Matt Hand matterpreter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Thanks @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellcodeLoader | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
matterpreter
/ NtMonitor.py
Last active
February 27, 2024 09:38
Frida script to spawn a process and monitor Native API calls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import frida | |
| import sys | |
| def on_message(message, data): | |
| if message['type'] == 'send': | |
| print(message['payload']) | |
| elif message['type'] == 'error': | |
| print(message['stack']) | |
| else: | |
| print(message) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Thanks @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellcodeLoader | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
matterpreter
/ Count-PInvokes.ipynb
Created
February 24, 2022 20:17
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
matterpreter
/ CallTreeToJSON.py
Last active
April 29, 2023 12:06
Convert Ghidra Call Trees to JSON for Neo4j Ingestion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #@author matterpreter | |
| #@category | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| ### | |
| # To import to Neo4j: | |
| # CREATE CONSTRAINT function_name ON (n:Function) ASSERT n.name IS UNIQUE | |
| # |
matterpreter
/ abandonedInprocServer32.cs
Created
October 30, 2018 14:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Management; | |
| namespace ComAbandonment | |
| { | |
| public class ComAbandonment | |
| { |
matterpreter
/ GrantTokenPrivileges.cs
Created
September 14, 2019 12:43
Grant the current process token the specified privilege
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| public static void SetTokenPrivilege(ref IntPtr hToken, string privName) | |
| { | |
| Console.WriteLine("[*] Adding {0} to token", privName); | |
| LUID luid = new LUID(); | |
| if (!LookupPrivilegeValue(null, privName, ref luid)) | |
| { | |
| Console.WriteLine("[-] LookupPrivilegeValue failed!"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace UnkillableTest | |
| { | |
| class Program | |
| { | |
| [DllImport("ntdll.dll", SetLastError = true)] | |
| private static extern void RtlSetProcessIsCritical(uint bNew, uint pbOld, uint bNeedScb); |
matterpreter
/ FindTargetImports.cs
Last active
November 28, 2022 04:43
Search all PE files in a directory for ones which import a specific DLL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Concurrent; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Threading.Tasks; | |
| using PeNet; | |
| using PeNet.Header.Pe; |
matterpreter
/ IRP Structure
Last active
August 9, 2022 18:38
(Semi)Full IRP Structure in Win10 1903
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0: kd> dt -b nt!_IRP | |
| +0x000 Type : Int2B | |
| +0x002 Size : Uint2B | |
| +0x004 AllocationProcessorNumber : Uint2B | |
| +0x006 Reserved : Uint2B | |
| +0x008 MdlAddress : Ptr64 | |
| +0x010 Flags : Uint4B | |
| +0x018 AssociatedIrp : <anonymous-tag> | |
| +0x000 MasterIrp : Ptr64 | |
| +0x000 IrpCount : Int4B |
NewerOlder