Cloud Security Orienteering
Last active Oct 7, 2021
A Checklist of Cloud Security Orienteering
View Cloud Security Orienteering

Cloud Security Orienteering: Checklist
by Rami McCarthy
via TL;DR sec

How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.

Based on the Cloud Security Orienteering methodology.


View IcedID_07_26_2021.txt
IcedID Dropper:
IcedID Dropper Analysis:
IcedID Dropper URL:
IcedID Loader Analysis:
IcedID Staging Server:
IcedID Loader Project ID: 1394912167
IcedID Core Analysis:
IcedID Core C2s:
gladiatx0r /
Last active Oct 17, 2021
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure


In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Thomas Roccia |
# pip3 install lief
# pip3 install pillow
# resource:
import lief
import os
import argparse
hazcod / CVE-2021-36934.bat
Created Jul 22, 2021
CVE-2021-36934 manual mitigation in commandprompt.
View CVE-2021-36934.bat
echo > CVE-2021-36934 fixer
echo See
echo Deleting current shadow copies...
vssadmin delete shadows /all /quiet
echo Fixing privilege issue...
icacls %windir%\system32\config\*.* /inheritance:e
echo Creating brand new shadow copy...
boompig /
Created Jul 20, 2021
3 solver implementations for send+more=money problem
from typing import Optional, Tuple, Set, List, Dict
import copy
import time
from argparse import ArgumentParser
import random
import json
import numpy as np
import os
import uuid
from types import SimpleNamespace
aaaddress1 / veh_AmsiBypass.cpp
Created Jul 20, 2021
(VEH) AMSI Bypass without Memory Patch
View veh_AmsiBypass.cpp
// Exception-Based AMSI Bypass
// by
#include <amsi.h>
#include <iostream>
#include <Windows.h>
#pragma comment(lib, "amsi.lib")
#pragma comment(lib, "ole32.lib")
#pragma warning( disable : 4996 )
#define AMSIPROJECTNAME L"scanner"