This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function getInvoices() { | |
var sheet = SpreadsheetApp.getActiveSpreadsheet().getActiveSheet(); | |
var folderId = ''; | |
var folder = DriveApp.getFolderById(folderId); | |
var threads = GmailApp.search('recepit OR invoice OR payment OR billing in:inbox'); | |
for (var i = 0; i < threads.length; i++) { | |
var messages = threads[i].getMessages(); | |
for (var j = 0; j < messages.length; j++) { | |
var date = messages[j].getDate(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import Flask, request, jsonify, Response | |
import os, glob, sys | |
from threading import Thread, Event | |
from multiprocessing import Process, cpu_count | |
from io import BytesIO as BytesIO | |
class RepeatingTimer(Thread): | |
def __init__(self, interval_seconds, callback): | |
super().__init__() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Any.Run uses agents inside the VM for analysis processes. By manipulating the threads of the agent it uses, we can blind ANY.RUN from logging, and we can exceed the maximum time by breaking the machine's timing counter. | |
https://github.com/Malwation/InceptionAttack | |
https://github.com/Malwation/research/tree/main/oatos-1/anyrun | |
https://malwation.com/offensive-approach-to-online-sandboxes-1-any-run/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Any.Run uses a fake root certificate to spy on traffic in the sandbox. The first information about the system can be obtained by querying the root certificate information. | |
The QEMU Agent application is modified and used to monitor the applications running in the virtual machine. In this way, api hooking and monitoring is performed. If a process named "srvpost.exe" is running and "winanr.dll", "winsanr.dll" libraries are loaded, we can fully understand that the Any.Run agent is running. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
def executer(args): | |
proc = subprocess.Popen(args,stdout=subprocess.PIPE) | |
return str(proc.communicate()[0]) | |
cert = executer(["powershell.exe", "-Command","Get-ChildItem","-Recurse","Cert:CurrentUser\My"]) | |
proc = executer(["powershell.exe","Get-Process"]) | |
dlls = executer(["listdlls.exe","srvpost.exe","/accepteula"]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Text.RegularExpressions; | |
namespace DoppSearcher | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ | |
string[] readeddata = File.ReadAllLines("3doppmod.json"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am kaganisildak on github. | |
* I am kagan_isildak (https://keybase.io/kagan_isildak) on keybase. | |
* I have a public key ASCrhYVzWlEisMlMsZMpn9vsV63o31m0gAjXysDqabalpgo | |
To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
format PE GUI | |
entry start | |
include 'win32a.inc' | |
define OBJ_CASE_INSENSITIVE 0x00000040 | |
FILE_READ_DATA = 0x0001 | |
FILE_READ_ATTRIBUTES = 0x0080 | |
FILE_READ_EA = 0x0008 | |
define FILE_GENERIC_READ (STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA) | |
define FILE_SUPERSEDE 0x00000000 | |
define FILE_NON_DIRECTORY_FILE 0x00000040 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*************** | |
* Simple Process Hollowing in C# | |
* | |
* #Build Your Binaries | |
* c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
* | |
* @author: Michael Gorelik <smgorelik@gmail.com> | |
* gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
* #Most of the code taken from here: @github: github.com/ambray |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage: findelevate.py C:\Windows\System32\ | |
# Needs sigcheck.exe in path [https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx] | |
import sys | |
import os | |
import glob | |
import subprocess | |
if len(sys.argv) < 2: | |
print "Usage: findelevate.py <PATH>" |
NewerOlder