Jean-François Maes jfmaes
curi0usJack
/ .htaccess
Last active
March 13, 2024 10:17
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
Arno0x
/ macro_evade_av_01.vba
Last active
October 12, 2023 23:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Author Arno0x0x - https://twitter.com/Arno0x0x | |
| ' | |
| ' This macro downloads an XML bibliography source file. | |
| ' The <Title> element of this XML file actually contains a base64 encoded MSOffice template | |
| ' which itself contains another malicious macro much more detectable (meterpreter for instance). | |
| ' | |
| ' The base64 encoded file (payload) is extracted from the XML file, decoded and saved on the temporary folder | |
| ' Only then, an new Office Word object is instantiated to load this Office Template and run a specific macro from it. | |
| ' | |
| ' This macro makes use of very basic tricks to evade potential sandbox analysis, such as popup windows, check of local printers |