jackson5 jackson5sec

## rdp_pack.cpp

/**
    Compression using undocumented API in rdpbase.dll

    RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH.

    This code supports all except NCRUSH.
    The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection.

    NCRUSH compression appears to work but fails for decompression.

## hashes.txt
0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5
003F6B0E35ADFFFCD277EBF1595136914789685A777CF93A937F3A0EBD4A463B
005BE4327DED378C051FE408F594124E3893171BC7D7809F0CFB9DC1F334DCD5
00A3848FC09150E51284553E74A6DFA18B4D07A86F69EF5104F78B7A8DA9C778
010168A3BCCA42B3706DAC7A8D07C192692053FB588D4CE7205B3B28987BC9ED
014104339BFA49DE78A4BAF25C9816B4247EA15F6713BF96B112727D50D6634C
0146A05EC4942A291EA2DB8E320D44445977676AD5C6D459FCAB50CD19970406
016510D1AB0628126F605168F59465C54787371F94DFC5EED2A3AC06D5CCF2C4
01701DF013DB380EB264424BFD7EB6D5AD37E221F5449E983637FF86BB652EEF
017FA1F83DCC61F1874EA9585DBB7CBF9E57843C687DE596DE3DE5E7592C297E

## vmware.md

      
              1 file
            
          
              39 forks
            
          
              43 comments
            
          
              110 stars
            
          
                ayebrian
                / vmware.md
            
            
              Last active
              June 17, 2024 09:44
            
              
                VMware ESXi 8 / vCenter 8 / Workstation 17 license key 2024
              
          
    Free VMware license keys, they should work. It works for all cores on your host system(ESXi).
vCenter Server 8 Standard


Key
Tested


4F282-0MLD2-M8869-T89G0-CF240
✅


0F41K-0MJ4H-M88U1-0C3N0-0A214
✅


vCenter Server 7


Key
Tested


## create_iso.cpp
#include <string>
#include <atlbase.h>
#include <imapi2fs.h>

void create_iso( std::wstring_view src, std::wstring_view iso_path )
{
    HRESULT hr;
    IFileSystemImage* fsimg;
    IFsiDirectoryItem* fsdir;
    IFileSystemImageResult* fsresult;

## Windows 10 Keys.txt
Home/Core                            TX9XD-98N7V-6WMQ6-BX7FG-H8Q99
Home/Core (Country Specific)         PVMJN-6DFY6-9CCP6-7BKTT-D3WVR
Home/Core (Single Language)          7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH
Home/Core N                          3KHY7-WNT83-DGQKR-F7HPR-844BM
Professional                         W269N-WFGWX-YVC9B-4J6C9-T83GX
Professional N                       MH37W-N47XK-V7XM9-C7227-GCQG9
Professional Enterprise
Professional Workstation
Enterprise                           NPPR9-FWDCX-D2C8J-H872K-2YT43
Enterprise N                         DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4

## macOS-IR-Forensics.md

      
              1 file
            
          
              18 forks
            
          
              2 comments
            
          
              118 stars
            
          
                0xmachos
                / macOS-IR-Forensics.md
            
            
              Last active
              June 5, 2024 01:58
            
              
                If someone wants to learn MacOS IR/forensics what’s the best resource for that?
              
          
Sarah Edwards (@iamevltwin)

mac4n6.com
SANS FOR518: Mac and iOS Forensic Analysis and Incident Response
Apple Pattern of Life Lazy Output'er


Unified Log

Howard Oakley @howardnoakley

Unified log: 1 why, what and how
Unified log: 2 content and extraction


Unified log: 3 finding your way


## bpf.c
#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/uio.h>
#include <unistd.h>
#include <string.h>
#include <sys/errno.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <net/bpf.h>

## DllRpcEndpointMapperPoc.cpp

#include <iostream>
#include <Windows.h>
#include <Lmcons.h> // UNLEN + GetUserName
#include <tlhelp32.h> // CreateToolhelp32Snapshot()
#include <strsafe.h>

extern "C" __declspec(dllexport) DWORD APIENTRY OpenPerfData(LPWSTR pContext);
extern "C" __declspec(dllexport) DWORD APIENTRY CollectPerfData(LPWSTR pQuery, PVOID* ppData, LPDWORD pcbData, LPDWORD pObjectsReturned);
extern "C" __declspec(dllexport) DWORD APIENTRY ClosePerfData();

## pulseversion.py
import requests
import sys
import re

HEADERS = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0"}

if len(sys.argv) != 2:
    print " Usage: python pulseversion.py <target ip/domain>"
    sys.exit(1)

## ShellcodeRDI.go
package main

/*
*
*  This is just a Go implementation of https://github.com/monoxgas/sRDI/
*  Useful if you're trying to generate shellcode for reflective DLL
*  injection in Go, otherwise probably not much use :)
*
*  The project, shellcode, most comments within this project
*  are all from the original project by @SilentBreakSec's Nick Landers (@monoxgas)

	/**
	Compression using undocumented API in rdpbase.dll

	RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH.

