fr0gger

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Thomas Roccia | IconDhash.py
# pip3 install lief
# pip3 install pillow
# resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html

import lief
import os
import argparse

hazcod

echo > CVE-2021-36934 fixer
echo See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

echo Deleting current shadow copies...
vssadmin delete shadows /all /quiet

echo Fixing privilege issue...
icacls %windir%\system32\config\*.* /inheritance:e

echo Creating brand new shadow copy...

boompig

from typing import Optional, Tuple, Set, List, Dict
import copy
import time
from argparse import ArgumentParser
import random
import json
import numpy as np
import os
import uuid
from types import SimpleNamespace

aaaddress1

// Exception-Based AMSI Bypass
// by aaaddress1@chroot.org
#include <amsi.h>
#include <iostream>
#include <Windows.h>
#pragma comment(lib, "amsi.lib")
#pragma comment(lib, "ole32.lib")
#pragma warning( disable : 4996 )

#define AMSIPROJECTNAME L"scanner"

terjanq

A TL;DR solution to Security Driven by @terjanq

For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)

• Link to the challenge: https://capturetheflag.withgoogle.com/challenges/web-security-driven
• Link to the PoC: https://github.com/google/google-ctf/tree/master/2021/quals/web-security-driven/solution

The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731) and only admin had access to it, because the file was private.

Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge

rqu1

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

hasherezade

#include <windows.h>
#include <iostream>

#include "ntddk.h"

bool enum_processes()
{
    ULONG retLen = 0;

    // check length:

someguynamedjosh

A Monad Tutorial

This is my attempt to create a tutorial which avoids the dreaded monad tutorial fallacy, while addressing some things I struggled with while reading about the topic.

First, an analogy: mapping functions

Let's define a mapping function as one which follows this pattern:

fn mapping_function(input: Type1) -> Type2;

chvancooten

#pragma once

// Code below is adapted from @modexpblog. Read linked article for more details.
// https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams

#ifndef SW2_HEADER_H_
#define SW2_HEADER_H_

#include <windows.h>
#include <winternl.h>

aslefhewqiwbepqwefbpqsciwueh

AAWTray.exe
alertsvc.exe
alevir.exe
alogserv.exe
amon9x.exe
anti-trojan.exe
antivirus.exe
ants.exe
apimonitor.exe
aplica32.exe