Skip to content

Instantly share code, notes, and snippets.

View fiercebrute's full-sized avatar

fiercebrute

4 followers · 0 following
View GitHub Profile
@HackingLZ
HackingLZ / altitude.py
Created April 19, 2023 13:29
altitude alert
import csv
import requests
import argparse
from bs4 import BeautifulSoup
from colorama import Fore, Style, init
init(autoreset=True)
known_security_vendors = [
'symantec', 'mcafee', 'trendmicro', 'kaspersky', 'bitdefender',
@hasherezade
hasherezade / injection_demos.md
Last active July 26, 2024 19:35
List of my PE injection demos
@CCob
CCob / rc4.cna
Created January 28, 2021 20:09
Aggressor Script for RC4 encryption
#RC4 encryption implementation using Java Crypto API
#Author: @_EthicalChaos_
import javax.crypto.spec.*;
import java.security.*;
import javax.crypto.*;
# $1 = plaintext, $2 = key
sub encryptRC4{
@rmdavy
rmdavy / x64FunctionPointer1.vba
Created December 16, 2020 21:52
x64FunctionPointerExample2
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As LongPtr, ByVal offsetinVft As LongPtr, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As LongPtr, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As LongPtr
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Const CC_STDCALL = 4
Private VType(0 To 63) As Integer, VPtr(0 To 63) As LongPtr
Sub SayHello()
@rmdavy
rmdavy / x64FunctionPointer.vba
Created December 16, 2020 20:13
x64FunctionPointerExample
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As LongPtr, ByVal offsetinVft As LongPtr, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As LongPtr, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As LongPtr
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Const CC_STDCALL = 4
Private VType(0 To 63) As Integer, VPtr(0 To 63) As LongPtr
Sub SayHello()
@rmdavy
rmdavy / functioninjection.vba
Created December 16, 2020 14:53
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As Long, ByVal offsetinVft As Long, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As Long, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Const CC_STDCALL = 4
Const MEM_COMMIT = &H1000
Const PAGE_EXECUTE_READWRITE = &H40
Private VType(0 To 63) As Integer, VPtr(0 To 63) As Long
@rmdavy
rmdavy / hookdetector.vba
Created December 8, 2020 09:38 — forked from X-C3LL/hookdetector.vba
VBA Macro to detect EDR Hooks (It's just a PoC)
Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr
Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long)
'VBA Macro that detects hooks made by EDRs
'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)
Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer
Dim address As LongPtr
@rmdavy
rmdavy / vba_advapi32_64-bit.vb
Created December 7, 2020 09:21 — forked from jrdmb/vba_advapi32_64-bit.vb
How to Use advapi32.dll Encryption Functions in 64-bit VBA
Option Compare Database
Option Explicit
'Reference: http://khoiriyyah.blogspot.com/2012/06/vb6-hash-class-md5-sha-1-sha-256-sha.html
'The above article is excellent but that code works for 32-bit Access/Excel only.
'This works on both 32-bit and 64-bit Access/Excel.
'Requires no dll References in the VB Editor. It uses advapi32.dll, which needs no Reference
' as these are Windows API calls only.
'I have not seen documented anywhere else on the Internet how to make these calls in 64-bit apps.
@rmdavy
rmdavy / FunctionPointers.bas
Created November 28, 2020 11:32
VBA Function Pointer Example
Attribute VB_Name = "Module1"
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As Long, ByVal offsetinVft As Long, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As Long, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Const CC_STDCALL = 4
Const MEM_COMMIT = &H1000
Const PAGE_EXECUTE_READWRITE = &H40
Private VType(0 To 63) As Integer, VPtr(0 To 63) As Long
@HarmJ0y
HarmJ0y / Jenkinsfile
Created November 2, 2020 23:15
Rubeus Jenkinsfile
@Library('ci-jenkins-common') _
// Jenkins build pipeline (declarative)
// Project: Seatbelt
// URL: https://github.com/GhostPack/Seatbelt
// Author: @tifkin_/@harmj0y
// Pipeline Author: harmj0y
def gitURL = "https://github.com/GhostPack/Seatbelt"