	This code supports all except NCRUSH.
	The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection.

	NCRUSH compression appears to work but fails for decompression.
	0021B5B11CEB03402D618134800A36C54E1C4328AD389D50B40EACC1E881DCB5
	003F6B0E35ADFFFCD277EBF1595136914789685A777CF93A937F3A0EBD4A463B
	005BE4327DED378C051FE408F594124E3893171BC7D7809F0CFB9DC1F334DCD5
	00A3848FC09150E51284553E74A6DFA18B4D07A86F69EF5104F78B7A8DA9C778
	010168A3BCCA42B3706DAC7A8D07C192692053FB588D4CE7205B3B28987BC9ED
	014104339BFA49DE78A4BAF25C9816B4247EA15F6713BF96B112727D50D6634C
	0146A05EC4942A291EA2DB8E320D44445977676AD5C6D459FCAB50CD19970406
	016510D1AB0628126F605168F59465C54787371F94DFC5EED2A3AC06D5CCF2C4
	01701DF013DB380EB264424BFD7EB6D5AD37E221F5449E983637FF86BB652EEF
	017FA1F83DCC61F1874EA9585DBB7CBF9E57843C687DE596DE3DE5E7592C297E
Key	Tested
4F282-0MLD2-M8869-T89G0-CF240	✅
0F41K-0MJ4H-M88U1-0C3N0-0A214	✅
	#include <string>
	#include <atlbase.h>
	#include <imapi2fs.h>

	void create_iso( std::wstring_view src, std::wstring_view iso_path )
	{
	HRESULT hr;
	IFileSystemImage* fsimg;
	IFsiDirectoryItem* fsdir;
	IFileSystemImageResult* fsresult;
	Home/Core TX9XD-98N7V-6WMQ6-BX7FG-H8Q99
	Home/Core (Country Specific) PVMJN-6DFY6-9CCP6-7BKTT-D3WVR
	Home/Core (Single Language) 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH
	Home/Core N 3KHY7-WNT83-DGQKR-F7HPR-844BM
	Professional W269N-WFGWX-YVC9B-4J6C9-T83GX
	Professional N MH37W-N47XK-V7XM9-C7227-GCQG9
	Professional Enterprise
	Professional Workstation
	Enterprise NPPR9-FWDCX-D2C8J-H872K-2YT43
	Enterprise N DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
	#include <stdlib.h>
	#include <stdio.h>
	#include <fcntl.h>
	#include <sys/uio.h>
	#include <unistd.h>
	#include <string.h>
	#include <sys/errno.h>
	#include <sys/types.h>
	#include <sys/ioctl.h>
	#include <net/bpf.h>

	#include <iostream>
	#include <Windows.h>
	#include <Lmcons.h> // UNLEN + GetUserName
	#include <tlhelp32.h> // CreateToolhelp32Snapshot()
	#include <strsafe.h>

	extern "C" __declspec(dllexport) DWORD APIENTRY OpenPerfData(LPWSTR pContext);
	extern "C" __declspec(dllexport) DWORD APIENTRY CollectPerfData(LPWSTR pQuery, PVOID* ppData, LPDWORD pcbData, LPDWORD pObjectsReturned);
	extern "C" __declspec(dllexport) DWORD APIENTRY ClosePerfData();
	import requests
	import sys
	import re

	HEADERS = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0"}

	if len(sys.argv) != 2:
	print " Usage: python pulseversion.py <target ip/domain>"
	sys.exit(1)
	package main

	/*
	*
	* This is just a Go implementation of https://github.com/monoxgas/sRDI/
	* Useful if you're trying to generate shellcode for reflective DLL
	* injection in Go, otherwise probably not much use :)
	*
	* The project, shellcode, most comments within this project
	* are all from the original project by @SilentBreakSec's Nick Landers (@monoxgas)